diff options
| author | nedeljko.babic@imgtec.com <nedeljko.babic@imgtec.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-25 09:03:43 +0000 |
|---|---|---|
| committer | nedeljko.babic@imgtec.com <nedeljko.babic@imgtec.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-25 09:03:43 +0000 |
| commit | 7281a3fb8d40c078afb319ca4afd80839fac3657 (patch) | |
| tree | c06635490d6613d0a6a8f8f286a81afcd960463a /components/nacl | |
| parent | 9522fad406dd161400daa518075828e47bd47f60 (diff) | |
| download | chromium_src-7281a3fb8d40c078afb319ca4afd80839fac3657.zip chromium_src-7281a3fb8d40c078afb319ca4afd80839fac3657.tar.gz chromium_src-7281a3fb8d40c078afb319ca4afd80839fac3657.tar.bz2 | |
[MIPS] Add seccomp bpf support
Add support for seccomp bpf sandboxing on MIPS architecture.
Enable testing of seccomp bpf sandbox.
Support for seccomp bpf for MIPS was added in Linux kernel version 3.15.
This patchset was reviewed in https://chromiumcodereview.appspot.com/260793003/ and re-created
to workaround a commit-queue issue.
BUG=369594
TEST=sandbox_linux_unittests
Review URL: https://codereview.chromium.org/409403003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@285538 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'components/nacl')
| -rw-r--r-- | components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc index af3b3f1..7939077 100644 --- a/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc +++ b/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc @@ -51,7 +51,7 @@ sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( switch (sysno) { // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, // see if it can be restricted a bit. -#if defined(__x86_64__) || defined(__arm__) +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) // transport_common.cc needs this. case __NR_accept: case __NR_setsockopt: @@ -61,7 +61,7 @@ sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is // used by NaCl's GDB debug stub. case __NR_rt_sigtimedwait: -#if defined(__i386__) +#if defined(__i386__) || defined(__mips__) // Needed on i386 to set-up the custom segments. case __NR_modify_ldt: #endif @@ -70,7 +70,7 @@ sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( // NaCl uses custom signal stacks. case __NR_sigaltstack: // Below is fairly similar to the policy for a Chromium renderer. -#if defined(__i386__) || defined(__x86_64__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) case __NR_getrlimit: #endif #if defined(__i386__) || defined(__arm__) @@ -120,9 +120,7 @@ void RunSandboxSanityChecks() { #else -#if !defined(ARCH_CPU_MIPS_FAMILY) #error "Seccomp-bpf disabled on supported architecture!" -#endif // !defined(ARCH_CPU_MIPS_FAMILY) #endif // defined(USE_SECCOMP_BPF) |