| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
| 10 #include <sys/types.h> | 10 #include <sys/types.h> |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 55 NaClSandbox::NaClSandbox() | 55 NaClSandbox::NaClSandbox() |
| 56 : layer_one_enabled_(false), | 56 : layer_one_enabled_(false), |
| 57 layer_one_sealed_(false), | 57 layer_one_sealed_(false), |
| 58 layer_two_enabled_(false), | 58 layer_two_enabled_(false), |
| 59 layer_two_is_nonsfi_(false), | 59 layer_two_is_nonsfi_(false), |
| 60 proc_fd_(-1), | 60 proc_fd_(-1), |
| 61 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { | 61 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { |
| 62 proc_fd_.reset( | 62 proc_fd_.reset( |
| 63 HANDLE_EINTR(open("/proc", O_DIRECTORY | O_RDONLY | O_CLOEXEC))); | 63 HANDLE_EINTR(open("/proc", O_DIRECTORY | O_RDONLY | O_CLOEXEC))); |
| 64 PCHECK(proc_fd_.is_valid()); | 64 PCHECK(proc_fd_.is_valid()); |
| 65 // Determine if the kernel supports seccomp-bpf and let it cache the | |
| 66 // result. This must be done before any sandbox is engaged. | |
| 67 sandbox::SandboxBPF::SupportsSeccompSandbox(); | |
| 68 } | 65 } |
| 69 | 66 |
| 70 NaClSandbox::~NaClSandbox() { | 67 NaClSandbox::~NaClSandbox() { |
| 71 } | 68 } |
| 72 | 69 |
| 73 bool NaClSandbox::IsSingleThreaded() { | 70 bool NaClSandbox::IsSingleThreaded() { |
| 74 CHECK(proc_fd_.is_valid()); | 71 CHECK(proc_fd_.is_valid()); |
| 75 base::ScopedFD proc_self_task(GetProcSelfTask(proc_fd_.get())); | 72 base::ScopedFD proc_self_task(GetProcSelfTask(proc_fd_.get())); |
| 76 return sandbox::ThreadHelpers::IsSingleThreaded(proc_self_task.get()); | 73 return sandbox::ThreadHelpers::IsSingleThreaded(proc_self_task.get()); |
| 77 } | 74 } |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 171 static const char kNoBpfMsg[] = | 168 static const char kNoBpfMsg[] = |
| 172 "The seccomp-bpf sandbox is not engaged for NaCl:"; | 169 "The seccomp-bpf sandbox is not engaged for NaCl:"; |
| 173 if (can_be_no_sandbox) | 170 if (can_be_no_sandbox) |
| 174 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; | 171 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; |
| 175 else | 172 else |
| 176 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; | 173 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; |
| 177 } | 174 } |
| 178 } | 175 } |
| 179 | 176 |
| 180 } // namespace nacl | 177 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 759473002:
Linux sandbox: change seccomp detection and initialization. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@refactor_startsandbox