Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(408)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 430363003: Linux sandbox: restrict setpriority() in baseline policy. (Closed)

Created:
6 years, 4 months ago by jln (very slow on Chromium)
Modified:
6 years, 3 months ago
Reviewers:
mdempsky
CC:
chromium-reviews, jln+watch_chromium.org
Project:
chromium
Visibility:
Public.

Description

Linux sandbox: restrict {set,get}priority() in baseline policy. In the baseline policy, we restrict setpriority() to |which| == PRIO_PROCESS and (|who| == 0) || (|who| == current_pid). This doesn't affect most policies which allow setpriority() unconditionally but allows baseline unittests to pass on Android. BUG=398611, 399473 R=mdempsky@chromium.org Committed: https://crrev.com/a007c724bf0aea0450abf43daefa3b0a4e298bd2 Cr-Commit-Position: refs/heads/master@{#294422}

Patch Set 1 : #

Patch Set 2 : Better comment and rename. #

Total comments: 2

Patch Set 3 : Address nit. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+54 lines, -1 line) Patch
M sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc View 1 2 chunks +4 lines, -1 line 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc View 2 chunks +36 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h View 1 1 chunk +4 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc View 1 2 2 chunks +10 lines, -0 lines 0 comments Download

Messages

Total messages: 9 (3 generated)
jln (very slow on Chromium)
Matthew: PTAL!
6 years, 3 months ago (2014-09-09 02:18:49 UTC) #3
mdempsky
lgtm https://codereview.chromium.org/430363003/diff/40001/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc File sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc (right): https://codereview.chromium.org/430363003/diff/40001/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc#newcode247 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc:247: bpf_dsl::ResultExpr RestrictGetSetpriority(pid_t target_pid) { There's a "using bpf_dsl::ResultExpr" ...
6 years, 3 months ago (2014-09-11 17:40:24 UTC) #4
jln (very slow on Chromium)
https://codereview.chromium.org/430363003/diff/40001/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc File sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc (right): https://codereview.chromium.org/430363003/diff/40001/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc#newcode247 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc:247: bpf_dsl::ResultExpr RestrictGetSetpriority(pid_t target_pid) { On 2014/09/11 17:40:24, mdempsky wrote: ...
6 years, 3 months ago (2014-09-11 17:46:32 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patchset/430363003/60001
6 years, 3 months ago (2014-09-11 18:09:33 UTC) #7
jln (very slow on Chromium)
Committed patchset #3 (id:60001) to pending queue manually as e3f8858 (presubmit successful).
6 years, 3 months ago (2014-09-11 18:23:13 UTC) #8
commit-bot: I haz the power
6 years, 3 months ago (2014-09-11 18:43:09 UTC) #9
Message was sent while issue was closed. 
Patchset 3 (id:??) landed as
https://crrev.com/a007c724bf0aea0450abf43daefa3b0a4e298bd2
Cr-Commit-Position: refs/heads/master@{#294422}

Powered by Google App Engine
This is Rietveld 408576698