Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc

Issue 317373003: Merge 274934 "Linux sandbox: restrict futex operations." (Closed) Base URL: svn://svn.chromium.org/chrome/branches/1985/src/
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_sets.h ('k') | sandbox/linux/services/android_futex.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
6 6
7 #include "build/build_config.h" 7 #include "build/build_config.h"
8 #include "sandbox/linux/services/linux_syscalls.h" 8 #include "sandbox/linux/services/linux_syscalls.h"
9 9
10 namespace sandbox { 10 namespace sandbox {
(...skipping 356 matching lines...) Expand 10 before | Expand all | Expand 10 after
367 #endif 367 #endif
368 case __NR_set_tid_address: 368 case __NR_set_tid_address:
369 case __NR_unshare: 369 case __NR_unshare:
370 case __NR_vfork: 370 case __NR_vfork:
371 default: 371 default:
372 return false; 372 return false;
373 } 373 }
374 } 374 }
375 375
376 // It's difficult to restrict those, but there is attack surface here. 376 // It's difficult to restrict those, but there is attack surface here.
377 bool SyscallSets::IsFutex(int sysno) { 377 bool SyscallSets::IsAllowedFutex(int sysno) {
378 switch (sysno) { 378 switch (sysno) {
379 case __NR_futex:
380 case __NR_get_robust_list: 379 case __NR_get_robust_list:
381 case __NR_set_robust_list: 380 case __NR_set_robust_list:
382 return true; 381 return true;
382 case __NR_futex:
383 default: 383 default:
384 return false; 384 return false;
385 } 385 }
386 } 386 }
387 387
388 bool SyscallSets::IsAllowedEpoll(int sysno) { 388 bool SyscallSets::IsAllowedEpoll(int sysno) {
389 switch (sysno) { 389 switch (sysno) {
390 case __NR_epoll_create: 390 case __NR_epoll_create:
391 case __NR_epoll_create1: 391 case __NR_epoll_create1:
392 case __NR_epoll_ctl: 392 case __NR_epoll_ctl:
(...skipping 578 matching lines...) Expand 10 before | Expand all | Expand 10 after
971 case __ARM_NR_usr26: 971 case __ARM_NR_usr26:
972 case __ARM_NR_usr32: 972 case __ARM_NR_usr32:
973 return true; 973 return true;
974 default: 974 default:
975 return false; 975 return false;
976 } 976 }
977 } 977 }
978 #endif // defined(__arm__) 978 #endif // defined(__arm__)
979 979
980 } // namespace sandbox. 980 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_sets.h ('k') | sandbox/linux/services/android_futex.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698