| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 return sandbox::RestrictIoctl(sandbox); | 28 return sandbox::RestrictIoctl(sandbox); |
| 29 case __NR_prctl: | 29 case __NR_prctl: |
| 30 return sandbox::RestrictPrctl(sandbox); | 30 return sandbox::RestrictPrctl(sandbox); |
| 31 // Allow the system calls below. | 31 // Allow the system calls below. |
| 32 // The baseline policy allows __NR_clock_gettime. Allow | 32 // The baseline policy allows __NR_clock_gettime. Allow |
| 33 // clock_getres() for V8. crbug.com/329053. | 33 // clock_getres() for V8. crbug.com/329053. |
| 34 case __NR_clock_getres: | 34 case __NR_clock_getres: |
| 35 case __NR_fdatasync: | 35 case __NR_fdatasync: |
| 36 case __NR_fsync: | 36 case __NR_fsync: |
| 37 case __NR_getpriority: | 37 case __NR_getpriority: |
| 38 #if defined(__i386__) || defined(__x86_64__) | 38 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 39 case __NR_getrlimit: | 39 case __NR_getrlimit: |
| 40 #endif | 40 #endif |
| 41 #if defined(__i386__) || defined(__arm__) | 41 #if defined(__i386__) || defined(__arm__) |
| 42 case __NR_ugetrlimit: | 42 case __NR_ugetrlimit: |
| 43 #endif | 43 #endif |
| 44 case __NR_mremap: // See crbug.com/149834. | 44 case __NR_mremap: // See crbug.com/149834. |
| 45 case __NR_pread64: | 45 case __NR_pread64: |
| 46 case __NR_pwrite64: | 46 case __NR_pwrite64: |
| 47 case __NR_sched_getaffinity: | 47 case __NR_sched_getaffinity: |
| 48 case __NR_sched_get_priority_max: | 48 case __NR_sched_get_priority_max: |
| 49 case __NR_sched_get_priority_min: | 49 case __NR_sched_get_priority_min: |
| 50 case __NR_sched_getparam: | 50 case __NR_sched_getparam: |
| 51 case __NR_sched_getscheduler: | 51 case __NR_sched_getscheduler: |
| 52 case __NR_sched_setscheduler: | 52 case __NR_sched_setscheduler: |
| 53 case __NR_setpriority: | 53 case __NR_setpriority: |
| 54 case __NR_sysinfo: | 54 case __NR_sysinfo: |
| 55 case __NR_times: | 55 case __NR_times: |
| 56 case __NR_uname: | 56 case __NR_uname: |
| 57 return ErrorCode(ErrorCode::ERR_ALLOWED); | 57 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 58 case __NR_prlimit64: | 58 case __NR_prlimit64: |
| 59 return ErrorCode(EPERM); // See crbug.com/160157. | 59 return ErrorCode(EPERM); // See crbug.com/160157. |
| 60 default: | 60 default: |
| 61 // Default on the content baseline policy. | 61 // Default on the content baseline policy. |
| 62 return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); | 62 return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); |
| 63 } | 63 } |
| 64 } | 64 } |
| 65 | 65 |
| 66 } // namespace content | 66 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master