diff options
author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-03 18:46:51 +0000 |
---|---|---|
committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-03 18:46:51 +0000 |
commit | f443fb3880c4d41a99e1f81ecbd7bbac8dbb914b (patch) | |
tree | a00464a9ca458312197180b177807c6a27d8ba57 /content/common/sandbox_init_linux.cc | |
parent | 4a53407481d286a14c5aad2998b4439822f53fa1 (diff) | |
download | chromium_src-f443fb3880c4d41a99e1f81ecbd7bbac8dbb914b.zip chromium_src-f443fb3880c4d41a99e1f81ecbd7bbac8dbb914b.tar.gz chromium_src-f443fb3880c4d41a99e1f81ecbd7bbac8dbb914b.tar.bz2 |
Some GPU and Flash policy tweaks.
BUG=135583
Review URL: https://chromiumcodereview.appspot.com/10701077
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145346 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_init_linux.cc')
-rw-r--r-- | content/common/sandbox_init_linux.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc index e4c9496..36a6f29 100644 --- a/content/common/sandbox_init_linux.cc +++ b/content/common/sandbox_init_linux.cc @@ -165,6 +165,8 @@ playground2::Sandbox::ErrorCode GpuProcessPolicy(int sysno) { return playground2::Sandbox::SB_ALLOWED; case __NR_socket: return EACCES; // Nvidia binary driver. + case __NR_fchmod: + return EPERM; // ATI binary driver. default: if (IsGettimeSyscall(sysno) || IsKillSyscall(sysno)) { // GPU watchdog. @@ -220,6 +222,7 @@ playground2::Sandbox::ErrorCode FlashProcessPolicy(int sysno) { case __NR_sched_yield: case __NR_shutdown: case __NR_sched_getaffinity: + case __NR_sched_setscheduler: case __NR_dup: // Flash Access. // These are under investigation, and hopefully not here for the long term. case __NR_shmctl: @@ -228,6 +231,8 @@ playground2::Sandbox::ErrorCode FlashProcessPolicy(int sysno) { return playground2::Sandbox::SB_ALLOWED; case __NR_ioctl: return ENOTTY; // Flash Access. + case __NR_socket: + return EACCES; default: if (IsGettimeSyscall(sysno) || |