OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
141 proc_fd_.reset(); | 141 proc_fd_.reset(); |
142 layer_one_sealed_ = true; | 142 layer_one_sealed_ = true; |
143 } | 143 } |
144 | 144 |
145 void NaClSandbox::CheckSandboxingStateWithPolicy() { | 145 void NaClSandbox::CheckSandboxingStateWithPolicy() { |
146 static const char kItIsDangerousMsg[] = " this is dangerous."; | 146 static const char kItIsDangerousMsg[] = " this is dangerous."; |
147 static const char kItIsNotAllowedMsg[] = | 147 static const char kItIsNotAllowedMsg[] = |
148 " this is not allowed in this configuration."; | 148 " this is not allowed in this configuration."; |
149 | 149 |
150 const bool no_sandbox_for_nonsfi_ok = | 150 const bool no_sandbox_for_nonsfi_ok = |
151 CommandLine::ForCurrentProcess()->HasSwitch( | 151 base::CommandLine::ForCurrentProcess()->HasSwitch( |
152 switches::kNaClDangerousNoSandboxNonSfi); | 152 switches::kNaClDangerousNoSandboxNonSfi); |
153 const bool can_be_no_sandbox = | 153 const bool can_be_no_sandbox = |
154 !layer_two_is_nonsfi_ || no_sandbox_for_nonsfi_ok; | 154 !layer_two_is_nonsfi_ || no_sandbox_for_nonsfi_ok; |
155 | 155 |
156 if (!layer_one_enabled_ || !layer_one_sealed_) { | 156 if (!layer_one_enabled_ || !layer_one_sealed_) { |
157 static const char kNoSuidMsg[] = | 157 static const char kNoSuidMsg[] = |
158 "The SUID sandbox is not engaged for NaCl:"; | 158 "The SUID sandbox is not engaged for NaCl:"; |
159 if (can_be_no_sandbox) | 159 if (can_be_no_sandbox) |
160 LOG(ERROR) << kNoSuidMsg << kItIsDangerousMsg; | 160 LOG(ERROR) << kNoSuidMsg << kItIsDangerousMsg; |
161 else | 161 else |
162 LOG(FATAL) << kNoSuidMsg << kItIsNotAllowedMsg; | 162 LOG(FATAL) << kNoSuidMsg << kItIsNotAllowedMsg; |
163 } | 163 } |
164 | 164 |
165 if (!layer_two_enabled_) { | 165 if (!layer_two_enabled_) { |
166 static const char kNoBpfMsg[] = | 166 static const char kNoBpfMsg[] = |
167 "The seccomp-bpf sandbox is not engaged for NaCl:"; | 167 "The seccomp-bpf sandbox is not engaged for NaCl:"; |
168 if (can_be_no_sandbox) | 168 if (can_be_no_sandbox) |
169 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; | 169 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; |
170 else | 170 else |
171 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; | 171 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; |
172 } | 172 } |
173 } | 173 } |
174 | 174 |
175 } // namespace nacl | 175 } // namespace nacl |
OLD | NEW |