OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <sys/mman.h> | 8 #include <sys/mman.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
119 if (IsBaselinePolicyAllowed(sysno)) { | 119 if (IsBaselinePolicyAllowed(sysno)) { |
120 return Allow(); | 120 return Allow(); |
121 } | 121 } |
122 | 122 |
123 #if defined(OS_ANDROID) | 123 #if defined(OS_ANDROID) |
124 // Needed for thread creation. | 124 // Needed for thread creation. |
125 if (sysno == __NR_sigaltstack) | 125 if (sysno == __NR_sigaltstack) |
126 return Allow(); | 126 return Allow(); |
127 #endif | 127 #endif |
128 | 128 |
| 129 if (sysno == __NR_clock_gettime) { |
| 130 return RestrictClockID(); |
| 131 } |
| 132 |
129 if (sysno == __NR_clone) { | 133 if (sysno == __NR_clone) { |
130 return RestrictCloneToThreadsAndEPERMFork(); | 134 return RestrictCloneToThreadsAndEPERMFork(); |
131 } | 135 } |
132 | 136 |
133 if (sysno == __NR_fcntl) | 137 if (sysno == __NR_fcntl) |
134 return RestrictFcntlCommands(); | 138 return RestrictFcntlCommands(); |
135 | 139 |
136 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 140 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
137 if (sysno == __NR_fcntl64) | 141 if (sysno == __NR_fcntl64) |
138 return RestrictFcntlCommands(); | 142 return RestrictFcntlCommands(); |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
247 DCHECK_EQ(syscall(__NR_getpid), current_pid_); | 251 DCHECK_EQ(syscall(__NR_getpid), current_pid_); |
248 } | 252 } |
249 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno); | 253 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno); |
250 } | 254 } |
251 | 255 |
252 ResultExpr BaselinePolicy::InvalidSyscall() const { | 256 ResultExpr BaselinePolicy::InvalidSyscall() const { |
253 return CrashSIGSYS(); | 257 return CrashSIGSYS(); |
254 } | 258 } |
255 | 259 |
256 } // namespace sandbox. | 260 } // namespace sandbox. |
OLD | NEW |