Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(229)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc

Issue 333823002: Apply renderer sandbox to utility processes. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix comment artifact Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/common/sandbox_linux/bpf_utility_policy_linux.cc ('k') | content/content_common.gypi » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/stat.h> 10 #include <sys/stat.h>
11 #include <sys/stat.h> 11 #include <sys/stat.h>
12 #include <sys/types.h> 12 #include <sys/types.h>
13 #include <sys/types.h> 13 #include <sys/types.h>
14 14
15 #include "base/basictypes.h" 15 #include "base/basictypes.h"
16 #include "base/command_line.h" 16 #include "base/command_line.h"
17 #include "base/logging.h" 17 #include "base/logging.h"
18 #include "build/build_config.h" 18 #include "build/build_config.h"
19 #include "content/public/common/content_switches.h" 19 #include "content/public/common/content_switches.h"
20 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" 20 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
21 21
22 #if defined(USE_SECCOMP_BPF) 22 #if defined(USE_SECCOMP_BPF)
23 23
24 #include "base/posix/eintr_wrapper.h" 24 #include "base/posix/eintr_wrapper.h"
25 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" 25 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h"
26 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" 26 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
27 #include "content/common/sandbox_linux/bpf_ppapi_policy_linux.h" 27 #include "content/common/sandbox_linux/bpf_ppapi_policy_linux.h"
28 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h" 28 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h"
29 #include "content/common/sandbox_linux/bpf_utility_policy_linux.h"
29 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" 30 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
30 #include "content/common/sandbox_linux/sandbox_linux.h" 31 #include "content/common/sandbox_linux/sandbox_linux.h"
31 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" 32 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
32 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 33 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
33 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 34 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
34 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 35 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
35 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 36 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
36 #include "sandbox/linux/services/linux_syscalls.h" 37 #include "sandbox/linux/services/linux_syscalls.h"
37 38
38 using sandbox::BaselinePolicy; 39 using sandbox::BaselinePolicy;
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after
187 scoped_ptr<SandboxBPFBasePolicy> policy; 188 scoped_ptr<SandboxBPFBasePolicy> policy;
188 189
189 if (process_type == switches::kGpuProcess) { 190 if (process_type == switches::kGpuProcess) {
190 policy.reset(GetGpuProcessSandbox().release()); 191 policy.reset(GetGpuProcessSandbox().release());
191 } else if (process_type == switches::kRendererProcess || 192 } else if (process_type == switches::kRendererProcess ||
192 process_type == switches::kWorkerProcess) { 193 process_type == switches::kWorkerProcess) {
193 policy.reset(new RendererProcessPolicy); 194 policy.reset(new RendererProcessPolicy);
194 } else if (process_type == switches::kPpapiPluginProcess) { 195 } else if (process_type == switches::kPpapiPluginProcess) {
195 policy.reset(new PpapiProcessPolicy); 196 policy.reset(new PpapiProcessPolicy);
196 } else if (process_type == switches::kUtilityProcess) { 197 } else if (process_type == switches::kUtilityProcess) {
197 policy.reset(new BlacklistDebugAndNumaPolicy); 198 policy.reset(new UtilityProcessPolicy);
198 } else { 199 } else {
199 NOTREACHED(); 200 NOTREACHED();
200 policy.reset(new AllowAllPolicy); 201 policy.reset(new AllowAllPolicy);
201 } 202 }
202 203
203 CHECK(policy->PreSandboxHook()); 204 CHECK(policy->PreSandboxHook());
204 StartSandboxWithPolicy(policy.release()); 205 StartSandboxWithPolicy(policy.release());
205 206
206 RunSandboxSanityChecks(process_type); 207 RunSandboxSanityChecks(process_type);
207 return true; 208 return true;
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
294 scoped_ptr<sandbox::SandboxBPFPolicy> 295 scoped_ptr<sandbox::SandboxBPFPolicy>
295 SandboxSeccompBPF::GetBaselinePolicy() { 296 SandboxSeccompBPF::GetBaselinePolicy() {
296 #if defined(USE_SECCOMP_BPF) 297 #if defined(USE_SECCOMP_BPF)
297 return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy); 298 return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy);
298 #else 299 #else
299 return scoped_ptr<sandbox::SandboxBPFPolicy>(); 300 return scoped_ptr<sandbox::SandboxBPFPolicy>();
300 #endif // defined(USE_SECCOMP_BPF) 301 #endif // defined(USE_SECCOMP_BPF)
301 } 302 }
302 303
303 } // namespace content 304 } // namespace content
OLDNEW
« no previous file with comments | « content/common/sandbox_linux/bpf_utility_policy_linux.cc ('k') | content/content_common.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698