OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/renderer_main_platform_delegate.h" | 5 #include "content/renderer/renderer_main_platform_delegate.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
9 | 9 |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 24 matching lines...) Expand all Loading... |
35 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox | 35 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox |
36 return true; | 36 return true; |
37 } | 37 } |
38 | 38 |
39 bool RendererMainPlatformDelegate::EnableSandbox() { | 39 bool RendererMainPlatformDelegate::EnableSandbox() { |
40 // The setuid sandbox is started in the zygote process: zygote_main_linux.cc | 40 // The setuid sandbox is started in the zygote process: zygote_main_linux.cc |
41 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox | 41 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox |
42 // | 42 // |
43 // The seccomp sandbox mode 1 (sandbox/linux/seccomp-legacy) and mode 2 | 43 // The seccomp sandbox mode 1 (sandbox/linux/seccomp-legacy) and mode 2 |
44 // (sandbox/linux/seccomp-bpf) are started in InitializeSandbox(). | 44 // (sandbox/linux/seccomp-bpf) are started in InitializeSandbox(). |
45 InitializeSandbox(); | 45 LinuxSandbox::InitializeSandbox(); |
46 return true; | 46 return true; |
47 } | 47 } |
48 | 48 |
49 void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { | 49 void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { |
50 // The LinuxSandbox class requires going through initialization before | 50 // The LinuxSandbox class requires going through initialization before |
51 // GetStatus() and others can be used. When we are not launched through the | 51 // GetStatus() and others can be used. When we are not launched through the |
52 // Zygote, this initialization will only happen in the renderer process if | 52 // Zygote, this initialization will only happen in the renderer process if |
53 // EnableSandbox() above is called, which it won't necesserily be. | 53 // EnableSandbox() above is called, which it won't necesserily be. |
54 // This only happens with flags such as --renderer-cmd-prefix which are | 54 // This only happens with flags such as --renderer-cmd-prefix which are |
55 // for debugging. | 55 // for debugging. |
(...skipping 21 matching lines...) Expand all Loading... |
77 errno = 0; | 77 errno = 0; |
78 // This should normally return EBADF since the first argument is bogus, | 78 // This should normally return EBADF since the first argument is bogus, |
79 // but we know that under the seccomp-bpf sandbox, this should return EPERM. | 79 // but we know that under the seccomp-bpf sandbox, this should return EPERM. |
80 CHECK_EQ(fchmod(-1, 07777), -1); | 80 CHECK_EQ(fchmod(-1, 07777), -1); |
81 CHECK_EQ(errno, EPERM); | 81 CHECK_EQ(errno, EPERM); |
82 } | 82 } |
83 #endif // __x86_64__ | 83 #endif // __x86_64__ |
84 } | 84 } |
85 | 85 |
86 } // namespace content | 86 } // namespace content |
OLD | NEW |