OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/renderer_main_platform_delegate.h" | 5 #include "content/renderer/renderer_main_platform_delegate.h" |
6 | 6 |
7 #include "base/android/build_info.h" | 7 #include "base/android/build_info.h" |
8 #include "base/feature_list.h" | 8 #include "base/feature_list.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/macros.h" | 10 #include "base/macros.h" |
11 #include "base/metrics/histogram_macros.h" | 11 #include "base/metrics/histogram_macros.h" |
| 12 #include "sandbox/sandbox_features.h" |
12 | 13 |
13 #ifdef USE_SECCOMP_BPF | 14 #if BUILDFLAG(USE_SECCOMP_BPF) |
14 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h
" | 15 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h
" |
15 #include "content/public/common/content_features.h" | 16 #include "content/public/common/content_features.h" |
16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 17 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
17 #endif | 18 #endif |
18 | 19 |
19 namespace content { | 20 namespace content { |
20 | 21 |
21 namespace { | 22 namespace { |
22 | 23 |
23 // Scoper class to record a SeccompSandboxStatus UMA value. | 24 // Scoper class to record a SeccompSandboxStatus UMA value. |
(...skipping 16 matching lines...) Expand all Loading... |
40 STATUS_MAX); | 41 STATUS_MAX); |
41 } | 42 } |
42 | 43 |
43 void set_status(SeccompSandboxStatus status) { status_ = status; } | 44 void set_status(SeccompSandboxStatus status) { status_ = status; } |
44 | 45 |
45 private: | 46 private: |
46 SeccompSandboxStatus status_; | 47 SeccompSandboxStatus status_; |
47 DISALLOW_COPY_AND_ASSIGN(RecordSeccompStatus); | 48 DISALLOW_COPY_AND_ASSIGN(RecordSeccompStatus); |
48 }; | 49 }; |
49 | 50 |
50 #ifdef USE_SECCOMP_BPF | 51 #if BUILDFLAG(USE_SECCOMP_BPF) |
51 // Determines if the running device should support Seccomp, based on the Android | 52 // Determines if the running device should support Seccomp, based on the Android |
52 // SDK version. | 53 // SDK version. |
53 bool IsSeccompBPFSupportedBySDK() { | 54 bool IsSeccompBPFSupportedBySDK() { |
54 auto* info = base::android::BuildInfo::GetInstance(); | 55 auto* info = base::android::BuildInfo::GetInstance(); |
55 if (info->sdk_int() < 22) { | 56 if (info->sdk_int() < 22) { |
56 // Seccomp was never available pre-Lollipop. | 57 // Seccomp was never available pre-Lollipop. |
57 return false; | 58 return false; |
58 } else if (info->sdk_int() == 22) { | 59 } else if (info->sdk_int() == 22) { |
59 // On Lollipop-MR1, only select Nexus devices have Seccomp available. | 60 // On Lollipop-MR1, only select Nexus devices have Seccomp available. |
60 const char* const kDevices[] = { | 61 const char* const kDevices[] = { |
(...skipping 24 matching lines...) Expand all Loading... |
85 | 86 |
86 void RendererMainPlatformDelegate::PlatformInitialize() { | 87 void RendererMainPlatformDelegate::PlatformInitialize() { |
87 } | 88 } |
88 | 89 |
89 void RendererMainPlatformDelegate::PlatformUninitialize() { | 90 void RendererMainPlatformDelegate::PlatformUninitialize() { |
90 } | 91 } |
91 | 92 |
92 bool RendererMainPlatformDelegate::EnableSandbox() { | 93 bool RendererMainPlatformDelegate::EnableSandbox() { |
93 RecordSeccompStatus status_uma; | 94 RecordSeccompStatus status_uma; |
94 | 95 |
95 #ifdef USE_SECCOMP_BPF | 96 #if BUILDFLAG(USE_SECCOMP_BPF) |
96 // Determine if Seccomp is available via the Android SDK version. | 97 // Determine if Seccomp is available via the Android SDK version. |
97 if (!IsSeccompBPFSupportedBySDK()) | 98 if (!IsSeccompBPFSupportedBySDK()) |
98 return true; | 99 return true; |
99 | 100 |
100 // Do run-time detection to ensure that support is present. | 101 // Do run-time detection to ensure that support is present. |
101 if (!sandbox::SandboxBPF::SupportsSeccompSandbox( | 102 if (!sandbox::SandboxBPF::SupportsSeccompSandbox( |
102 sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)) { | 103 sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)) { |
103 status_uma.set_status(RecordSeccompStatus::DETECTION_FAILED); | 104 status_uma.set_status(RecordSeccompStatus::DETECTION_FAILED); |
104 LOG(WARNING) << "Seccomp support should be present, but detection " | 105 LOG(WARNING) << "Seccomp support should be present, but detection " |
105 << "failed. Continuing without Seccomp-BPF."; | 106 << "failed. Continuing without Seccomp-BPF."; |
(...skipping 10 matching lines...) Expand all Loading... |
116 | 117 |
117 status_uma.set_status(RecordSeccompStatus::ENGAGED); | 118 status_uma.set_status(RecordSeccompStatus::ENGAGED); |
118 } else { | 119 } else { |
119 status_uma.set_status(RecordSeccompStatus::FEATURE_DISABLED); | 120 status_uma.set_status(RecordSeccompStatus::FEATURE_DISABLED); |
120 } | 121 } |
121 #endif | 122 #endif |
122 return true; | 123 return true; |
123 } | 124 } |
124 | 125 |
125 } // namespace content | 126 } // namespace content |
OLD | NEW |