content/common/sandbox_seccomp_bpf_linux.cc - Issue 11411254: SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 11411254: SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Another attempt at fixing the rebase Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/sandbox_seccomp_bpf_linux.cc

diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc

index 8761e896447f7daed93724160748c41d1b0baaea..7c58fc3cdc4dbfbbddea2fee300b7e18b5226c19 100644

--- a/content/common/sandbox_seccomp_bpf_linux.cc

+++ b/content/common/sandbox_seccomp_bpf_linux.cc

@@ -1297,7 +1297,7 @@ ErrorCode FlashProcessPolicy(int sysno, void *) {

}

ErrorCode BlacklistDebugAndNumaPolicy(int sysno, void *) {

- if (!Sandbox::isValidSyscallNumber(sysno)) {

+ if (!Sandbox::IsValidSyscallNumber(sysno)) {

// TODO(jln) we should not have to do that in a trivial policy.

return ErrorCode(ENOSYS);

}

@@ -1312,7 +1312,7 @@ ErrorCode BlacklistDebugAndNumaPolicy(int sysno, void *) {

// This will still deny x32 or IA32 calls in 64 bits mode or

// 64 bits system calls in compatibility mode.

ErrorCode AllowAllPolicy(int sysno, void *) {

- if (!Sandbox::isValidSyscallNumber(sysno)) {

+ if (!Sandbox::IsValidSyscallNumber(sysno)) {

// TODO(jln) we should not have to do that in a trivial policy.

return ErrorCode(ENOSYS);

} else {

@@ -1402,8 +1402,8 @@ Sandbox::EvaluateSyscall GetProcessSyscallPolicy(

void StartSandboxWithPolicy(Sandbox::EvaluateSyscall syscall_policy,

BrokerProcess* broker_process) {

- Sandbox::setSandboxPolicy(syscall_policy, broker_process);

- Sandbox::startSandbox();

+ Sandbox::SetSandboxPolicy(syscall_policy, broker_process);

+ Sandbox::StartSandbox();

}

// Initialize the seccomp-bpf sandbox.

@@ -1456,7 +1456,7 @@ bool SandboxSeccompBpf::SupportsSandbox() {

// TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton

// here.

Sandbox::SandboxStatus bpf_sandbox_status =

- Sandbox::supportsSeccompSandbox(-1);

+ Sandbox::SupportsSeccompSandbox(-1);

// Kernel support is what we are interested in here. Other status

// such as STATUS_UNAVAILABLE (has threads) still indicate kernel support.

// We make this a negative check, since if there is a bug, we would rather

« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/bpf_tests.h » ('j') | no next file with comments »