Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc

Issue 2523253002: Convert use_seccomp_bpf to the BUILDFLAG system. (Closed)
Patch Set: Rebase Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/nacl/loader/sandbox_linux/BUILD.gn ('k') | content/BUILD.gn » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h"
6 6
7 #include <memory> 7 #include <memory>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/macros.h" 10 #include "base/macros.h"
11 #include "build/build_config.h" 11 #include "build/build_config.h"
12 #include "sandbox/sandbox_features.h"
12 13
13 #if defined(USE_SECCOMP_BPF) 14 #if BUILDFLAG(USE_SECCOMP_BPF)
14 15
15 #include <errno.h> 16 #include <errno.h>
16 #include <signal.h> 17 #include <signal.h>
17 #include <sys/ptrace.h> 18 #include <sys/ptrace.h>
18 #include <sys/types.h> 19 #include <sys/types.h>
19 #include <unistd.h> 20 #include <unistd.h>
20 21
21 #include "base/callback.h" 22 #include "base/callback.h"
22 #include "base/command_line.h" 23 #include "base/command_line.h"
23 #include "base/compiler_specific.h" 24 #include "base/compiler_specific.h"
24 #include "base/files/scoped_file.h" 25 #include "base/files/scoped_file.h"
25 #include "base/logging.h" 26 #include "base/logging.h"
26 #include "components/nacl/common/nacl_switches.h" 27 #include "components/nacl/common/nacl_switches.h"
27 #include "content/public/common/sandbox_init.h" 28 #include "content/public/common/sandbox_init.h"
28 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 29 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
29 #include "sandbox/linux/bpf_dsl/policy.h" 30 #include "sandbox/linux/bpf_dsl/policy.h"
30 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 31 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
31 #include "sandbox/linux/system_headers/linux_syscalls.h" 32 #include "sandbox/linux/system_headers/linux_syscalls.h"
32 33
33 #endif // defined(USE_SECCOMP_BPF) 34 #endif // BUILDFLAG(USE_SECCOMP_BPF)
34 35
35 namespace nacl { 36 namespace nacl {
36 37
37 #if defined(USE_SECCOMP_BPF) 38 #if BUILDFLAG(USE_SECCOMP_BPF)
38 39
39 namespace { 40 namespace {
40 41
41 using sandbox::bpf_dsl::Allow; 42 using sandbox::bpf_dsl::Allow;
42 using sandbox::bpf_dsl::Error; 43 using sandbox::bpf_dsl::Error;
43 using sandbox::bpf_dsl::ResultExpr; 44 using sandbox::bpf_dsl::ResultExpr;
44 45
45 class NaClBPFSandboxPolicy : public sandbox::bpf_dsl::Policy { 46 class NaClBPFSandboxPolicy : public sandbox::bpf_dsl::Policy {
46 public: 47 public:
47 NaClBPFSandboxPolicy() 48 NaClBPFSandboxPolicy()
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after
156 // Without the sandbox on, this ptrace call would ESRCH instead. 157 // Without the sandbox on, this ptrace call would ESRCH instead.
157 CHECK_EQ(EPERM, errno); 158 CHECK_EQ(EPERM, errno);
158 } 159 }
159 160
160 } // namespace 161 } // namespace
161 162
162 #else 163 #else
163 164
164 #error "Seccomp-bpf disabled on supported architecture!" 165 #error "Seccomp-bpf disabled on supported architecture!"
165 166
166 #endif // defined(USE_SECCOMP_BPF) 167 #endif // BUILDFLAG(USE_SECCOMP_BPF)
167 168
168 bool InitializeBPFSandbox(base::ScopedFD proc_fd) { 169 bool InitializeBPFSandbox(base::ScopedFD proc_fd) {
169 #if defined(USE_SECCOMP_BPF) 170 #if BUILDFLAG(USE_SECCOMP_BPF)
170 bool sandbox_is_initialized = content::InitializeSandbox( 171 bool sandbox_is_initialized = content::InitializeSandbox(
171 std::unique_ptr<sandbox::bpf_dsl::Policy>(new NaClBPFSandboxPolicy), 172 std::unique_ptr<sandbox::bpf_dsl::Policy>(new NaClBPFSandboxPolicy),
172 std::move(proc_fd)); 173 std::move(proc_fd));
173 if (sandbox_is_initialized) { 174 if (sandbox_is_initialized) {
174 RunSandboxSanityChecks(); 175 RunSandboxSanityChecks();
175 return true; 176 return true;
176 } 177 }
177 #endif // defined(USE_SECCOMP_BPF) 178 #endif // BUILDFLAG(USE_SECCOMP_BPF)
178 return false; 179 return false;
179 } 180 }
180 181
181 } // namespace nacl 182 } // namespace nacl
OLDNEW
« no previous file with comments | « components/nacl/loader/sandbox_linux/BUILD.gn ('k') | content/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698