sandbox/linux/seccomp-bpf/sandbox_bpf.cc - Issue 938223004: Linux sandbox: better APIs with /proc/ arguments

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

Issue 938223004: Linux sandbox: better APIs with /proc/ arguments (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix invalid proc_fd_ usage. Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

index 31975a1b98e33539d60a977cf70e789d09ecd6d5..b6553d7e24da4fac9a63fe3b77095eb6cf8d9850 100644

--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

@@ -46,8 +46,8 @@ namespace {

bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; }

-bool IsSingleThreaded(int proc_task_fd) {

- return ThreadHelpers::IsSingleThreaded(proc_task_fd);

+bool IsSingleThreaded(int proc_fd) {

+ return ThreadHelpers::IsSingleThreaded(proc_fd);

}

// Check if the kernel supports seccomp-filter (a.k.a. seccomp mode 2) via

@@ -82,7 +82,7 @@ bool KernelSupportsSeccompTsync() {

} // namespace

SandboxBPF::SandboxBPF(bpf_dsl::Policy* policy)

- : proc_task_fd_(), sandbox_has_started_(false), policy_(policy) {

+ : proc_fd_(), sandbox_has_started_(false), policy_(policy) {

}

SandboxBPF::~SandboxBPF() {

@@ -118,8 +118,8 @@ bool SandboxBPF::StartSandbox(SeccompLevel seccomp_level) {

return false;

}

- if (!proc_task_fd_.is_valid()) {

- SetProcTaskFd(ProcUtil::OpenProcSelfTask());

+ if (!proc_fd_.is_valid()) {

+ SetProcFd(ProcUtil::OpenProc());

}

const bool supports_tsync = KernelSupportsSeccompTsync();

@@ -127,9 +127,9 @@ bool SandboxBPF::StartSandbox(SeccompLevel seccomp_level) {

if (seccomp_level == SeccompLevel::SINGLE_THREADED) {

// Wait for /proc/self/task/ to update if needed and assert the

// process is single threaded.

- ThreadHelpers::AssertSingleThreaded(proc_task_fd_.get());

+ ThreadHelpers::AssertSingleThreaded(proc_fd_.get());

} else if (seccomp_level == SeccompLevel::MULTI_THREADED) {

- if (IsSingleThreaded(proc_task_fd_.get())) {

+ if (IsSingleThreaded(proc_fd_.get())) {

SANDBOX_DIE("Cannot start sandbox; "

"process may be single-threaded when reported as not");

return false;

@@ -144,8 +144,8 @@ bool SandboxBPF::StartSandbox(SeccompLevel seccomp_level) {

// We no longer need access to any files in /proc. We want to do this

// before installing the filters, just in case that our policy denies

// close().

- if (proc_task_fd_.is_valid()) {

- proc_task_fd_.reset();

+ if (proc_fd_.is_valid()) {

+ proc_fd_.reset();

}

// Install the filters.

@@ -155,8 +155,8 @@ bool SandboxBPF::StartSandbox(SeccompLevel seccomp_level) {

return true;

}

-void SandboxBPF::SetProcTaskFd(base::ScopedFD proc_task_fd) {

- proc_task_fd_.swap(proc_task_fd);

+void SandboxBPF::SetProcFd(base::ScopedFD proc_fd) {

+ proc_fd_.swap(proc_fd);

}

// static

« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf.h ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('j') | no next file with comments »