OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" | 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
71 #else | 71 #else |
72 return false; | 72 return false; |
73 #endif | 73 #endif |
74 } | 74 } |
75 | 75 |
76 class BlacklistDebugAndNumaPolicy : public SandboxBPFBasePolicy { | 76 class BlacklistDebugAndNumaPolicy : public SandboxBPFBasePolicy { |
77 public: | 77 public: |
78 BlacklistDebugAndNumaPolicy() {} | 78 BlacklistDebugAndNumaPolicy() {} |
79 virtual ~BlacklistDebugAndNumaPolicy() {} | 79 virtual ~BlacklistDebugAndNumaPolicy() {} |
80 | 80 |
81 virtual ResultExpr EvaluateSyscall(int system_call_number) const OVERRIDE; | 81 virtual ResultExpr EvaluateSyscall(int system_call_number) const override; |
82 | 82 |
83 private: | 83 private: |
84 DISALLOW_COPY_AND_ASSIGN(BlacklistDebugAndNumaPolicy); | 84 DISALLOW_COPY_AND_ASSIGN(BlacklistDebugAndNumaPolicy); |
85 }; | 85 }; |
86 | 86 |
87 ResultExpr BlacklistDebugAndNumaPolicy::EvaluateSyscall(int sysno) const { | 87 ResultExpr BlacklistDebugAndNumaPolicy::EvaluateSyscall(int sysno) const { |
88 if (SyscallSets::IsDebug(sysno) || SyscallSets::IsNuma(sysno)) | 88 if (SyscallSets::IsDebug(sysno) || SyscallSets::IsNuma(sysno)) |
89 return sandbox::CrashSIGSYS(); | 89 return sandbox::CrashSIGSYS(); |
90 | 90 |
91 return Allow(); | 91 return Allow(); |
92 } | 92 } |
93 | 93 |
94 class AllowAllPolicy : public SandboxBPFBasePolicy { | 94 class AllowAllPolicy : public SandboxBPFBasePolicy { |
95 public: | 95 public: |
96 AllowAllPolicy() {} | 96 AllowAllPolicy() {} |
97 virtual ~AllowAllPolicy() {} | 97 virtual ~AllowAllPolicy() {} |
98 | 98 |
99 virtual ResultExpr EvaluateSyscall(int system_call_number) const OVERRIDE; | 99 virtual ResultExpr EvaluateSyscall(int system_call_number) const override; |
100 | 100 |
101 private: | 101 private: |
102 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy); | 102 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy); |
103 }; | 103 }; |
104 | 104 |
105 // Allow all syscalls. | 105 // Allow all syscalls. |
106 // This will still deny x32 or IA32 calls in 64 bits mode or | 106 // This will still deny x32 or IA32 calls in 64 bits mode or |
107 // 64 bits system calls in compatibility mode. | 107 // 64 bits system calls in compatibility mode. |
108 ResultExpr AllowAllPolicy::EvaluateSyscall(int sysno) const { | 108 ResultExpr AllowAllPolicy::EvaluateSyscall(int sysno) const { |
109 return Allow(); | 109 return Allow(); |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
286 scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> | 286 scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> |
287 SandboxSeccompBPF::GetBaselinePolicy() { | 287 SandboxSeccompBPF::GetBaselinePolicy() { |
288 #if defined(USE_SECCOMP_BPF) | 288 #if defined(USE_SECCOMP_BPF) |
289 return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(new BaselinePolicy); | 289 return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(new BaselinePolicy); |
290 #else | 290 #else |
291 return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(); | 291 return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(); |
292 #endif // defined(USE_SECCOMP_BPF) | 292 #endif // defined(USE_SECCOMP_BPF) |
293 } | 293 } |
294 | 294 |
295 } // namespace content | 295 } // namespace content |
OLD | NEW |