| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <sched.h> | 8 #include <sched.h> |
| 9 #include <sys/syscall.h> | 9 #include <sys/syscall.h> |
| 10 #include <time.h> | 10 #include <time.h> |
| (...skipping 26 matching lines...) Expand all Loading... |
| 37 | 37 |
| 38 using sandbox::bpf_dsl::Allow; | 38 using sandbox::bpf_dsl::Allow; |
| 39 using sandbox::bpf_dsl::ResultExpr; | 39 using sandbox::bpf_dsl::ResultExpr; |
| 40 using sandbox::bpf_dsl::SandboxBPFDSLPolicy; | 40 using sandbox::bpf_dsl::SandboxBPFDSLPolicy; |
| 41 | 41 |
| 42 class RestrictClockIdPolicy : public SandboxBPFDSLPolicy { | 42 class RestrictClockIdPolicy : public SandboxBPFDSLPolicy { |
| 43 public: | 43 public: |
| 44 RestrictClockIdPolicy() {} | 44 RestrictClockIdPolicy() {} |
| 45 virtual ~RestrictClockIdPolicy() {} | 45 virtual ~RestrictClockIdPolicy() {} |
| 46 | 46 |
| 47 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE { | 47 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 48 switch (sysno) { | 48 switch (sysno) { |
| 49 case __NR_clock_gettime: | 49 case __NR_clock_gettime: |
| 50 case __NR_clock_getres: | 50 case __NR_clock_getres: |
| 51 return RestrictClockID(); | 51 return RestrictClockID(); |
| 52 default: | 52 default: |
| 53 return Allow(); | 53 return Allow(); |
| 54 } | 54 } |
| 55 } | 55 } |
| 56 }; | 56 }; |
| 57 | 57 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 84 | 84 |
| 85 // A custom BPF tester delegate to run IsRunningOnChromeOS() before | 85 // A custom BPF tester delegate to run IsRunningOnChromeOS() before |
| 86 // the sandbox is enabled because we cannot run it with non-SFI BPF | 86 // the sandbox is enabled because we cannot run it with non-SFI BPF |
| 87 // sandbox enabled. | 87 // sandbox enabled. |
| 88 class ClockSystemTesterDelegate : public sandbox::BPFTesterDelegate { | 88 class ClockSystemTesterDelegate : public sandbox::BPFTesterDelegate { |
| 89 public: | 89 public: |
| 90 ClockSystemTesterDelegate() | 90 ClockSystemTesterDelegate() |
| 91 : is_running_on_chromeos_(base::SysInfo::IsRunningOnChromeOS()) {} | 91 : is_running_on_chromeos_(base::SysInfo::IsRunningOnChromeOS()) {} |
| 92 virtual ~ClockSystemTesterDelegate() {} | 92 virtual ~ClockSystemTesterDelegate() {} |
| 93 | 93 |
| 94 virtual scoped_ptr<sandbox::SandboxBPFPolicy> GetSandboxBPFPolicy() OVERRIDE { | 94 virtual scoped_ptr<sandbox::SandboxBPFPolicy> GetSandboxBPFPolicy() override { |
| 95 return scoped_ptr<sandbox::SandboxBPFPolicy>( | 95 return scoped_ptr<sandbox::SandboxBPFPolicy>( |
| 96 new RestrictClockIdPolicy()); | 96 new RestrictClockIdPolicy()); |
| 97 } | 97 } |
| 98 virtual void RunTestFunction() OVERRIDE { | 98 virtual void RunTestFunction() override { |
| 99 if (is_running_on_chromeos_) { | 99 if (is_running_on_chromeos_) { |
| 100 CheckClock(base::TimeTicks::kClockSystemTrace); | 100 CheckClock(base::TimeTicks::kClockSystemTrace); |
| 101 } else { | 101 } else { |
| 102 struct timespec ts; | 102 struct timespec ts; |
| 103 // kClockSystemTrace is 11, which is CLOCK_THREAD_CPUTIME_ID of | 103 // kClockSystemTrace is 11, which is CLOCK_THREAD_CPUTIME_ID of |
| 104 // the init process (pid=1). If kernel supports this feature, | 104 // the init process (pid=1). If kernel supports this feature, |
| 105 // this may succeed even if this is not running on Chrome OS. We | 105 // this may succeed even if this is not running on Chrome OS. We |
| 106 // just check this clock_gettime call does not crash. | 106 // just check this clock_gettime call does not crash. |
| 107 clock_gettime(base::TimeTicks::kClockSystemTrace, &ts); | 107 clock_gettime(base::TimeTicks::kClockSystemTrace, &ts); |
| 108 } | 108 } |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 struct timespec ts; | 141 struct timespec ts; |
| 142 clock_gettime(kInitCPUClockID, &ts); | 142 clock_gettime(kInitCPUClockID, &ts); |
| 143 } | 143 } |
| 144 #endif // !defined(OS_ANDROID) | 144 #endif // !defined(OS_ANDROID) |
| 145 | 145 |
| 146 class RestrictSchedPolicy : public SandboxBPFDSLPolicy { | 146 class RestrictSchedPolicy : public SandboxBPFDSLPolicy { |
| 147 public: | 147 public: |
| 148 RestrictSchedPolicy() {} | 148 RestrictSchedPolicy() {} |
| 149 virtual ~RestrictSchedPolicy() {} | 149 virtual ~RestrictSchedPolicy() {} |
| 150 | 150 |
| 151 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE { | 151 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 152 switch (sysno) { | 152 switch (sysno) { |
| 153 case __NR_sched_getparam: | 153 case __NR_sched_getparam: |
| 154 return RestrictSchedTarget(getpid(), sysno); | 154 return RestrictSchedTarget(getpid(), sysno); |
| 155 default: | 155 default: |
| 156 return Allow(); | 156 return Allow(); |
| 157 } | 157 } |
| 158 } | 158 } |
| 159 }; | 159 }; |
| 160 | 160 |
| 161 void CheckSchedGetParam(pid_t pid, struct sched_param* param) { | 161 void CheckSchedGetParam(pid_t pid, struct sched_param* param) { |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 205 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 205 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 206 RestrictSchedPolicy) { | 206 RestrictSchedPolicy) { |
| 207 const pid_t kInitPID = 1; | 207 const pid_t kInitPID = 1; |
| 208 struct sched_param param; | 208 struct sched_param param; |
| 209 sched_getparam(kInitPID, ¶m); | 209 sched_getparam(kInitPID, ¶m); |
| 210 } | 210 } |
| 211 | 211 |
| 212 } // namespace | 212 } // namespace |
| 213 | 213 |
| 214 } // namespace sandbox | 214 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 628233002:
replace OVERRIDE and FINAL with override and final in sandbox/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master