Chromium Code Reviews Chromium Code Reviews
Issue 333823002:
Apply renderer sandbox to utility processes. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/common/sandbox_linux/bpf_utility_policy_linux.cc |
| diff --git a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc b/content/common/sandbox_linux/bpf_utility_policy_linux.cc |
| similarity index 80% |
| copy from content/common/sandbox_linux/bpf_renderer_policy_linux.cc |
| copy to content/common/sandbox_linux/bpf_utility_policy_linux.cc |
| index db5201018071c169ed9921433fa7895df978633a..466d7d5459566c73eae138ccff1ca4ee256f2b57 100644 |
| --- a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc |
| +++ b/content/common/sandbox_linux/bpf_utility_policy_linux.cc |
| @@ -1,8 +1,8 @@ |
| -// Copyright 2013 The Chromium Authors. All rights reserved. |
| +// Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| -#include "content/common/sandbox_linux/bpf_renderer_policy_linux.h" |
| +#include "content/common/sandbox_linux/bpf_utility_policy_linux.h" |
| #include <errno.h> |
| @@ -18,11 +18,14 @@ using sandbox::SyscallSets; |
| namespace content { |
| -RendererProcessPolicy::RendererProcessPolicy() {} |
| -RendererProcessPolicy::~RendererProcessPolicy() {} |
| +UtilityProcessPolicy::UtilityProcessPolicy() { |
| +} |
| +UtilityProcessPolicy::~UtilityProcessPolicy() { |
| +} |
| -ErrorCode RendererProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, |
| - int sysno) const { |
| +ErrorCode UtilityProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, |
| + int sysno) const { |
| + // TODO(mdempsky): See if we can limit these further. |
|
jln (very slow on Chromium)
2014/06/25 00:28:08
Let's mention explicitly that this is a fork of th
mdempsky
2014/06/25 00:43:30
Done.
|
| switch (sysno) { |
| case __NR_ioctl: |
| return sandbox::RestrictIoctl(sandbox); |
