OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <linux/futex.h> | 10 #include <linux/futex.h> |
(...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
257 | 257 |
258 ResultExpr RestrictGetSetpriority(pid_t target_pid) { | 258 ResultExpr RestrictGetSetpriority(pid_t target_pid) { |
259 const Arg<int> which(0); | 259 const Arg<int> which(0); |
260 const Arg<int> who(1); | 260 const Arg<int> who(1); |
261 return If(which == PRIO_PROCESS, | 261 return If(which == PRIO_PROCESS, |
262 If(who == 0 || who == target_pid, Allow()).Else(Error(EPERM))) | 262 If(who == 0 || who == target_pid, Allow()).Else(Error(EPERM))) |
263 .Else(CrashSIGSYS()); | 263 .Else(CrashSIGSYS()); |
264 } | 264 } |
265 | 265 |
266 ResultExpr RestrictClockID() { | 266 ResultExpr RestrictClockID() { |
267 COMPILE_ASSERT(4 == sizeof(clockid_t), clockid_is_not_32bit); | 267 static_assert(4 == sizeof(clockid_t), "clockid_t is not 32bit"); |
268 const Arg<clockid_t> clockid(0); | 268 const Arg<clockid_t> clockid(0); |
269 return If( | 269 return If( |
270 #if defined(OS_CHROMEOS) | 270 #if defined(OS_CHROMEOS) |
271 // Allow the special clock for Chrome OS used by Chrome tracing. | 271 // Allow the special clock for Chrome OS used by Chrome tracing. |
272 clockid == base::TimeTicks::kClockSystemTrace || | 272 clockid == base::TimeTicks::kClockSystemTrace || |
273 #endif | 273 #endif |
274 clockid == CLOCK_MONOTONIC || | 274 clockid == CLOCK_MONOTONIC || |
275 clockid == CLOCK_PROCESS_CPUTIME_ID || | 275 clockid == CLOCK_PROCESS_CPUTIME_ID || |
276 clockid == CLOCK_REALTIME || | 276 clockid == CLOCK_REALTIME || |
277 clockid == CLOCK_THREAD_CPUTIME_ID, | 277 clockid == CLOCK_THREAD_CPUTIME_ID, |
(...skipping 20 matching lines...) Expand all Loading... |
298 return CrashSIGSYS(); | 298 return CrashSIGSYS(); |
299 } | 299 } |
300 } | 300 } |
301 | 301 |
302 ResultExpr RestrictPrlimit64(pid_t target_pid) { | 302 ResultExpr RestrictPrlimit64(pid_t target_pid) { |
303 const Arg<pid_t> pid(0); | 303 const Arg<pid_t> pid(0); |
304 return If(pid == 0 || pid == target_pid, Allow()).Else(CrashSIGSYS()); | 304 return If(pid == 0 || pid == target_pid, Allow()).Else(CrashSIGSYS()); |
305 } | 305 } |
306 | 306 |
307 } // namespace sandbox. | 307 } // namespace sandbox. |
OLD | NEW |