Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(592)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 11096012: Add a platform-specific syscall number iterator. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Rename #define's and extract ARM private syscall logic. Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/linux/sandbox_linux.gypi » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <asm/unistd.h> 5 #include <asm/unistd.h>
6 #include <dlfcn.h> 6 #include <dlfcn.h>
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <linux/audit.h> 9 #include <linux/audit.h>
10 #include <linux/filter.h> 10 #include <linux/filter.h>
(...skipping 1402 matching lines...) Expand 10 before | Expand all | Expand 10 after
1413 #if defined(__arm__) 1413 #if defined(__arm__)
1414 // We disable the sandbox on ARM for now until crbug.com/148856 is fixed. 1414 // We disable the sandbox on ARM for now until crbug.com/148856 is fixed.
1415 return false; 1415 return false;
1416 #else 1416 #else
1417 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); 1417 const CommandLine& command_line = *CommandLine::ForCurrentProcess();
1418 if (process_type == switches::kGpuProcess) 1418 if (process_type == switches::kGpuProcess)
1419 return !command_line.HasSwitch(switches::kDisableGpuSandbox); 1419 return !command_line.HasSwitch(switches::kDisableGpuSandbox);
1420 1420
1421 return true; 1421 return true;
1422 #endif // __arm__ 1422 #endif // __arm__
1423 #endif // process_type 1423 #endif // SECCOMP_BPF_SANDBOX
1424 return false; 1424 return false;
1425 } 1425 }
1426 1426
1427 bool SandboxSeccompBpf::SupportsSandbox() { 1427 bool SandboxSeccompBpf::SupportsSandbox() {
1428 #if defined(SECCOMP_BPF_SANDBOX) 1428 #if defined(SECCOMP_BPF_SANDBOX)
1429 // TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton 1429 // TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton
1430 // here. 1430 // here.
1431 if (Sandbox::supportsSeccompSandbox(-1) == 1431 if (Sandbox::supportsSeccompSandbox(-1) ==
1432 Sandbox::STATUS_AVAILABLE) { 1432 Sandbox::STATUS_AVAILABLE) {
1433 return true; 1433 return true;
(...skipping 10 matching lines...) Expand all
1444 // Process-specific policy. 1444 // Process-specific policy.
1445 ShouldEnableSeccompBpf(process_type) && 1445 ShouldEnableSeccompBpf(process_type) &&
1446 SupportsSandbox()) { 1446 SupportsSandbox()) {
1447 return StartBpfSandbox(command_line, process_type); 1447 return StartBpfSandbox(command_line, process_type);
1448 } 1448 }
1449 #endif 1449 #endif
1450 return false; 1450 return false;
1451 } 1451 }
1452 1452
1453 } // namespace content 1453 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/sandbox_linux.gypi » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698