| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
| 10 #include <sys/types.h> | 10 #include <sys/types.h> |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 proc_fd_.reset(); | 141 proc_fd_.reset(); |
| 142 layer_one_sealed_ = true; | 142 layer_one_sealed_ = true; |
| 143 } | 143 } |
| 144 | 144 |
| 145 void NaClSandbox::CheckSandboxingStateWithPolicy() { | 145 void NaClSandbox::CheckSandboxingStateWithPolicy() { |
| 146 static const char kItIsDangerousMsg[] = " this is dangerous."; | 146 static const char kItIsDangerousMsg[] = " this is dangerous."; |
| 147 static const char kItIsNotAllowedMsg[] = | 147 static const char kItIsNotAllowedMsg[] = |
| 148 " this is not allowed in this configuration."; | 148 " this is not allowed in this configuration."; |
| 149 | 149 |
| 150 const bool no_sandbox_for_nonsfi_ok = | 150 const bool no_sandbox_for_nonsfi_ok = |
| 151 CommandLine::ForCurrentProcess()->HasSwitch( | 151 base::CommandLine::ForCurrentProcess()->HasSwitch( |
| 152 switches::kNaClDangerousNoSandboxNonSfi); | 152 switches::kNaClDangerousNoSandboxNonSfi); |
| 153 const bool can_be_no_sandbox = | 153 const bool can_be_no_sandbox = |
| 154 !layer_two_is_nonsfi_ || no_sandbox_for_nonsfi_ok; | 154 !layer_two_is_nonsfi_ || no_sandbox_for_nonsfi_ok; |
| 155 | 155 |
| 156 if (!layer_one_enabled_ || !layer_one_sealed_) { | 156 if (!layer_one_enabled_ || !layer_one_sealed_) { |
| 157 static const char kNoSuidMsg[] = | 157 static const char kNoSuidMsg[] = |
| 158 "The SUID sandbox is not engaged for NaCl:"; | 158 "The SUID sandbox is not engaged for NaCl:"; |
| 159 if (can_be_no_sandbox) | 159 if (can_be_no_sandbox) |
| 160 LOG(ERROR) << kNoSuidMsg << kItIsDangerousMsg; | 160 LOG(ERROR) << kNoSuidMsg << kItIsDangerousMsg; |
| 161 else | 161 else |
| 162 LOG(FATAL) << kNoSuidMsg << kItIsNotAllowedMsg; | 162 LOG(FATAL) << kNoSuidMsg << kItIsNotAllowedMsg; |
| 163 } | 163 } |
| 164 | 164 |
| 165 if (!layer_two_enabled_) { | 165 if (!layer_two_enabled_) { |
| 166 static const char kNoBpfMsg[] = | 166 static const char kNoBpfMsg[] = |
| 167 "The seccomp-bpf sandbox is not engaged for NaCl:"; | 167 "The seccomp-bpf sandbox is not engaged for NaCl:"; |
| 168 if (can_be_no_sandbox) | 168 if (can_be_no_sandbox) |
| 169 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; | 169 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; |
| 170 else | 170 else |
| 171 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; | 171 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; |
| 172 } | 172 } |
| 173 } | 173 } |
| 174 | 174 |
| 175 } // namespace nacl | 175 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 774933004:
Prefix CommandLine usage with base namespace (Part 9: components) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master