content/common/sandbox_linux/bpf_gpu_policy_linux.cc - Issue 784733002: content: bpf: exclude the syscalls if arm64

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Issue 784733002: content: bpf: exclude the syscalls if arm64 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: content: bpf: exclude the syscalls if arm64 Created 6 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc

index 94003db6b8985d25f522bf5b1ae3e469c48b7de3..00740dbb9db39fe41fa1b612a0836f662df3d2f3 100644

--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc

+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc

@@ -94,6 +94,7 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,

BrokerProcess* broker_process =

static_cast<BrokerProcess*>(aux_broker_process);

switch (args.nr) {

+#if !defined(__aarch64__)

case __NR_access:

return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),

static_cast<int>(args.args[1]));

@@ -104,6 +105,15 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,

#endif

return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),

static_cast<int>(args.args[1]));

+#endif // !defined(__aarch64__)

+ case __NR_faccessat:

+ if (static_cast<int>(args.args[0]) == AT_FDCWD) {

+ return

+ broker_process->Access(reinterpret_cast<const char*>(args.args[1]),

+ static_cast<int>(args.args[2]));

+ } else {

+ return -EPERM;

+ }

case __NR_openat:

// Allow using openat() as open().

if (static_cast<int>(args.args[0]) == AT_FDCWD) {

@@ -138,8 +148,11 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy {

// openat and in the non-Chrome OS case unlink allowed.

ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {

switch (sysno) {

+#if !defined(__aarch64__)

case __NR_access:

case __NR_open:

+#endif // !defined(__aarch64__)

+ case __NR_faccessat:

case __NR_openat:

#if !defined(OS_CHROMEOS)

// The broker process needs to able to unlink the temporary

@@ -211,8 +224,11 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {

// TODO(jln): restrict prctl.

case __NR_prctl:

return Allow();

+#if !defined(__aarch64__)

case __NR_access:

case __NR_open:

+#endif // !defined(__aarch64__)

+ case __NR_faccessat:

case __NR_openat:

DCHECK(broker_process_);

return Trap(GpuSIGSYS_Handler, broker_process_);

« no previous file with comments | « content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('k') | no next file » | no next file with comments »