diff options
| author | mdempsky@chromium.org <mdempsky@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-13 23:32:58 +0000 |
|---|---|---|
| committer | mdempsky@chromium.org <mdempsky@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-13 23:32:58 +0000 |
| commit | a9a8e2f5c9ed51373ea26c7aca8ab1138c624c94 (patch) | |
| tree | cea3beb821a1d8710f4567bea1afc8a142f85c05 /components/nacl/common | |
| parent | 9d7a61b20ab22d310a42b7cab739c5c4aa4c45c2 (diff) | |
| download | chromium_src-a9a8e2f5c9ed51373ea26c7aca8ab1138c624c94.zip chromium_src-a9a8e2f5c9ed51373ea26c7aca8ab1138c624c94.tar.gz chromium_src-a9a8e2f5c9ed51373ea26c7aca8ab1138c624c94.tar.bz2 | |
Split NaCl SFI and non-SFI helpers into separate processes
With this change, NaCl SFI and non-SFI processes now run in disjoint
PID namespaces, so the kernel should prevent sending signals from an SFI
process to a non-SFI process, or vice versa. (The NaCl PID namespaces
are still nested within the renderer's PID namespace though.)
BUG=364945
NOTRY=true
Review URL: https://codereview.chromium.org/279693002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@270244 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'components/nacl/common')
| -rw-r--r-- | components/nacl/common/nacl_nonsfi_util.cc | 24 | ||||
| -rw-r--r-- | components/nacl/common/nacl_nonsfi_util.h | 18 |
2 files changed, 42 insertions, 0 deletions
diff --git a/components/nacl/common/nacl_nonsfi_util.cc b/components/nacl/common/nacl_nonsfi_util.cc new file mode 100644 index 0000000..d56cea6 --- /dev/null +++ b/components/nacl/common/nacl_nonsfi_util.cc @@ -0,0 +1,24 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/nacl/common/nacl_nonsfi_util.h" + +#include "base/command_line.h" +#include "build/build_config.h" +#include "components/nacl/common/nacl_switches.h" + +namespace nacl { + +bool IsNonSFIModeEnabled() { +#if defined(OS_CHROMEOS) && defined(ARCH_CPU_ARMEL) + return true; +#elif defined(OS_LINUX) + return CommandLine::ForCurrentProcess()->HasSwitch( + switches::kEnableNaClNonSfiMode); +#else + return false; +#endif +} + +} // namespace nacl diff --git a/components/nacl/common/nacl_nonsfi_util.h b/components/nacl/common/nacl_nonsfi_util.h new file mode 100644 index 0000000..07c033f --- /dev/null +++ b/components/nacl/common/nacl_nonsfi_util.h @@ -0,0 +1,18 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_NACL_COMMON_NACL_NONSFI_UTIL_H_ +#define COMPONENTS_NACL_COMMON_NACL_NONSFI_UTIL_H_ + +namespace nacl { + +// Returns true if non-SFI mode *can* run on the current platform and if non-SFI +// manifest entries are preferred. There can be other restrictions which +// prevent a particular module from launching. See NaClProcessHost::Launch +// which makes the final determination. +bool IsNonSFIModeEnabled(); + +} // namespace nacl + +#endif // COMPONENTS_NACL_COMMON_NACL_NONSFI_UTIL_H_ |