Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux.cc

Issue 14606009: Cleanup: Remove unneeded base/file_util.h includes in content. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/common/pepper_plugin_registry.cc ('k') | content/renderer/browser_plugin/browser_plugin_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <fcntl.h> 5 #include <fcntl.h>
6 #include <sys/resource.h> 6 #include <sys/resource.h>
7 #include <sys/stat.h> 7 #include <sys/stat.h>
8 #include <sys/time.h> 8 #include <sys/time.h>
9 #include <sys/types.h> 9 #include <sys/types.h>
10 10
11 #include <limits> 11 #include <limits>
12 12
13 #include "base/bind.h" 13 #include "base/bind.h"
14 #include "base/bind_helpers.h" 14 #include "base/bind_helpers.h"
15 #include "base/command_line.h" 15 #include "base/command_line.h"
16 #include "base/file_util.h"
17 #include "base/logging.h" 16 #include "base/logging.h"
18 #include "base/memory/singleton.h" 17 #include "base/memory/singleton.h"
19 #include "base/posix/eintr_wrapper.h" 18 #include "base/posix/eintr_wrapper.h"
20 #include "base/time.h" 19 #include "base/time.h"
21 #include "content/common/sandbox_linux.h" 20 #include "content/common/sandbox_linux.h"
22 #include "content/common/sandbox_seccomp_bpf_linux.h" 21 #include "content/common/sandbox_seccomp_bpf_linux.h"
23 #include "content/public/common/content_switches.h" 22 #include "content/public/common/content_switches.h"
24 #include "content/public/common/sandbox_linux.h" 23 #include "content/public/common/sandbox_linux.h"
25 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" 24 #include "sandbox/linux/suid/client/setuid_sandbox_client.h"
26 25
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
88 #if defined(ADDRESS_SANITIZER) && defined(OS_LINUX) 87 #if defined(ADDRESS_SANITIZER) && defined(OS_LINUX)
89 // ASan needs to open some resources before the sandbox is enabled. 88 // ASan needs to open some resources before the sandbox is enabled.
90 // This should not fork, not launch threads, not open a directory. 89 // This should not fork, not launch threads, not open a directory.
91 __sanitizer_sandbox_on_notify(/*reserved*/NULL); 90 __sanitizer_sandbox_on_notify(/*reserved*/NULL);
92 #endif 91 #endif
93 92
94 #if !defined(NDEBUG) 93 #if !defined(NDEBUG)
95 // Open proc_fd_ only in Debug mode so that forgetting to close it doesn't 94 // Open proc_fd_ only in Debug mode so that forgetting to close it doesn't
96 // produce a sandbox escape in Release mode. 95 // produce a sandbox escape in Release mode.
97 proc_fd_ = open("/proc", O_DIRECTORY | O_RDONLY); 96 proc_fd_ = open("/proc", O_DIRECTORY | O_RDONLY);
98 CHECK(proc_fd_ >= 0); 97 CHECK_GE(proc_fd_, 0);
99 #endif // !defined(NDEBUG) 98 #endif // !defined(NDEBUG)
100 // We "pre-warm" the code that detects supports for seccomp BPF. 99 // We "pre-warm" the code that detects supports for seccomp BPF.
101 if (SandboxSeccompBpf::IsSeccompBpfDesired()) { 100 if (SandboxSeccompBpf::IsSeccompBpfDesired()) {
102 if (!SandboxSeccompBpf::SupportsSandbox()) { 101 if (!SandboxSeccompBpf::SupportsSandbox()) {
103 VLOG(1) << "Lacking support for seccomp-bpf sandbox."; 102 VLOG(1) << "Lacking support for seccomp-bpf sandbox.";
104 } else { 103 } else {
105 seccomp_bpf_supported_ = true; 104 seccomp_bpf_supported_ = true;
106 } 105 }
107 } 106 }
108 pre_initialized_ = true; 107 pre_initialized_ = true;
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after
265 void LinuxSandbox::SealSandbox() { 264 void LinuxSandbox::SealSandbox() {
266 if (proc_fd_ >= 0) { 265 if (proc_fd_ >= 0) {
267 int ret = HANDLE_EINTR(close(proc_fd_)); 266 int ret = HANDLE_EINTR(close(proc_fd_));
268 CHECK_EQ(0, ret); 267 CHECK_EQ(0, ret);
269 proc_fd_ = -1; 268 proc_fd_ = -1;
270 } 269 }
271 } 270 }
272 271
273 } // namespace content 272 } // namespace content
274 273
OLDNEW
« no previous file with comments | « content/common/pepper_plugin_registry.cc ('k') | content/renderer/browser_plugin/browser_plugin_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698