| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(USE_SECCOMP_BPF) | 9 #if defined(USE_SECCOMP_BPF) |
| 10 | 10 |
| 11 #include <errno.h> | 11 #include <errno.h> |
| 12 #include <signal.h> | 12 #include <signal.h> |
| 13 #include <sys/ptrace.h> | 13 #include <sys/ptrace.h> |
| 14 #include <sys/types.h> | 14 #include <sys/types.h> |
| 15 #include <unistd.h> | 15 #include <unistd.h> |
| 16 | 16 |
| 17 #include "base/basictypes.h" | 17 #include "base/basictypes.h" |
| 18 #include "base/callback.h" | 18 #include "base/callback.h" |
| 19 #include "base/command_line.h" | 19 #include "base/command_line.h" |
| 20 #include "base/compiler_specific.h" | 20 #include "base/compiler_specific.h" |
| 21 #include "base/files/scoped_file.h" |
| 21 #include "base/logging.h" | 22 #include "base/logging.h" |
| 22 | 23 |
| 23 #include "components/nacl/common/nacl_switches.h" | 24 #include "components/nacl/common/nacl_switches.h" |
| 24 #include "content/public/common/sandbox_init.h" | 25 #include "content/public/common/sandbox_init.h" |
| 25 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 26 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 26 #include "sandbox/linux/bpf_dsl/policy.h" | 27 #include "sandbox/linux/bpf_dsl/policy.h" |
| 27 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 28 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 28 #include "sandbox/linux/services/linux_syscalls.h" | 29 #include "sandbox/linux/services/linux_syscalls.h" |
| 29 | 30 |
| 30 #endif // defined(USE_SECCOMP_BPF) | 31 #endif // defined(USE_SECCOMP_BPF) |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 154 } | 155 } |
| 155 | 156 |
| 156 } // namespace | 157 } // namespace |
| 157 | 158 |
| 158 #else | 159 #else |
| 159 | 160 |
| 160 #error "Seccomp-bpf disabled on supported architecture!" | 161 #error "Seccomp-bpf disabled on supported architecture!" |
| 161 | 162 |
| 162 #endif // defined(USE_SECCOMP_BPF) | 163 #endif // defined(USE_SECCOMP_BPF) |
| 163 | 164 |
| 164 bool InitializeBPFSandbox() { | 165 bool InitializeBPFSandbox(base::ScopedFD proc_task_fd) { |
| 165 #if defined(USE_SECCOMP_BPF) | 166 #if defined(USE_SECCOMP_BPF) |
| 166 bool sandbox_is_initialized = content::InitializeSandbox( | 167 bool sandbox_is_initialized = content::InitializeSandbox( |
| 167 scoped_ptr<sandbox::bpf_dsl::Policy>(new NaClBPFSandboxPolicy)); | 168 scoped_ptr<sandbox::bpf_dsl::Policy>(new NaClBPFSandboxPolicy), |
| 169 proc_task_fd.Pass()); |
| 168 if (sandbox_is_initialized) { | 170 if (sandbox_is_initialized) { |
| 169 RunSandboxSanityChecks(); | 171 RunSandboxSanityChecks(); |
| 170 return true; | 172 return true; |
| 171 } | 173 } |
| 172 #endif // defined(USE_SECCOMP_BPF) | 174 #endif // defined(USE_SECCOMP_BPF) |
| 173 return false; | 175 return false; |
| 174 } | 176 } |
| 175 | 177 |
| 176 } // namespace nacl | 178 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 733303004:
Linux sandbox: change API to start the sandbox (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master