content/common/sandbox_seccomp_bpf_linux.cc - Issue 11411254: SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 11411254: SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Addressed comments and fixed death tests Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/sandbox_seccomp_bpf_linux.cc

diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc

index 5491e8b79fa37b10e7ded6aa4c31970f258c087c..f495f2b93e5205847ef4e525ac444f276e3d3d42 100644

--- a/content/common/sandbox_seccomp_bpf_linux.cc

+++ b/content/common/sandbox_seccomp_bpf_linux.cc

@@ -1335,7 +1335,7 @@ ErrorCode FlashProcessPolicy(int sysno, void *) {

}

ErrorCode BlacklistDebugAndNumaPolicy(int sysno, void *) {

- if (!Sandbox::isValidSyscallNumber(sysno)) {

+ if (!Sandbox::IsValidSyscallNumber(sysno)) {

// TODO(jln) we should not have to do that in a trivial policy.

return ErrorCode(ENOSYS);

}

@@ -1350,7 +1350,7 @@ ErrorCode BlacklistDebugAndNumaPolicy(int sysno, void *) {

// This will still deny x32 or IA32 calls in 64 bits mode or

// 64 bits system calls in compatibility mode.

ErrorCode AllowAllPolicy(int sysno, void *) {

- if (!Sandbox::isValidSyscallNumber(sysno)) {

+ if (!Sandbox::IsValidSyscallNumber(sysno)) {

// TODO(jln) we should not have to do that in a trivial policy.

return ErrorCode(ENOSYS);

} else {

@@ -1418,8 +1418,8 @@ bool StartBpfSandbox(const CommandLine& command_line,

// Warms up resources needed by the policy we're about to enable.

WarmupPolicy(SyscallPolicy);

- Sandbox::setSandboxPolicy(SyscallPolicy, NULL);

- Sandbox::startSandbox();

+ Sandbox::SetSandboxPolicy(SyscallPolicy, NULL);

+ Sandbox::StartSandbox();

return true;

}

@@ -1458,7 +1458,7 @@ bool SandboxSeccompBpf::SupportsSandbox() {

// TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton

// here.

Sandbox::SandboxStatus bpf_sandbox_status =

- Sandbox::supportsSeccompSandbox(-1);

+ Sandbox::SupportsSeccompSandbox(-1);

// Kernel support is what we are interested in here. Other status

// such as STATUS_UNAVAILABLE (has threads) still indicate kernel support.

// We make this a negative check, since if there is a bug, we would rather

« no previous file with comments | « no previous file | sandbox/linux/sandbox_linux.gypi » ('j') | sandbox/linux/sandbox_linux.gypi » ('J')