Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/renderer_main_platform_delegate_android.cc

Issue 180783019: [Android] Define a baseline seccomp-bpf sandbox policy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fun With Flags! Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc ('K') | « content/public/common/content_switches.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/renderer_main_platform_delegate_android.cc
diff --git a/content/renderer/renderer_main_platform_delegate_android.cc b/content/renderer/renderer_main_platform_delegate_android.cc
index 4a19706360269bd76526fc348869c5c37775a198..4ed98e4bdfbad0a7f97c77b7a448c44009616988 100644
--- a/content/renderer/renderer_main_platform_delegate_android.cc
+++ b/content/renderer/renderer_main_platform_delegate_android.cc
@@ -3,15 +3,45 @@
// found in the LICENSE file.
#include "content/renderer/renderer_main_platform_delegate.h"
+
+#include "base/command_line.h"
#include "base/logging.h"
+#include "base/rand_util.h"
+#include "base/sys_info.h"
+#include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h"
+#include "content/public/common/content_switches.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "third_party/skia/include/ports/SkFontConfigInterface.h"
+#include "v8/include/v8.h"
#ifdef ENABLE_VTUNE_JIT_INTERFACE
-#include "content/public/common/content_switches.h"
#include "v8/src/third_party/vtune/v8-vtune.h"
#endif
namespace content {
+namespace {
+
+bool GenerateEntropy(unsigned char* buffer, size_t length) {
+ base::RandBytes(buffer, length);
+ return true;
+}
+
+void PreSandboxWarmUp() {
+ base::RandUint64();
+
+ base::SysInfo::AmountOfPhysicalMemory();
jochen (gone - plz use gerrit) 2014/04/10 07:37:42 add base::SysInfo::AmountOfVirtualMemory()
Robert Sesek 2014/04/10 14:36:24 See below.
+ base::SysInfo::MaxSharedMemorySize();
+ base::SysInfo::NumberOfProcessors();
+
+ v8::V8::SetEntropySource(&GenerateEntropy);
+ v8::V8::Initialize();
jochen (gone - plz use gerrit) 2014/04/10 07:37:42 can you explain why you add this here? This confli
Robert Sesek 2014/04/10 14:36:24 Thanks for calling this out. All of this was lefto
+
+ SkFontConfigInterface::GetSingletonDirectInterface();
+}
+
+} // namespace
+
RendererMainPlatformDelegate::RendererMainPlatformDelegate(
const MainFunctionParams& parameters)
: parameters_(parameters) {
@@ -36,6 +66,16 @@ bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
}
bool RendererMainPlatformDelegate::EnableSandbox() {
+ if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
+ switches::kEnableSeccompFilterSandbox)) {
+ return true;
+ }
+
+ PreSandboxWarmUp();
+
+ sandbox::SandboxBPF sandbox;
+ sandbox.SetSandboxPolicy(new SandboxBPFBasePolicyAndroid());
+ CHECK(sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_MULTI_THREADED));
return true;
}
« content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc ('K') | « content/public/common/content_switches.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698