OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <asm/unistd.h> | 5 #include <asm/unistd.h> |
6 #include <dlfcn.h> | 6 #include <dlfcn.h> |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <linux/net.h> | 9 #include <linux/net.h> |
10 #include <signal.h> | 10 #include <signal.h> |
(...skipping 1946 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1957 // out-of-process plug-ins. | 1957 // out-of-process plug-ins. |
1958 return FlashProcessPolicy; | 1958 return FlashProcessPolicy; |
1959 } | 1959 } |
1960 | 1960 |
1961 if (process_type == switches::kRendererProcess || | 1961 if (process_type == switches::kRendererProcess || |
1962 process_type == switches::kWorkerProcess) { | 1962 process_type == switches::kWorkerProcess) { |
1963 return RendererOrWorkerProcessPolicy; | 1963 return RendererOrWorkerProcessPolicy; |
1964 } | 1964 } |
1965 | 1965 |
1966 if (process_type == switches::kUtilityProcess) { | 1966 if (process_type == switches::kUtilityProcess) { |
| 1967 // TODO(jorgelo): review sandbox initialization in utility_main.cc if we |
| 1968 // change this policy. |
1967 return BlacklistDebugAndNumaPolicy; | 1969 return BlacklistDebugAndNumaPolicy; |
1968 } | 1970 } |
1969 | 1971 |
1970 NOTREACHED(); | 1972 NOTREACHED(); |
1971 // This will be our default if we need one. | 1973 // This will be our default if we need one. |
1972 return AllowAllPolicy; | 1974 return AllowAllPolicy; |
1973 } | 1975 } |
1974 | 1976 |
1975 // broker_process can be NULL if there is no need for one. | 1977 // broker_process can be NULL if there is no need for one. |
1976 void StartSandboxWithPolicy(Sandbox::EvaluateSyscall syscall_policy, | 1978 void StartSandboxWithPolicy(Sandbox::EvaluateSyscall syscall_policy, |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2078 return false; | 2080 return false; |
2079 } | 2081 } |
2080 | 2082 |
2081 #if defined(SECCOMP_BPF_SANDBOX) | 2083 #if defined(SECCOMP_BPF_SANDBOX) |
2082 playground2::BpfSandboxPolicyCallback SandboxSeccompBpf::GetBaselinePolicy() { | 2084 playground2::BpfSandboxPolicyCallback SandboxSeccompBpf::GetBaselinePolicy() { |
2083 return base::Bind(&BaselinePolicyWithAux); | 2085 return base::Bind(&BaselinePolicyWithAux); |
2084 } | 2086 } |
2085 #endif // defined(SECCOMP_BPF_SANDBOX) | 2087 #endif // defined(SECCOMP_BPF_SANDBOX) |
2086 | 2088 |
2087 } // namespace content | 2089 } // namespace content |
OLD | NEW |