| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <linux/net.h> | 9 #include <linux/net.h> |
| 10 #include <sys/prctl.h> | 10 #include <sys/prctl.h> |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 147 // epoll_create fails. | 147 // epoll_create fails. |
| 148 case __NR_epoll_create: | 148 case __NR_epoll_create: |
| 149 // third_party/libevent uses them, but we can just return -1 from | 149 // third_party/libevent uses them, but we can just return -1 from |
| 150 // them as it is just checking getuid() != geteuid() and | 150 // them as it is just checking getuid() != geteuid() and |
| 151 // getgid() != getegid() | 151 // getgid() != getegid() |
| 152 #if defined(__i386__) || defined(__arm__) | 152 #if defined(__i386__) || defined(__arm__) |
| 153 case __NR_getegid32: | 153 case __NR_getegid32: |
| 154 case __NR_geteuid32: | 154 case __NR_geteuid32: |
| 155 case __NR_getgid32: | 155 case __NR_getgid32: |
| 156 case __NR_getuid32: | 156 case __NR_getuid32: |
| 157 #elif defined(__x86_64__) | 157 #endif |
| 158 case __NR_getegid: | 158 case __NR_getegid: |
| 159 case __NR_geteuid: | 159 case __NR_geteuid: |
| 160 case __NR_getgid: | 160 case __NR_getgid: |
| 161 case __NR_getuid: | 161 case __NR_getuid: |
| 162 #endif | |
| 163 // tcmalloc calls madvise in TCMalloc_SystemRelease. | 162 // tcmalloc calls madvise in TCMalloc_SystemRelease. |
| 164 case __NR_madvise: | 163 case __NR_madvise: |
| 165 // EPERM instead of SIGSYS as glibc tries to open files in /proc. | 164 // EPERM instead of SIGSYS as glibc tries to open files in /proc. |
| 166 // TODO(hamaji): Remove this when we switch to newlib. | 165 // TODO(hamaji): Remove this when we switch to newlib. |
| 167 case __NR_open: | 166 case __NR_open: |
| 168 // For RunSandboxSanityChecks(). | 167 // For RunSandboxSanityChecks(). |
| 169 case __NR_ptrace: | 168 case __NR_ptrace: |
| 170 // glibc uses this for its pthread implementation. If we return | 169 // glibc uses this for its pthread implementation. If we return |
| 171 // EPERM for this, glibc will stop using this. | 170 // EPERM for this, glibc will stop using this. |
| 172 // TODO(hamaji): newlib does not use this. Make this SIGTRAP once | 171 // TODO(hamaji): newlib does not use this. Make this SIGTRAP once |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 307 scoped_ptr<sandbox::SandboxBPFPolicy>( | 306 scoped_ptr<sandbox::SandboxBPFPolicy>( |
| 308 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy())); | 307 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy())); |
| 309 if (!sandbox_is_initialized) | 308 if (!sandbox_is_initialized) |
| 310 return false; | 309 return false; |
| 311 RunSandboxSanityChecks(); | 310 RunSandboxSanityChecks(); |
| 312 return true; | 311 return true; |
| 313 } | 312 } |
| 314 | 313 |
| 315 } // namespace nonsfi | 314 } // namespace nonsfi |
| 316 } // namespace nacl | 315 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 248633004:
Non-SFI NaCl: Clean up seccomp for syscalls which return EPERM (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src