| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 6 | 6 |
| 7 // Some headers on Android are missing cdefs: crbug.com/172337. | 7 // Some headers on Android are missing cdefs: crbug.com/172337. |
| 8 // (We can't use OS_ANDROID here since build_config.h is not included). | 8 // (We can't use OS_ANDROID here since build_config.h is not included). |
| 9 #if defined(ANDROID) | 9 #if defined(ANDROID) |
| 10 #include <sys/cdefs.h> | 10 #include <sys/cdefs.h> |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 143 } // namespace | 143 } // namespace |
| 144 | 144 |
| 145 SandboxBPF::SandboxBPF() | 145 SandboxBPF::SandboxBPF() |
| 146 : quiet_(false), proc_fd_(-1), sandbox_has_started_(false), policy_() { | 146 : quiet_(false), proc_fd_(-1), sandbox_has_started_(false), policy_() { |
| 147 } | 147 } |
| 148 | 148 |
| 149 SandboxBPF::~SandboxBPF() { | 149 SandboxBPF::~SandboxBPF() { |
| 150 } | 150 } |
| 151 | 151 |
| 152 bool SandboxBPF::IsValidSyscallNumber(int sysnum) { | 152 bool SandboxBPF::IsValidSyscallNumber(int sysnum) { |
| 153 return SyscallIterator::IsValid(sysnum); | 153 return SyscallSet::IsValid(sysnum); |
| 154 } | 154 } |
| 155 | 155 |
| 156 bool SandboxBPF::RunFunctionInPolicy( | 156 bool SandboxBPF::RunFunctionInPolicy( |
| 157 void (*code_in_sandbox)(), | 157 void (*code_in_sandbox)(), |
| 158 scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> policy) { | 158 scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> policy) { |
| 159 // Block all signals before forking a child process. This prevents an | 159 // Block all signals before forking a child process. This prevents an |
| 160 // attacker from manipulating our test by sending us an unexpected signal. | 160 // attacker from manipulating our test by sending us an unexpected signal. |
| 161 sigset_t old_mask, new_mask; | 161 sigset_t old_mask, new_mask; |
| 162 if (sigfillset(&new_mask) || sigprocmask(SIG_BLOCK, &new_mask, &old_mask)) { | 162 if (sigfillset(&new_mask) || sigprocmask(SIG_BLOCK, &new_mask, &old_mask)) { |
| 163 SANDBOX_DIE("sigprocmask() failed"); | 163 SANDBOX_DIE("sigprocmask() failed"); |
| (...skipping 352 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 516 static_cast<intptr_t>(args.args[1]), | 516 static_cast<intptr_t>(args.args[1]), |
| 517 static_cast<intptr_t>(args.args[2]), | 517 static_cast<intptr_t>(args.args[2]), |
| 518 static_cast<intptr_t>(args.args[3]), | 518 static_cast<intptr_t>(args.args[3]), |
| 519 static_cast<intptr_t>(args.args[4]), | 519 static_cast<intptr_t>(args.args[4]), |
| 520 static_cast<intptr_t>(args.args[5])); | 520 static_cast<intptr_t>(args.args[5])); |
| 521 } | 521 } |
| 522 | 522 |
| 523 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN; | 523 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN; |
| 524 | 524 |
| 525 } // namespace sandbox | 525 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 659723002:
SyscallIterator: support C++11 range-based for loops (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master