Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(537)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Issue 839143002: Roll Chrome into Mojo. (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« DEPS ('K') | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf/syscall.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <linux/futex.h> 10 #include <linux/futex.h>
(...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after
257 257
258 ResultExpr RestrictGetSetpriority(pid_t target_pid) { 258 ResultExpr RestrictGetSetpriority(pid_t target_pid) {
259 const Arg<int> which(0); 259 const Arg<int> which(0);
260 const Arg<int> who(1); 260 const Arg<int> who(1);
261 return If(which == PRIO_PROCESS, 261 return If(which == PRIO_PROCESS,
262 If(who == 0 || who == target_pid, Allow()).Else(Error(EPERM))) 262 If(who == 0 || who == target_pid, Allow()).Else(Error(EPERM)))
263 .Else(CrashSIGSYS()); 263 .Else(CrashSIGSYS());
264 } 264 }
265 265
266 ResultExpr RestrictClockID() { 266 ResultExpr RestrictClockID() {
267 COMPILE_ASSERT(4 == sizeof(clockid_t), clockid_is_not_32bit); 267 static_assert(4 == sizeof(clockid_t), "clockid_t is not 32bit");
268 const Arg<clockid_t> clockid(0); 268 const Arg<clockid_t> clockid(0);
269 return If( 269 return If(
270 #if defined(OS_CHROMEOS) 270 #if defined(OS_CHROMEOS)
271 // Allow the special clock for Chrome OS used by Chrome tracing. 271 // Allow the special clock for Chrome OS used by Chrome tracing.
272 clockid == base::TimeTicks::kClockSystemTrace || 272 clockid == base::TimeTicks::kClockSystemTrace ||
273 #endif 273 #endif
274 clockid == CLOCK_MONOTONIC || 274 clockid == CLOCK_MONOTONIC ||
275 clockid == CLOCK_PROCESS_CPUTIME_ID || 275 clockid == CLOCK_PROCESS_CPUTIME_ID ||
276 clockid == CLOCK_REALTIME || 276 clockid == CLOCK_REALTIME ||
277 clockid == CLOCK_THREAD_CPUTIME_ID, 277 clockid == CLOCK_THREAD_CPUTIME_ID,
(...skipping 20 matching lines...) Expand all
298 return CrashSIGSYS(); 298 return CrashSIGSYS();
299 } 299 }
300 } 300 }
301 301
302 ResultExpr RestrictPrlimit64(pid_t target_pid) { 302 ResultExpr RestrictPrlimit64(pid_t target_pid) {
303 const Arg<pid_t> pid(0); 303 const Arg<pid_t> pid(0);
304 return If(pid == 0 || pid == target_pid, Allow()).Else(CrashSIGSYS()); 304 return If(pid == 0 || pid == target_pid, Allow()).Else(CrashSIGSYS());
305 } 305 }
306 306
307 } // namespace sandbox. 307 } // namespace sandbox.
OLDNEW
« DEPS ('K') | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf/syscall.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698