| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <linux/net.h> | 9 #include <linux/net.h> |
| 10 #include <sys/prctl.h> | 10 #include <sys/prctl.h> |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 155 case __NR_getgid32: | 155 case __NR_getgid32: |
| 156 case __NR_getuid32: | 156 case __NR_getuid32: |
| 157 #endif | 157 #endif |
| 158 case __NR_getegid: | 158 case __NR_getegid: |
| 159 case __NR_geteuid: | 159 case __NR_geteuid: |
| 160 case __NR_getgid: | 160 case __NR_getgid: |
| 161 case __NR_getuid: | 161 case __NR_getuid: |
| 162 // tcmalloc calls madvise in TCMalloc_SystemRelease. | 162 // tcmalloc calls madvise in TCMalloc_SystemRelease. |
| 163 case __NR_madvise: | 163 case __NR_madvise: |
| 164 // EPERM instead of SIGSYS as glibc tries to open files in /proc. | 164 // EPERM instead of SIGSYS as glibc tries to open files in /proc. |
| 165 // openat via opendir via get_nprocs_conf and open via get_nprocs. |
| 165 // TODO(hamaji): Remove this when we switch to newlib. | 166 // TODO(hamaji): Remove this when we switch to newlib. |
| 166 case __NR_open: | 167 case __NR_open: |
| 168 case __NR_openat: |
| 167 // For RunSandboxSanityChecks(). | 169 // For RunSandboxSanityChecks(). |
| 168 case __NR_ptrace: | 170 case __NR_ptrace: |
| 169 // glibc uses this for its pthread implementation. If we return | 171 // glibc uses this for its pthread implementation. If we return |
| 170 // EPERM for this, glibc will stop using this. | 172 // EPERM for this, glibc will stop using this. |
| 171 // TODO(hamaji): newlib does not use this. Make this SIGTRAP once | 173 // TODO(hamaji): newlib does not use this. Make this SIGTRAP once |
| 172 // we have switched to newlib. | 174 // we have switched to newlib. |
| 173 case __NR_set_robust_list: | 175 case __NR_set_robust_list: |
| 174 // This is obsolete in ARM EABI, but x86 glibc indirectly calls | 176 // This is obsolete in ARM EABI, but x86 glibc indirectly calls |
| 175 // this in sysconf. | 177 // this in sysconf. |
| 176 #if defined(__i386__) || defined(__x86_64__) | 178 #if defined(__i386__) || defined(__x86_64__) |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 305 scoped_ptr<sandbox::SandboxBPFPolicy>( | 307 scoped_ptr<sandbox::SandboxBPFPolicy>( |
| 306 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy())); | 308 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy())); |
| 307 if (!sandbox_is_initialized) | 309 if (!sandbox_is_initialized) |
| 308 return false; | 310 return false; |
| 309 RunSandboxSanityChecks(); | 311 RunSandboxSanityChecks(); |
| 310 return true; | 312 return true; |
| 311 } | 313 } |
| 312 | 314 |
| 313 } // namespace nonsfi | 315 } // namespace nonsfi |
| 314 } // namespace nacl | 316 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 509783003:
Non-SFI NaCl: Allow openat system call to gracefully fail on BareMetal seccomp-bpf. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src