OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "content/common/android/sandbox_bpf_base_policy_android.h" | |
6 | |
7 #include <sys/types.h> | |
8 | |
9 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" | |
10 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | |
11 | |
12 namespace content { | |
13 | |
14 SandboxBPFBasePolicyAndroid::SandboxBPFBasePolicyAndroid() | |
15 : SandboxBPFBasePolicy() {} | |
16 | |
17 SandboxBPFBasePolicyAndroid::~SandboxBPFBasePolicyAndroid() {} | |
18 | |
19 sandbox::ErrorCode SandboxBPFBasePolicyAndroid::EvaluateSyscall( | |
20 sandbox::SandboxBPF* sandbox, | |
21 int sysno) const { | |
22 bool allowed = false; | |
23 | |
24 switch (sysno) { | |
25 case __NR_open: | |
jln (very slow on Chromium)
2014/03/31 22:57:43
libc have tended in the past to deprecate open in
Robert Sesek
2014/04/08 20:33:45
Added __NR_openat and put __NR_open behind __aarch
| |
26 | |
jln (very slow on Chromium)
2014/03/31 22:57:43
Why the extra space?
Robert Sesek
2014/04/08 20:33:45
Done.
| |
27 case __NR_uname: | |
28 | |
29 case __NR_flock: | |
jln (very slow on Chromium)
2014/03/31 22:57:43
Please, sort these in alphabetical order
Robert Sesek
2014/04/08 20:33:45
Done.
| |
30 case __NR_sigaltstack: | |
31 case __NR_rt_sigtimedwait: | |
32 case __NR_mremap: | |
33 case __NR_ioctl: | |
34 case __NR_pread64: | |
35 case __NR_getpriority: | |
36 case __NR_setpriority: | |
37 case __NR_ugetrlimit: | |
38 allowed = true; | |
39 break; | |
40 } | |
41 | |
42 if (allowed) | |
jln (very slow on Chromium)
2014/03/31 22:57:43
Nit: I find the construct a bit misleading, becaus
Robert Sesek
2014/04/08 20:33:45
Done.
| |
43 return sandbox::ErrorCode(sandbox::ErrorCode::ERR_ALLOWED); | |
44 | |
45 return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); | |
46 } | |
47 | |
48 } // namespace content | |
OLD | NEW |