Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(17)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/renderer_main_platform_delegate_android.cc

Issue 2523253002: Convert use_seccomp_bpf to the BUILDFLAG system. (Closed)
Patch Set: Rebase Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/renderer/BUILD.gn ('k') | sandbox/BUILD.gn » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/renderer_main_platform_delegate.h" 5 #include "content/renderer/renderer_main_platform_delegate.h"
6 6
7 #include "base/android/build_info.h" 7 #include "base/android/build_info.h"
8 #include "base/feature_list.h" 8 #include "base/feature_list.h"
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/macros.h" 10 #include "base/macros.h"
11 #include "base/metrics/histogram_macros.h" 11 #include "base/metrics/histogram_macros.h"
12 #include "sandbox/sandbox_features.h"
12 13
13 #ifdef USE_SECCOMP_BPF 14 #if BUILDFLAG(USE_SECCOMP_BPF)
14 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h " 15 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h "
15 #include "content/public/common/content_features.h" 16 #include "content/public/common/content_features.h"
16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 17 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
17 #endif 18 #endif
18 19
19 namespace content { 20 namespace content {
20 21
21 namespace { 22 namespace {
22 23
23 // Scoper class to record a SeccompSandboxStatus UMA value. 24 // Scoper class to record a SeccompSandboxStatus UMA value.
(...skipping 16 matching lines...) Expand all
40 STATUS_MAX); 41 STATUS_MAX);
41 } 42 }
42 43
43 void set_status(SeccompSandboxStatus status) { status_ = status; } 44 void set_status(SeccompSandboxStatus status) { status_ = status; }
44 45
45 private: 46 private:
46 SeccompSandboxStatus status_; 47 SeccompSandboxStatus status_;
47 DISALLOW_COPY_AND_ASSIGN(RecordSeccompStatus); 48 DISALLOW_COPY_AND_ASSIGN(RecordSeccompStatus);
48 }; 49 };
49 50
50 #ifdef USE_SECCOMP_BPF 51 #if BUILDFLAG(USE_SECCOMP_BPF)
51 // Determines if the running device should support Seccomp, based on the Android 52 // Determines if the running device should support Seccomp, based on the Android
52 // SDK version. 53 // SDK version.
53 bool IsSeccompBPFSupportedBySDK() { 54 bool IsSeccompBPFSupportedBySDK() {
54 auto* info = base::android::BuildInfo::GetInstance(); 55 auto* info = base::android::BuildInfo::GetInstance();
55 if (info->sdk_int() < 22) { 56 if (info->sdk_int() < 22) {
56 // Seccomp was never available pre-Lollipop. 57 // Seccomp was never available pre-Lollipop.
57 return false; 58 return false;
58 } else if (info->sdk_int() == 22) { 59 } else if (info->sdk_int() == 22) {
59 // On Lollipop-MR1, only select Nexus devices have Seccomp available. 60 // On Lollipop-MR1, only select Nexus devices have Seccomp available.
60 const char* const kDevices[] = { 61 const char* const kDevices[] = {
(...skipping 24 matching lines...) Expand all
85 86
86 void RendererMainPlatformDelegate::PlatformInitialize() { 87 void RendererMainPlatformDelegate::PlatformInitialize() {
87 } 88 }
88 89
89 void RendererMainPlatformDelegate::PlatformUninitialize() { 90 void RendererMainPlatformDelegate::PlatformUninitialize() {
90 } 91 }
91 92
92 bool RendererMainPlatformDelegate::EnableSandbox() { 93 bool RendererMainPlatformDelegate::EnableSandbox() {
93 RecordSeccompStatus status_uma; 94 RecordSeccompStatus status_uma;
94 95
95 #ifdef USE_SECCOMP_BPF 96 #if BUILDFLAG(USE_SECCOMP_BPF)
96 // Determine if Seccomp is available via the Android SDK version. 97 // Determine if Seccomp is available via the Android SDK version.
97 if (!IsSeccompBPFSupportedBySDK()) 98 if (!IsSeccompBPFSupportedBySDK())
98 return true; 99 return true;
99 100
100 // Do run-time detection to ensure that support is present. 101 // Do run-time detection to ensure that support is present.
101 if (!sandbox::SandboxBPF::SupportsSeccompSandbox( 102 if (!sandbox::SandboxBPF::SupportsSeccompSandbox(
102 sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)) { 103 sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)) {
103 status_uma.set_status(RecordSeccompStatus::DETECTION_FAILED); 104 status_uma.set_status(RecordSeccompStatus::DETECTION_FAILED);
104 LOG(WARNING) << "Seccomp support should be present, but detection " 105 LOG(WARNING) << "Seccomp support should be present, but detection "
105 << "failed. Continuing without Seccomp-BPF."; 106 << "failed. Continuing without Seccomp-BPF.";
(...skipping 10 matching lines...) Expand all
116 117
117 status_uma.set_status(RecordSeccompStatus::ENGAGED); 118 status_uma.set_status(RecordSeccompStatus::ENGAGED);
118 } else { 119 } else {
119 status_uma.set_status(RecordSeccompStatus::FEATURE_DISABLED); 120 status_uma.set_status(RecordSeccompStatus::FEATURE_DISABLED);
120 } 121 }
121 #endif 122 #endif
122 return true; 123 return true;
123 } 124 }
124 125
125 } // namespace content 126 } // namespace content
OLDNEW
« no previous file with comments | « content/renderer/BUILD.gn ('k') | sandbox/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698