content/common/sandbox_linux/sandbox_linux.cc - Issue 758063005: Linux sandbox: report TSYNC status in chrome://sandbox

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_linux/sandbox_linux.cc

Issue 758063005: Linux sandbox: report TSYNC status in chrome://sandbox (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/sandbox_linux/sandbox_linux.cc

diff --git a/content/common/sandbox_linux/sandbox_linux.cc b/content/common/sandbox_linux/sandbox_linux.cc

index 5e66737ef6936a9360fc25b2e2d7f3e263fe5e57..69cab56c9d557f91aa90d0eab5340afc55cddb97 100644

--- a/content/common/sandbox_linux/sandbox_linux.cc

+++ b/content/common/sandbox_linux/sandbox_linux.cc

@@ -112,6 +112,7 @@ LinuxSandbox::LinuxSandbox()

sandbox_status_flags_(kSandboxLinuxInvalid),

pre_initialized_(false),

seccomp_bpf_supported_(false),

+ seccomp_bpf_with_tsync_supported_(false),

yama_is_enforcing_(false),

initialize_sandbox_ran_(false),

setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create())

@@ -167,6 +168,10 @@ void LinuxSandbox::PreinitializeSandbox() {

} else {

seccomp_bpf_supported_ = true;

}

+ if (SandboxSeccompBPF::SupportsSandboxWithTsync()) {

+ seccomp_bpf_with_tsync_supported_ = true;

+ }

}

// Yama is a "global", system-level status. We assume it will not regress

@@ -211,6 +216,11 @@ int LinuxSandbox::GetStatus() {

sandbox_status_flags_ |= kSandboxLinuxSeccompBPF;

}

+ if (seccomp_bpf_with_tsync_supported() &&

+ SandboxSeccompBPF::ShouldEnableSeccompBPF(switches::kRendererProcess)) {

+ sandbox_status_flags_ |= kSandboxLinuxSeccompTSYNC;

+ }

if (yama_is_enforcing_) {

sandbox_status_flags_ |= kSandboxLinuxYama;

}

@@ -337,6 +347,11 @@ bool LinuxSandbox::seccomp_bpf_supported() const {

return seccomp_bpf_supported_;

}

+bool LinuxSandbox::seccomp_bpf_with_tsync_supported() const {

+ CHECK(pre_initialized_);

+ return seccomp_bpf_with_tsync_supported_;

bool LinuxSandbox::LimitAddressSpace(const std::string& process_type) {

(void) process_type;

#if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \

« no previous file with comments | « content/common/sandbox_linux/sandbox_linux.h ('k') | content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h » ('j') | no next file with comments »