Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(73)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_linux.h

Issue 280303002: Add sandbox support for AsanCoverage. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fix build error Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | content/common/sandbox_linux/sandbox_linux.cc » ('j') | content/zygote/zygote_main_linux.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
11 #include "base/memory/scoped_ptr.h" 11 #include "base/memory/scoped_ptr.h"
12 #include "content/public/common/sandbox_linux.h" 12 #include "content/public/common/sandbox_linux.h"
13 13
14 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
15 defined(LEAK_SANITIZER)
16 #include <sanitizer/common_interface_defs.h>
17 #endif
18
14 template <typename T> struct DefaultSingletonTraits; 19 template <typename T> struct DefaultSingletonTraits;
15 namespace base { 20 namespace base {
16 class Thread; 21 class Thread;
17 } 22 }
18 namespace sandbox { class SetuidSandboxClient; } 23 namespace sandbox { class SetuidSandboxClient; }
19 24
20 namespace content { 25 namespace content {
21 26
22 // A singleton class to represent and change our sandboxing state for the 27 // A singleton class to represent and change our sandboxing state for the
23 // three main Linux sandboxes. 28 // three main Linux sandboxes.
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
75 80
76 // Check the policy and eventually start the seccomp-bpf sandbox. This should 81 // Check the policy and eventually start the seccomp-bpf sandbox. This should
77 // never be called with threads started. If we detect that threads have 82 // never be called with threads started. If we detect that threads have
78 // started we will crash. 83 // started we will crash.
79 bool StartSeccompBPF(const std::string& process_type); 84 bool StartSeccompBPF(const std::string& process_type);
80 85
81 // Limit the address space of the current process (and its children). 86 // Limit the address space of the current process (and its children).
82 // to make some vulnerabilities harder to exploit. 87 // to make some vulnerabilities harder to exploit.
83 bool LimitAddressSpace(const std::string& process_type); 88 bool LimitAddressSpace(const std::string& process_type);
84 89
90 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
91 defined(LEAK_SANITIZER)
92 __sanitizer_sandbox_arguments* sanitizer_args() const {
93 return sanitizer_args_.get();
94 };
95 #endif
96
85 private: 97 private:
86 friend struct DefaultSingletonTraits<LinuxSandbox>; 98 friend struct DefaultSingletonTraits<LinuxSandbox>;
87 99
88 LinuxSandbox(); 100 LinuxSandbox();
89 ~LinuxSandbox(); 101 ~LinuxSandbox();
90 102
91 // Some methods are static and get an instance of the Singleton. These 103 // Some methods are static and get an instance of the Singleton. These
92 // are the non-static implementations. 104 // are the non-static implementations.
93 bool InitializeSandboxImpl(); 105 bool InitializeSandboxImpl();
94 void StopThreadImpl(base::Thread* thread); 106 void StopThreadImpl(base::Thread* thread);
(...skipping 18 matching lines...) Expand all
113 // ourselves sandboxed. 125 // ourselves sandboxed.
114 int proc_fd_; 126 int proc_fd_;
115 bool seccomp_bpf_started_; 127 bool seccomp_bpf_started_;
116 // The value returned by GetStatus(). Gets computed once and then cached. 128 // The value returned by GetStatus(). Gets computed once and then cached.
117 int sandbox_status_flags_; 129 int sandbox_status_flags_;
118 // Did PreinitializeSandbox() run? 130 // Did PreinitializeSandbox() run?
119 bool pre_initialized_; 131 bool pre_initialized_;
120 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. 132 bool seccomp_bpf_supported_; // Accurate if pre_initialized_.
121 bool yama_is_enforcing_; // Accurate if pre_initialized_. 133 bool yama_is_enforcing_; // Accurate if pre_initialized_.
122 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; 134 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
135 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
136 defined(LEAK_SANITIZER)
137 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;
138 #endif
123 139
124 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); 140 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox);
125 }; 141 };
126 142
127 } // namespace content 143 } // namespace content
128 144
129 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 145 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
OLDNEW
« no previous file with comments | « no previous file | content/common/sandbox_linux/sandbox_linux.cc » ('j') | content/zygote/zygote_main_linux.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698