| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/android/seccomp_support_detector.h" | 5 #include "chrome/browser/android/seccomp_support_detector.h" |
| 6 | 6 |
| 7 #include <stdio.h> | 7 #include <stdio.h> |
| 8 #include <sys/utsname.h> | 8 #include <sys/utsname.h> |
| 9 | 9 |
| 10 #include "base/metrics/histogram_macros.h" | 10 #include "base/metrics/histogram_macros.h" |
| 11 #include "base/metrics/sparse_histogram.h" | 11 #include "base/metrics/sparse_histogram.h" |
| 12 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
| 13 #include "sandbox/sandbox_features.h" |
| 13 | 14 |
| 14 #if defined(USE_SECCOMP_BPF) | 15 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 15 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 16 #endif | 17 #endif |
| 17 | 18 |
| 18 using content::BrowserThread; | 19 using content::BrowserThread; |
| 19 | 20 |
| 20 enum AndroidSeccompStatus { | 21 enum AndroidSeccompStatus { |
| 21 // DETECTION_FAILED was formerly used when probing for seccomp was done | 22 // DETECTION_FAILED was formerly used when probing for seccomp was done |
| 22 // out-of-process. There does not appear to be a gain in doing so, as | 23 // out-of-process. There does not appear to be a gain in doing so, as |
| 23 // explained in the comment in DetectSeccomp(). This enum remains for | 24 // explained in the comment in DetectSeccomp(). This enum remains for |
| 24 // historical reasons. | 25 // historical reasons. |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 60 if (sscanf(uts.release, "%d.%d", &major, &minor) == 2) { | 61 if (sscanf(uts.release, "%d.%d", &major, &minor) == 2) { |
| 61 int version = ((major & 0xFFFF) << 16) | (minor & 0xFFFF); | 62 int version = ((major & 0xFFFF) << 16) | (minor & 0xFFFF); |
| 62 UMA_HISTOGRAM_SPARSE_SLOWLY("Android.KernelVersion", version); | 63 UMA_HISTOGRAM_SPARSE_SLOWLY("Android.KernelVersion", version); |
| 63 } | 64 } |
| 64 } | 65 } |
| 65 } | 66 } |
| 66 | 67 |
| 67 void SeccompSupportDetector::DetectSeccomp() { | 68 void SeccompSupportDetector::DetectSeccomp() { |
| 68 DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread()); | 69 DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread()); |
| 69 | 70 |
| 70 #if defined(USE_SECCOMP_BPF) | 71 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 71 bool prctl_supported = sandbox::SandboxBPF::SupportsSeccompSandbox( | 72 bool prctl_supported = sandbox::SandboxBPF::SupportsSeccompSandbox( |
| 72 sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED); | 73 sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED); |
| 73 #else | 74 #else |
| 74 bool prctl_supported = false; | 75 bool prctl_supported = false; |
| 75 #endif | 76 #endif |
| 76 | 77 |
| 77 UMA_HISTOGRAM_ENUMERATION("Android.SeccompStatus.Prctl", | 78 UMA_HISTOGRAM_ENUMERATION("Android.SeccompStatus.Prctl", |
| 78 prctl_supported ? SUPPORTED : NOT_SUPPORTED, | 79 prctl_supported ? SUPPORTED : NOT_SUPPORTED, |
| 79 LAST_STATUS); | 80 LAST_STATUS); |
| 80 | 81 |
| 81 // Probing for the seccomp syscall can provoke kernel panics in certain LGE | 82 // Probing for the seccomp syscall can provoke kernel panics in certain LGE |
| 82 // devices. For now, this data will not be collected. In the future, this | 83 // devices. For now, this data will not be collected. In the future, this |
| 83 // should detect SeccompLevel::MULTI_THREADED. http://crbug.com/478478 | 84 // should detect SeccompLevel::MULTI_THREADED. http://crbug.com/478478 |
| 84 } | 85 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2523253002:
Convert use_seccomp_bpf to the BUILDFLAG system. (Closed)
