Index: content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc |
diff --git a/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc |
index 4e54b5effb64671a15baa53336314827e09bf516..afb347406fd70239c1ff16f62b45203276835f73 100644 |
--- a/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc |
+++ b/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc |
@@ -22,6 +22,7 @@ |
#include "build/build_config.h" |
#include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" |
#include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
+#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" |
#include "sandbox/linux/services/linux_syscalls.h" |
@@ -151,10 +152,23 @@ ResultExpr CrosArmGpuProcessPolicy::EvaluateSyscall(int sysno) const { |
return If(domain == AF_UNIX, Allow()).Else(Error(EPERM)); |
} |
#endif // defined(__arm__) |
+ case __NR_ioprio_get: // IO scheduler. |
+ case __NR_ioprio_set: |
+ return sandbox::RestrictIoPrioGetSet(GetPolicyPid()); |
+ case __NR_sched_get_priority_max: |
+ case __NR_sched_get_priority_min: |
+ return Allow(); |
+ case __NR_sched_getaffinity: |
+ case __NR_sched_getattr: |
+ case __NR_sched_getparam: |
+ case __NR_sched_getscheduler: |
+ case __NR_sched_rr_get_interval: |
+ case __NR_sched_setaffinity: |
+ case __NR_sched_setattr: |
+ case __NR_sched_setparam: |
+ case __NR_sched_setscheduler: |
+ return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno); |
default: |
- if (SyscallSets::IsAdvancedScheduler(sysno)) |
- return Allow(); |
- |
// Default to the generic GPU policy. |
return GpuProcessPolicy::EvaluateSyscall(sysno); |
} |