Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(183)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

Issue 101773003: Linux sandbox: cleanup sandbox-bpf naming. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address namespace sandbox nits. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.h ('k') | sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <sys/mman.h> 8 #include <sys/mman.h>
9 #include <sys/types.h> 9 #include <sys/types.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
74 #if defined(__i386__) 74 #if defined(__i386__)
75 SyscallSets::IsSocketCall(sysno) || 75 SyscallSets::IsSocketCall(sysno) ||
76 #endif 76 #endif
77 #if defined(__arm__) 77 #if defined(__arm__)
78 SyscallSets::IsArmPciConfig(sysno) || 78 SyscallSets::IsArmPciConfig(sysno) ||
79 #endif 79 #endif
80 SyscallSets::IsTimer(sysno); 80 SyscallSets::IsTimer(sysno);
81 } 81 }
82 82
83 // |fs_denied_errno| is the errno return for denied filesystem access. 83 // |fs_denied_errno| is the errno return for denied filesystem access.
84 ErrorCode EvaluateSyscallImpl(int fs_denied_errno, Sandbox* sandbox, 84 ErrorCode EvaluateSyscallImpl(int fs_denied_errno, SandboxBPF* sandbox,
85 int sysno) { 85 int sysno) {
86 if (IsBaselinePolicyAllowed(sysno)) { 86 if (IsBaselinePolicyAllowed(sysno)) {
87 return ErrorCode(ErrorCode::ERR_ALLOWED); 87 return ErrorCode(ErrorCode::ERR_ALLOWED);
88 } 88 }
89 89
90 #if defined(__x86_64__) || defined(__arm__) 90 #if defined(__x86_64__) || defined(__arm__)
91 if (sysno == __NR_socketpair) { 91 if (sysno == __NR_socketpair) {
92 // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. 92 // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.
93 COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different); 93 COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different);
94 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, AF_UNIX, 94 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, AF_UNIX,
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
160 // Unfortunately C++03 doesn't allow delegated constructors. 160 // Unfortunately C++03 doesn't allow delegated constructors.
161 // Call other constructor when C++11 lands. 161 // Call other constructor when C++11 lands.
162 BaselinePolicy::BaselinePolicy() 162 BaselinePolicy::BaselinePolicy()
163 : fs_denied_errno_(EPERM) {} 163 : fs_denied_errno_(EPERM) {}
164 164
165 BaselinePolicy::BaselinePolicy(int fs_denied_errno) 165 BaselinePolicy::BaselinePolicy(int fs_denied_errno)
166 : fs_denied_errno_(fs_denied_errno) {} 166 : fs_denied_errno_(fs_denied_errno) {}
167 167
168 BaselinePolicy::~BaselinePolicy() {} 168 BaselinePolicy::~BaselinePolicy() {}
169 169
170 ErrorCode BaselinePolicy::EvaluateSyscall(Sandbox* sandbox, int sysno) const { 170 ErrorCode BaselinePolicy::EvaluateSyscall(SandboxBPF* sandbox,
171 int sysno) const {
171 return EvaluateSyscallImpl(fs_denied_errno_, sandbox, sysno); 172 return EvaluateSyscallImpl(fs_denied_errno_, sandbox, sysno);
172 } 173 }
173 174
174 // TODO(jln): Migrate NaCl and remove. 175 // TODO(jln): Migrate NaCl and remove.
175 ErrorCode BaselinePolicy::BaselinePolicyDeprecated(Sandbox* sandbox, 176 ErrorCode BaselinePolicy::BaselinePolicyDeprecated(SandboxBPF* sandbox,
176 int sysno, 177 int sysno,
177 void* aux) { 178 void* aux) {
178 DCHECK(!aux); 179 DCHECK(!aux);
179 return EvaluateSyscallImpl(EPERM /* fs_denied_errno */, sandbox, sysno); 180 return EvaluateSyscallImpl(EPERM /* fs_denied_errno */, sandbox, sysno);
180 } 181 }
181 182
182 } // namespace sandbox. 183 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.h ('k') | sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698