OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <errno.h> | 8 #include <errno.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
116 } | 116 } |
117 } | 117 } |
118 | 118 |
119 class GpuBrokerProcessPolicy : public GpuProcessPolicy { | 119 class GpuBrokerProcessPolicy : public GpuProcessPolicy { |
120 public: | 120 public: |
121 static sandbox::bpf_dsl::SandboxBPFDSLPolicy* Create() { | 121 static sandbox::bpf_dsl::SandboxBPFDSLPolicy* Create() { |
122 return new GpuBrokerProcessPolicy(); | 122 return new GpuBrokerProcessPolicy(); |
123 } | 123 } |
124 virtual ~GpuBrokerProcessPolicy() {} | 124 virtual ~GpuBrokerProcessPolicy() {} |
125 | 125 |
126 virtual ResultExpr EvaluateSyscall(int system_call_number) const OVERRIDE; | 126 virtual ResultExpr EvaluateSyscall(int system_call_number) const override; |
127 | 127 |
128 private: | 128 private: |
129 GpuBrokerProcessPolicy() {} | 129 GpuBrokerProcessPolicy() {} |
130 DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy); | 130 DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy); |
131 }; | 131 }; |
132 | 132 |
133 // x86_64/i386 or desktop ARM. | 133 // x86_64/i386 or desktop ARM. |
134 // A GPU broker policy is the same as a GPU policy with open and | 134 // A GPU broker policy is the same as a GPU policy with open and |
135 // openat allowed. | 135 // openat allowed. |
136 ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const { | 136 ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const { |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
270 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), | 270 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), |
271 read_whitelist, | 271 read_whitelist, |
272 write_whitelist); | 272 write_whitelist); |
273 // The initialization callback will perform generic initialization and then | 273 // The initialization callback will perform generic initialization and then |
274 // call broker_sandboxer_callback. | 274 // call broker_sandboxer_callback. |
275 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, | 275 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, |
276 broker_sandboxer_allocator))); | 276 broker_sandboxer_allocator))); |
277 } | 277 } |
278 | 278 |
279 } // namespace content | 279 } // namespace content |
OLD | NEW |