OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/renderer_main_platform_delegate.h" | 5 #include "content/renderer/renderer_main_platform_delegate.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "content/public/common/content_switches.h" | 9 #include "content/public/common/content_switches.h" |
10 | 10 |
(...skipping 17 matching lines...) Expand all Loading... |
28 | 28 |
29 void RendererMainPlatformDelegate::PlatformUninitialize() { | 29 void RendererMainPlatformDelegate::PlatformUninitialize() { |
30 } | 30 } |
31 | 31 |
32 bool RendererMainPlatformDelegate::EnableSandbox() { | 32 bool RendererMainPlatformDelegate::EnableSandbox() { |
33 #ifdef USE_SECCOMP_BPF | 33 #ifdef USE_SECCOMP_BPF |
34 if (!base::CommandLine::ForCurrentProcess()->HasSwitch( | 34 if (!base::CommandLine::ForCurrentProcess()->HasSwitch( |
35 switches::kEnableSeccompFilterSandbox)) { | 35 switches::kEnableSeccompFilterSandbox)) { |
36 return true; | 36 return true; |
37 } | 37 } |
| 38 if (!sandbox::SandboxBPF::SupportsSeccompSandbox( |
| 39 sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)) { |
| 40 LOG(WARNING) << "Seccomp-BPF sandbox enabled without kernel support. " |
| 41 << "Ignoring flag and proceeding without seccomp sandbox."; |
| 42 return true; |
| 43 } |
38 | 44 |
39 sandbox::SandboxBPF sandbox(new SandboxBPFBasePolicyAndroid()); | 45 sandbox::SandboxBPF sandbox(new SandboxBPFBasePolicyAndroid()); |
40 CHECK( | 46 CHECK( |
41 sandbox.StartSandbox(sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)); | 47 sandbox.StartSandbox(sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)); |
42 #endif | 48 #endif |
43 return true; | 49 return true; |
44 } | 50 } |
45 | 51 |
46 } // namespace content | 52 } // namespace content |
OLD | NEW |