Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(450)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc

Issue 449333002: Remove shared worker process related codes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/sandbox_linux/sandbox_linux.cc ('k') | content/common/sandbox_mac.mm » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/stat.h> 10 #include <sys/stat.h>
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 // Allow all syscalls. 107 // Allow all syscalls.
108 // This will still deny x32 or IA32 calls in 64 bits mode or 108 // This will still deny x32 or IA32 calls in 64 bits mode or
109 // 64 bits system calls in compatibility mode. 109 // 64 bits system calls in compatibility mode.
110 ResultExpr AllowAllPolicy::EvaluateSyscall(int sysno) const { 110 ResultExpr AllowAllPolicy::EvaluateSyscall(int sysno) const {
111 return Allow(); 111 return Allow();
112 } 112 }
113 113
114 // If a BPF policy is engaged for |process_type|, run a few sanity checks. 114 // If a BPF policy is engaged for |process_type|, run a few sanity checks.
115 void RunSandboxSanityChecks(const std::string& process_type) { 115 void RunSandboxSanityChecks(const std::string& process_type) {
116 if (process_type == switches::kRendererProcess || 116 if (process_type == switches::kRendererProcess ||
117 process_type == switches::kWorkerProcess ||
118 process_type == switches::kGpuProcess || 117 process_type == switches::kGpuProcess ||
119 process_type == switches::kPpapiPluginProcess) { 118 process_type == switches::kPpapiPluginProcess) {
120 int syscall_ret; 119 int syscall_ret;
121 errno = 0; 120 errno = 0;
122 121
123 // Without the sandbox, this would EBADF. 122 // Without the sandbox, this would EBADF.
124 syscall_ret = fchmod(-1, 07777); 123 syscall_ret = fchmod(-1, 07777);
125 CHECK_EQ(-1, syscall_ret); 124 CHECK_EQ(-1, syscall_ret);
126 CHECK_EQ(EPERM, errno); 125 CHECK_EQ(EPERM, errno);
127 126
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
173 } 172 }
174 } 173 }
175 174
176 // Initialize the seccomp-bpf sandbox. 175 // Initialize the seccomp-bpf sandbox.
177 bool StartBPFSandbox(const CommandLine& command_line, 176 bool StartBPFSandbox(const CommandLine& command_line,
178 const std::string& process_type) { 177 const std::string& process_type) {
179 scoped_ptr<SandboxBPFBasePolicy> policy; 178 scoped_ptr<SandboxBPFBasePolicy> policy;
180 179
181 if (process_type == switches::kGpuProcess) { 180 if (process_type == switches::kGpuProcess) {
182 policy.reset(GetGpuProcessSandbox().release()); 181 policy.reset(GetGpuProcessSandbox().release());
183 } else if (process_type == switches::kRendererProcess || 182 } else if (process_type == switches::kRendererProcess) {
184 process_type == switches::kWorkerProcess) {
185 policy.reset(new RendererProcessPolicy); 183 policy.reset(new RendererProcessPolicy);
186 } else if (process_type == switches::kPpapiPluginProcess) { 184 } else if (process_type == switches::kPpapiPluginProcess) {
187 policy.reset(new PpapiProcessPolicy); 185 policy.reset(new PpapiProcessPolicy);
188 } else if (process_type == switches::kUtilityProcess) { 186 } else if (process_type == switches::kUtilityProcess) {
189 policy.reset(new UtilityProcessPolicy); 187 policy.reset(new UtilityProcessPolicy);
190 } else { 188 } else {
191 NOTREACHED(); 189 NOTREACHED();
192 policy.reset(new AllowAllPolicy); 190 policy.reset(new AllowAllPolicy);
193 } 191 }
194 192
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
286 scoped_ptr<sandbox::SandboxBPFPolicy> 284 scoped_ptr<sandbox::SandboxBPFPolicy>
287 SandboxSeccompBPF::GetBaselinePolicy() { 285 SandboxSeccompBPF::GetBaselinePolicy() {
288 #if defined(USE_SECCOMP_BPF) 286 #if defined(USE_SECCOMP_BPF)
289 return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy); 287 return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy);
290 #else 288 #else
291 return scoped_ptr<sandbox::SandboxBPFPolicy>(); 289 return scoped_ptr<sandbox::SandboxBPFPolicy>();
292 #endif // defined(USE_SECCOMP_BPF) 290 #endif // defined(USE_SECCOMP_BPF)
293 } 291 }
294 292
295 } // namespace content 293 } // namespace content
OLDNEW
« no previous file with comments | « content/common/sandbox_linux/sandbox_linux.cc ('k') | content/common/sandbox_mac.mm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698