summaryrefslogtreecommitdiffstats
path: root/content/common/sandbox_init_linux.cc
diff options
context:
space:
mode:
authorcevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-07-03 18:46:51 +0000
committercevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-07-03 18:46:51 +0000
commitf443fb3880c4d41a99e1f81ecbd7bbac8dbb914b (patch)
treea00464a9ca458312197180b177807c6a27d8ba57 /content/common/sandbox_init_linux.cc
parent4a53407481d286a14c5aad2998b4439822f53fa1 (diff)
downloadchromium_src-f443fb3880c4d41a99e1f81ecbd7bbac8dbb914b.zip
chromium_src-f443fb3880c4d41a99e1f81ecbd7bbac8dbb914b.tar.gz
chromium_src-f443fb3880c4d41a99e1f81ecbd7bbac8dbb914b.tar.bz2
Some GPU and Flash policy tweaks.
BUG=135583 Review URL: https://chromiumcodereview.appspot.com/10701077 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145346 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_init_linux.cc')
-rw-r--r--content/common/sandbox_init_linux.cc5
1 files changed, 5 insertions, 0 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index e4c9496..36a6f29 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -165,6 +165,8 @@ playground2::Sandbox::ErrorCode GpuProcessPolicy(int sysno) {
return playground2::Sandbox::SB_ALLOWED;
case __NR_socket:
return EACCES; // Nvidia binary driver.
+ case __NR_fchmod:
+ return EPERM; // ATI binary driver.
default:
if (IsGettimeSyscall(sysno) ||
IsKillSyscall(sysno)) { // GPU watchdog.
@@ -220,6 +222,7 @@ playground2::Sandbox::ErrorCode FlashProcessPolicy(int sysno) {
case __NR_sched_yield:
case __NR_shutdown:
case __NR_sched_getaffinity:
+ case __NR_sched_setscheduler:
case __NR_dup: // Flash Access.
// These are under investigation, and hopefully not here for the long term.
case __NR_shmctl:
@@ -228,6 +231,8 @@ playground2::Sandbox::ErrorCode FlashProcessPolicy(int sysno) {
return playground2::Sandbox::SB_ALLOWED;
case __NR_ioctl:
return ENOTTY; // Flash Access.
+ case __NR_socket:
+ return EACCES;
default:
if (IsGettimeSyscall(sysno) ||