OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
111 | 111 |
112 // Check the policy and eventually start the seccomp-bpf sandbox. This should | 112 // Check the policy and eventually start the seccomp-bpf sandbox. This should |
113 // never be called with threads started. If we detect that threads have | 113 // never be called with threads started. If we detect that threads have |
114 // started we will crash. | 114 // started we will crash. |
115 bool StartSeccompBPF(const std::string& process_type); | 115 bool StartSeccompBPF(const std::string& process_type); |
116 | 116 |
117 // Limit the address space of the current process (and its children). | 117 // Limit the address space of the current process (and its children). |
118 // to make some vulnerabilities harder to exploit. | 118 // to make some vulnerabilities harder to exploit. |
119 bool LimitAddressSpace(const std::string& process_type); | 119 bool LimitAddressSpace(const std::string& process_type); |
120 | 120 |
121 // Returns a file descriptor to proc. The file descriptor is no longer valid | |
122 // after the sandbox has been sealed. | |
123 int proc_fd() { return proc_fd_; } | |
jln (very slow on Chromium)
2015/02/25 21:32:48
const
rickyz (no longer on Chrome)
2015/03/21 01:35:31
Done.
| |
124 | |
121 #if defined(ANY_OF_AMTLU_SANITIZER) | 125 #if defined(ANY_OF_AMTLU_SANITIZER) |
122 __sanitizer_sandbox_arguments* sanitizer_args() const { | 126 __sanitizer_sandbox_arguments* sanitizer_args() const { |
123 return sanitizer_args_.get(); | 127 return sanitizer_args_.get(); |
124 }; | 128 }; |
125 #endif | 129 #endif |
126 | 130 |
127 private: | 131 private: |
128 friend struct DefaultSingletonTraits<LinuxSandbox>; | 132 friend struct DefaultSingletonTraits<LinuxSandbox>; |
129 | 133 |
130 LinuxSandbox(); | 134 LinuxSandbox(); |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
168 #if defined(ANY_OF_AMTLU_SANITIZER) | 172 #if defined(ANY_OF_AMTLU_SANITIZER) |
169 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; | 173 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; |
170 #endif | 174 #endif |
171 | 175 |
172 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); | 176 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); |
173 }; | 177 }; |
174 | 178 |
175 } // namespace content | 179 } // namespace content |
176 | 180 |
177 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 181 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
OLD | NEW |