Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(118)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 10920057: Linux: initialize the sandbox in the utility process. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | content/utility/utility_main.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <asm/unistd.h> 5 #include <asm/unistd.h>
6 #include <dlfcn.h> 6 #include <dlfcn.h>
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <linux/audit.h> 9 #include <linux/audit.h>
10 #include <linux/filter.h> 10 #include <linux/filter.h>
(...skipping 1347 matching lines...) Expand 10 before | Expand all | Expand 10 after
1358 // TODO(jln): figure out what to do with non-Flash PPAPI 1358 // TODO(jln): figure out what to do with non-Flash PPAPI
1359 // out-of-process plug-ins. 1359 // out-of-process plug-ins.
1360 return FlashProcessPolicy_x86_64; 1360 return FlashProcessPolicy_x86_64;
1361 } 1361 }
1362 1362
1363 if (process_type == switches::kRendererProcess || 1363 if (process_type == switches::kRendererProcess ||
1364 process_type == switches::kWorkerProcess) { 1364 process_type == switches::kWorkerProcess) {
1365 return RendererOrWorkerProcessPolicy_x86_64; 1365 return RendererOrWorkerProcessPolicy_x86_64;
1366 } 1366 }
1367 1367
1368 if (process_type == switches::kUtilityProcess) {
1369 return BlacklistDebugAndNumaPolicy;
1370 }
1371
1368 NOTREACHED(); 1372 NOTREACHED();
1369 // This will be our default if we need one. 1373 // This will be our default if we need one.
1370 return AllowAllPolicy; 1374 return AllowAllPolicy;
1371 #else 1375 #else
1372 // On other architectures (currently IA32 or ARM), 1376 // On other architectures (currently IA32 or ARM),
1373 // we only have a small blacklist at the moment. 1377 // we only have a small blacklist at the moment.
1374 (void) process_type; 1378 (void) process_type;
1375 return BlacklistDebugAndNumaPolicy; 1379 return BlacklistDebugAndNumaPolicy;
1376 #endif // __x86_64__ 1380 #endif // __x86_64__
1377 } 1381 }
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
1440 // Process-specific policy. 1444 // Process-specific policy.
1441 ShouldEnableSeccompBpf(process_type) && 1445 ShouldEnableSeccompBpf(process_type) &&
1442 SupportsSandbox()) { 1446 SupportsSandbox()) {
1443 return StartBpfSandbox(command_line, process_type); 1447 return StartBpfSandbox(command_line, process_type);
1444 } 1448 }
1445 #endif 1449 #endif
1446 return false; 1450 return false;
1447 } 1451 }
1448 1452
1449 } // namespace content 1453 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/utility/utility_main.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698