content/common/sandbox_linux/bpf_renderer_policy_linux.cc - Issue 260793003: [MIPS] Add seccomp bpf support

Side by Side Diff: content/common/sandbox_linux/bpf_renderer_policy_linux.cc

Issue 260793003: [MIPS] Add seccomp bpf support (Closed) Base URL: https://git.chromium.org/git/chromium/src.git@master

Patch Set: Rebase. Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/common/sandbox_linux/bpf_gpu_policy_linux.cc ('K') | « content/common/sandbox_linux/bpf_gpu_policy_linux.cc ('k') | content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc » ('j') | sandbox/linux/sandbox_linux.gypi » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h"	5 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8	8

9 #include "base/basictypes.h"	9 #include "base/basictypes.h"

10 #include "build/build_config.h"	10 #include "build/build_config.h"

(...skipping 19 matching lines...) Expand all Loading...
30 return sandbox::RestrictIoctl(sandbox);	30 return sandbox::RestrictIoctl(sandbox);

31 case __NR_prctl:	31 case __NR_prctl:

32 return sandbox::RestrictPrctl(sandbox);	32 return sandbox::RestrictPrctl(sandbox);

33 // Allow the system calls below.	33 // Allow the system calls below.

34 // The baseline policy allows __NR_clock_gettime. Allow	34 // The baseline policy allows __NR_clock_gettime. Allow

35 // clock_getres() for V8. crbug.com/329053.	35 // clock_getres() for V8. crbug.com/329053.

36 case __NR_clock_getres:	36 case __NR_clock_getres:

37 case __NR_fdatasync:	37 case __NR_fdatasync:

38 case __NR_fsync:	38 case __NR_fsync:

39 case __NR_getpriority:	39 case __NR_getpriority:

40 #if defined(__i386__) \|\| defined(__x86_64__)	40 #if defined(__i386__) \|\| defined(__x86_64__) \|\| defined(__mips__)

41 case __NR_getrlimit:	41 case __NR_getrlimit:

42 #endif	42 #endif

43 #if defined(__i386__) \|\| defined(__arm__)	43 #if defined(__i386__) \|\| defined(__arm__)

44 case __NR_ugetrlimit:	44 case __NR_ugetrlimit:

45 #endif	45 #endif

46 case __NR_mremap: // See crbug.com/149834.	46 case __NR_mremap: // See crbug.com/149834.

47 case __NR_pread64:	47 case __NR_pread64:

48 case __NR_pwrite64:	48 case __NR_pwrite64:

49 case __NR_sched_getaffinity:	49 case __NR_sched_getaffinity:

50 case __NR_sched_get_priority_max:	50 case __NR_sched_get_priority_max:

51 case __NR_sched_get_priority_min:	51 case __NR_sched_get_priority_min:

52 case __NR_sched_getparam:	52 case __NR_sched_getparam:

53 case __NR_sched_getscheduler:	53 case __NR_sched_getscheduler:

54 case __NR_sched_setscheduler:	54 case __NR_sched_setscheduler:

55 case __NR_setpriority:	55 case __NR_setpriority:

56 case __NR_sysinfo:	56 case __NR_sysinfo:

57 case __NR_times:	57 case __NR_times:

58 case __NR_uname:	58 case __NR_uname:

59 return ErrorCode(ErrorCode::ERR_ALLOWED);	59 return ErrorCode(ErrorCode::ERR_ALLOWED);

60 case __NR_prlimit64:	60 case __NR_prlimit64:

61 return ErrorCode(EPERM); // See crbug.com/160157.	61 return ErrorCode(EPERM); // See crbug.com/160157.

62 default:	62 default:

63 // Default on the content baseline policy.	63 // Default on the content baseline policy.

64 return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno);	64 return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno);

65 }	65 }

66 }	66 }

67	67

68 } // namespace content	68 } // namespace content

OLD	NEW