Add basic ARM policy to seccomp-bpf sandbox.

content/common/sandbox_seccomp_bpf_linux.cc

Index: content/common/sandbox_seccomp_bpf_linux.cc
diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc
index 226bad780d956b9996052efd54f50aa90125053c..781c0b925c9a520417b54d8fb4675b8a385285cc 100644
--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -25,13 +25,18 @@
 #include "content/public/common/content_switches.h"
 
 // These are the only architectures supported for now.
-#if defined(__i386__) || defined(__x86_64__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__)
 #define SECCOMP_BPF_SANDBOX
 #endif
 
 #if defined(SECCOMP_BPF_SANDBOX)
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+
+#if defined(__i386__) || defined(__x86_64__)
 #include "sandbox/linux/services/x86_linux_syscalls.h"
+#elif defined(__arm__)
+#include "sandbox/linux/services/arm_linux_syscalls.h"

[jln (very slow on Chromium), 2012/08/14 22:19:32]

Please add a comment saying that this file is not complete yet as well.

When it'll be complete, x86_linux_syscalls.h should be renamed linux_syscalls.h
and the arm file should be included there directly.

[Jorge Lucangeli Obes, 2012/08/14 22:40:45]

Done.

+#endif
 
 namespace {
 
@@ -1192,7 +1197,11 @@ playground2::Sandbox::ErrorCode BlacklistPtracePolicy(int sysno) {
     return ENOSYS;
   }
   switch (sysno) {
+    // __NR_migrate_pages is not available for EABI ARM.

[jln (very slow on Chromium), 2012/08/14 22:19:32]

I think it's fine to leave this without a comment at all.
Or at least remove the second line.

[Jorge Lucangeli Obes, 2012/08/14 22:40:45]

Done.

+    // See </arch/arm/include/asm/unistd.h> in the Linux kernel.
+#if defined(__x86_64__) || defined(__i386__)
     case __NR_migrate_pages:
+#endif
     case __NR_move_pages:
     case __NR_process_vm_readv:
     case __NR_process_vm_writev:
@@ -1258,15 +1267,19 @@ playground2::Sandbox::EvaluateSyscall GetProcessSyscallPolicy(
   NOTREACHED();
   // This will be our default if we need one.
   return AllowAllPolicy;
-#else
-  // On IA32, we only have a small blacklist at the moment.
+#elif defined(__i386__) || defined(__arm__)

[jln (very slow on Chromium), 2012/08/14 22:19:32]

I would prefer just leaving a #else here.

It simplifies the codepath, but also it's a nice default to have.

I someone added an architecture, they would quickly see a compile-error and make
BlacklistPtracePolicy work.

You can leave a comment such as: "On other architectures (currently IA32 or
ARM), we only have a small blacklist at the moment.

At the moment, the change is not even correct, because in release mode,
NOTREACHED() is a no-op, so this function wouldn't have a return statement which
would produce a compile-time error even though it's not what we expect.

[Jorge Lucangeli Obes, 2012/08/14 22:40:45]

Done.

+  // On IA32 or ARM, we only have a small blacklist at the moment.
   (void) process_type;
   return BlacklistPtracePolicy;
-#endif  // __x86_64__
+#else
+  // This should not happen, we're compiling only on x86_64 or i386 or ARM.
+  (void) process_type;
+  NOTREACHED();
+#endif
 }
 
 // Initialize the seccomp-bpf sandbox.
-bool StartBpfSandbox_x86(const CommandLine& command_line,
+bool StartBpfSandbox(const CommandLine& command_line,
                          const std::string& process_type) {

[jln (very slow on Chromium), 2012/08/14 22:19:32]

Nit: re-indent.

[Jorge Lucangeli Obes, 2012/08/14 22:40:45]

Done.

   playground2::Sandbox::EvaluateSyscall SyscallPolicy =
       GetProcessSyscallPolicy(command_line, process_type);
@@ -1329,7 +1342,7 @@ bool SandboxSeccompBpf::StartSandbox(const std::string& process_type) {
       // Process-specific policy.
       ShouldEnableSeccompBpf(process_type) &&
       SupportsSandbox()) {
-    return StartBpfSandbox_x86(command_line, process_type);
+    return StartBpfSandbox(command_line, process_type);
   }
 #endif
   return false;