sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc - Issue 315383003: Linux sandbox: restrict prctl in the baseline.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc

Issue 315383003: Linux sandbox: restrict prctl in the baseline. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Android header workaround. Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"	5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"

6	6

7 #include "build/build_config.h"	7 #include "build/build_config.h"

8 #include "sandbox/linux/services/linux_syscalls.h"	8 #include "sandbox/linux/services/linux_syscalls.h"

9	9

10 namespace sandbox {	10 namespace sandbox {

(...skipping 528 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
539 #endif	539 #endif

540 case __NR_sendmmsg: // Could specify destination.	540 case __NR_sendmmsg: // Could specify destination.

541 case __NR_splice:	541 case __NR_splice:

542 case __NR_tee:	542 case __NR_tee:

543 case __NR_vmsplice:	543 case __NR_vmsplice:

544 default:	544 default:

545 return false;	545 return false;

546 }	546 }

547 }	547 }

548	548

549 bool SyscallSets::IsAllowedPrctl(int sysno) {	549 bool SyscallSets::IsPrctl(int sysno) {

550 switch (sysno) {	550 switch (sysno) {

	551 #if defined(__x86_64__)

	552 case __NR_arch_prctl:

	553 #endif

551 case __NR_prctl:	554 case __NR_prctl:

552 return true;	555 return true;

553 default:	556 default:

554 #if defined(__x86_64__)

555 case __NR_arch_prctl:

556 #endif

557 return false;	557 return false;

558 }	558 }

559 }	559 }

560	560

561 bool SyscallSets::IsAllowedBasicScheduler(int sysno) {	561 bool SyscallSets::IsAllowedBasicScheduler(int sysno) {

562 switch (sysno) {	562 switch (sysno) {

563 case __NR_sched_yield:	563 case __NR_sched_yield:

564 case __NR_pause:	564 case __NR_pause:

565 case __NR_nanosleep:	565 case __NR_nanosleep:

566 return true;	566 return true;

(...skipping 404 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
971 case __ARM_NR_usr26:	971 case __ARM_NR_usr26:

972 case __ARM_NR_usr32:	972 case __ARM_NR_usr32:

973 return true;	973 return true;

974 default:	974 default:

975 return false;	975 return false;

976 }	976 }

977 }	977 }

978 #endif // defined(__arm__)	978 #endif // defined(__arm__)

979	979

980 } // namespace sandbox.	980 } // namespace sandbox.

OLD	NEW

« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_sets.h ('k') | no next file » | no next file with comments »