| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <sched.h> | 8 #include <sched.h> |
| 9 #include <sys/resource.h> | 9 #include <sys/resource.h> |
| 10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 85 | 85 |
| 86 #if defined(OS_CHROMEOS) | 86 #if defined(OS_CHROMEOS) |
| 87 | 87 |
| 88 // A custom BPF tester delegate to run IsRunningOnChromeOS() before | 88 // A custom BPF tester delegate to run IsRunningOnChromeOS() before |
| 89 // the sandbox is enabled because we cannot run it with non-SFI BPF | 89 // the sandbox is enabled because we cannot run it with non-SFI BPF |
| 90 // sandbox enabled. | 90 // sandbox enabled. |
| 91 class ClockSystemTesterDelegate : public sandbox::BPFTesterDelegate { | 91 class ClockSystemTesterDelegate : public sandbox::BPFTesterDelegate { |
| 92 public: | 92 public: |
| 93 ClockSystemTesterDelegate() | 93 ClockSystemTesterDelegate() |
| 94 : is_running_on_chromeos_(base::SysInfo::IsRunningOnChromeOS()) {} | 94 : is_running_on_chromeos_(base::SysInfo::IsRunningOnChromeOS()) {} |
| 95 virtual ~ClockSystemTesterDelegate() {} | 95 ~ClockSystemTesterDelegate() override {} |
| 96 | 96 |
| 97 virtual scoped_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override { | 97 scoped_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override { |
| 98 return scoped_ptr<sandbox::bpf_dsl::Policy>(new RestrictClockIdPolicy()); | 98 return scoped_ptr<sandbox::bpf_dsl::Policy>(new RestrictClockIdPolicy()); |
| 99 } | 99 } |
| 100 virtual void RunTestFunction() override { | 100 void RunTestFunction() override { |
| 101 if (is_running_on_chromeos_) { | 101 if (is_running_on_chromeos_) { |
| 102 CheckClock(base::TimeTicks::kClockSystemTrace); | 102 CheckClock(base::TimeTicks::kClockSystemTrace); |
| 103 } else { | 103 } else { |
| 104 struct timespec ts; | 104 struct timespec ts; |
| 105 // kClockSystemTrace is 11, which is CLOCK_THREAD_CPUTIME_ID of | 105 // kClockSystemTrace is 11, which is CLOCK_THREAD_CPUTIME_ID of |
| 106 // the init process (pid=1). If kernel supports this feature, | 106 // the init process (pid=1). If kernel supports this feature, |
| 107 // this may succeed even if this is not running on Chrome OS. We | 107 // this may succeed even if this is not running on Chrome OS. We |
| 108 // just check this clock_gettime call does not crash. | 108 // just check this clock_gettime call does not crash. |
| 109 clock_gettime(base::TimeTicks::kClockSystemTrace, &ts); | 109 clock_gettime(base::TimeTicks::kClockSystemTrace, &ts); |
| 110 } | 110 } |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 236 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 236 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 237 RestrictPrlimit64Policy) { | 237 RestrictPrlimit64Policy) { |
| 238 const pid_t kInitPID = 1; | 238 const pid_t kInitPID = 1; |
| 239 BPF_ASSERT_NE(kInitPID, getpid()); | 239 BPF_ASSERT_NE(kInitPID, getpid()); |
| 240 sys_prlimit64(kInitPID, RLIMIT_AS, NULL, NULL); | 240 sys_prlimit64(kInitPID, RLIMIT_AS, NULL, NULL); |
| 241 } | 241 } |
| 242 | 242 |
| 243 } // namespace | 243 } // namespace |
| 244 | 244 |
| 245 } // namespace sandbox | 245 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 885443002:
Roll Chrome into Mojo. (Closed)
Base URL: https://github.com/domokit/mojo.git@master