Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(722)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

Issue 566083002: Linux sandbox: restrict clock_gettime() and clock_getres() (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/sandbox_linux/bpf_renderer_policy_linux.cc ('k') | sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 45de129e24be031c0a2e729f2a8e07af31e56572..eb2a3077cc5a94714bc1612007f288a3367375b1 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -126,6 +126,10 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
return Allow();
#endif
+ if (sysno == __NR_clock_gettime) {
+ return RestrictClockID();
+ }
+
if (sysno == __NR_clone) {
return RestrictCloneToThreadsAndEPERMFork();
}
« no previous file with comments | « content/common/sandbox_linux/bpf_renderer_policy_linux.cc ('k') | sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698