Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(108)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Issue 784733002: content: bpf: exclude the syscalls if arm64 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('K') | « content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc
diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
index 711f9b4a552b23ed22d4a4060ad89bbf7b0ab6ee..92ce070e5be3f01a1ece3fa563e2805f6a6361d2 100644
--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -94,6 +94,7 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
BrokerProcess* broker_process =
static_cast<BrokerProcess*>(aux_broker_process);
switch (args.nr) {
+#if !defined(__aarch64__)
case __NR_access:
return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
static_cast<int>(args.args[1]));
@@ -104,6 +105,7 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
#endif
return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
static_cast<int>(args.args[1]));
+#endif // !defined(__aarch64__)
case __NR_openat:
// Allow using openat() as open().
if (static_cast<int>(args.args[0]) == AT_FDCWD) {
@@ -138,8 +140,10 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy {
// openat allowed.
ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
switch (sysno) {
+#if !defined(__aarch64__)
case __NR_access:
case __NR_open:
+#endif // !defined(__aarch64__)
case __NR_openat:
return Allow();
default:
@@ -192,7 +196,8 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
} else {
return SandboxBPFBasePolicy::EvaluateSyscall(sysno);
}
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) \
+ || defined(__aarch64__)
mdempsky 2014/12/07 03:46:40 Is this actually required? The comment suggests t
cometzero 2014/12/07 06:47:38 You're right. I'll remove this inclusion on aarch6
// The Nvidia driver uses flags not in the baseline policy
// (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT)
case __NR_mmap:
@@ -203,8 +208,10 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
// TODO(jln): restrict prctl.
case __NR_prctl:
return Allow();
+#if !defined(__aarch64__)
case __NR_access:
case __NR_open:
+#endif // !defined(__aarch64__)
case __NR_openat:
DCHECK(broker_process_);
return Trap(GpuSIGSYS_Handler, broker_process_);
« content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('K') | « content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698