Index: sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc |
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..06288a44764a85b1fd0efc52cccbb7fa2f0765f9 |
--- /dev/null |
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc |
@@ -0,0 +1,47 @@ |
+// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.h" |
+ |
+#include <sys/types.h> |
+ |
+#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" |
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
+ |
+namespace sandbox { |
+ |
+BaselinePolicyAndroid::BaselinePolicyAndroid() |
+ : BaselinePolicy() {} |
+ |
+BaselinePolicyAndroid::~BaselinePolicyAndroid() {} |
+ |
+ErrorCode BaselinePolicyAndroid::EvaluateSyscall(SandboxBPF* sandbox, |
+ int sysno) const { |
+ bool allowed = false; |
+ |
+ switch (sysno) { |
+ case __NR_open: |
jln (very slow on Chromium)
2014/03/07 01:30:30
Very excited if this works!
We may want to experi
Robert Sesek
2014/03/25 21:57:17
Yes, this does work! This mostly appears to be rea
|
+ |
+ case __NR_uname: |
+ |
+ case __NR_flock: |
+ case __NR_sigaltstack: |
+ case __NR_rt_sigtimedwait: |
+ case __NR_mremap: |
+ case __NR_ioctl: |
+ case __NR_pread64: |
+ case __NR_getpriority: |
+ case __NR_setpriority: |
+ case __NR_ugetrlimit: |
+ allowed = true; |
+ break; |
+ } |
+ |
+ if (allowed) |
+ return ErrorCode(ErrorCode::ERR_ALLOWED); |
+ |
+ return BaselinePolicy::EvaluateSyscall(sandbox, sysno); |
+} |
+ |
+} // namespace sandbox |