Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1039)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc

Issue 2313393003: [Android] Allow __NR_rt_tgsigqueueinfo under seccomp. (Closed)
Patch Set: const pid member Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
diff --git a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
index 4cd502d8487729950a891e6fc610a0bb946c35c5..a2384c9c440c54dbdaa6b12a78fd88decea23034 100644
--- a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
+++ b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
@@ -50,7 +50,8 @@ BoolExpr RestrictSocketArguments(const Arg<int>& domain,
} // namespace
SandboxBPFBasePolicyAndroid::SandboxBPFBasePolicyAndroid()
- : SandboxBPFBasePolicy() {}
+ : SandboxBPFBasePolicy(),
+ pid_(getpid()) {}
SandboxBPFBasePolicyAndroid::~SandboxBPFBasePolicyAndroid() {}
@@ -122,6 +123,13 @@ ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const {
break;
}
+ // https://crbug.com/644759
+ if (sysno == __NR_rt_tgsigqueueinfo) {
+ const Arg<pid_t> tgid(0);
+ return If(tgid == pid_, Allow())
+ .Else(Error(EPERM));
+ }
+
#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
defined(__mips__)
if (sysno == __NR_socket) {
« no previous file with comments | « content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698