| Index: content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
|
| diff --git a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
|
| index fed5af39a1a7e43a96ca3fdb04b8eec62f893970..be6a91c6c6791819910d2e2a63068fa6a4b78c4b 100644
|
| --- a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
|
| +++ b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
|
| @@ -37,8 +37,6 @@
|
| #ifndef SOCK_NONBLOCK
|
| #define SOCK_NONBLOCK O_NONBLOCK
|
| #endif
|
| -
|
| -#define CASES SANDBOX_BPF_DSL_CASES
|
|
|
| namespace {
|
|
|
| @@ -179,26 +177,16 @@
|
| // documented to be a valid errno, but we will use it anyways.
|
| return Error(EPERM);
|
| }
|
| -
|
| - // https://crbug.com/682488
|
| - if (sysno == __NR_getsockopt || sysno == __NR_setsockopt) {
|
| - // The baseline policy applies other restrictions to these syscalls.
|
| - const Arg<int> level(1);
|
| - const Arg<int> option(2);
|
| - return If(AllOf(level == SOL_SOCKET, option == SO_SNDTIMEO), Allow())
|
| - .Else(SandboxBPFBasePolicy::EvaluateSyscall(sysno));
|
| - }
|
| #elif defined(__i386__)
|
| if (sysno == __NR_socketcall) {
|
| - // The baseline policy allows other socketcall sub-calls.
|
| const Arg<int> socketcall(0);
|
| - return Switch(socketcall)
|
| - .CASES((SYS_CONNECT,
|
| - SYS_SOCKET,
|
| - SYS_SETSOCKOPT,
|
| - SYS_GETSOCKOPT),
|
| - Allow())
|
| - .Default(SandboxBPFBasePolicy::EvaluateSyscall(sysno));
|
| + const Arg<int> domain(1);
|
| + const Arg<int> type(2);
|
| + const Arg<int> protocol(3);
|
| + return If(socketcall == SYS_CONNECT, Allow())
|
| + .ElseIf(socketcall == SYS_SOCKET, Allow())
|
| + .ElseIf(socketcall == SYS_GETSOCKOPT, Allow())
|
| + .Else(Error(EPERM));
|
| }
|
| #endif
|
|
|
|
|
Chromium Code Reviews
Issue 2675783003:
Revert of [Android] Allow get/setsockopt SOL_SOCKET SO_SNDTIMEO. (Closed)
