content/common/sandbox_linux.h - Issue 10843042: Create a class for seccomp-bpf sandboxing in content.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_linux.h

Issue 10843042: Create a class for seccomp-bpf sandboxing in content. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase on top of tree. Created 8 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/sandbox_linux.h

diff --git a/content/common/sandbox_linux.h b/content/common/sandbox_linux.h

index 8502dfb372450d49e99c66d8eda1a35ffbbeea5a..8855c31f8d1a53a8277df54f09484ea48a4f47db 100644

--- a/content/common/sandbox_linux.h

+++ b/content/common/sandbox_linux.h

@@ -5,14 +5,12 @@

#ifndef CONTENT_COMMON_SANDBOX_LINUX_H_

#define CONTENT_COMMON_SANDBOX_LINUX_H_

+#include <string>

+#include "base/basictypes.h"

#include "base/memory/scoped_ptr.h"

#include "content/public/common/sandbox_linux.h"

-// TODO(jln) move this somewhere else.

-#if defined(__i386__) || defined(__x86_64__)

-#define SECCOMP_BPF_SANDBOX

-#endif

template <typename T> struct DefaultSingletonTraits;

namespace sandbox { class SetuidSandboxClient; }

@@ -60,7 +58,9 @@ class LinuxSandbox {

// Since we need to provide the status before the sandboxes are actually

// started, this returns what will actually happen once the various Start*

// functions are called from inside a renderer.

- int GetStatus();

+ int GetStatus() const;

+ // Is the current process single threaded ?

+ bool IsSingleThreaded() const;

// Simple accessor for our instance of the setuid sandbox. Will never return

// NULL.

@@ -71,21 +71,24 @@ class LinuxSandbox {

// Check the policy and eventually start the seccomp-legacy sandbox.

bool StartSeccompLegacy(const std::string& process_type);

// Check the policy and eventually start the seccomp-bpf sandbox.

- // TODO(jln): not implemented at the moment.

bool StartSeccompBpf(const std::string& process_type);

private:

friend struct DefaultSingletonTraits<LinuxSandbox>;

- bool ShouldEnableSeccompLegacy(const std::string& process_type);

+ // We must have been pre_initialized_ before using either of these.

+ bool seccomp_legacy_supported() const;

+ bool seccomp_bpf_supported() const;

int proc_fd_;

// Have we been through PreinitializeSandbox or PreinitializeSandboxBegin ?

bool pre_initialized_;

bool seccomp_legacy_supported_; // Accurate if pre_initialized_.

+ bool seccomp_bpf_supported_; // Accurate if pre_initialized_.

scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;

- LinuxSandbox();

~LinuxSandbox();

- DISALLOW_COPY_AND_ASSIGN(LinuxSandbox);

+ DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox);

};

} // namespace content

« no previous file with comments | « content/common/sandbox_init_linux.cc ('k') | content/common/sandbox_linux.cc » ('j') | no next file with comments »