diff options
author | riku.voipio <riku.voipio@linaro.org> | 2016-03-01 08:02:43 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-01 16:04:08 +0000 |
commit | 4e8083b4ab953ba298aedfc4e79d464be15e4012 (patch) | |
tree | 6af47352a833a7101f0f218912d0cfc4c2b5a711 /content/common/sandbox_linux | |
parent | 432cd6e477aa68037aa0f836b96fcc194ec2bd31 (diff) | |
download | chromium_src-4e8083b4ab953ba298aedfc4e79d464be15e4012.zip chromium_src-4e8083b4ab953ba298aedfc4e79d464be15e4012.tar.gz chromium_src-4e8083b4ab953ba298aedfc4e79d464be15e4012.tar.bz2 |
Linux Sandbox: whitelist arm64 syscalls
On debian/arm64, two syscalls needed whitelisting for chromium to work with seccomp:
epoll_pwait, replacing epoll_wait which is a legacy syscall not available on arm64. epoll_wait implmentation in glibc calls epoll_pwait behind scenes, so this needs to be enabled.
getrlimit, missing #ifdef for arm64 in several policy definitions. test for arm64 added for each case.
BUG=581018
R=keescook@chromium.org,jln@chromium.org,rsesek@chromium.org
TEST=Start chrome on arm64 with seccomp enabled kernel
Review URL: https://codereview.chromium.org/1613883002
Cr-Commit-Position: refs/heads/master@{#378440}
Diffstat (limited to 'content/common/sandbox_linux')
-rw-r--r-- | content/common/sandbox_linux/bpf_renderer_policy_linux.cc | 3 | ||||
-rw-r--r-- | content/common/sandbox_linux/bpf_utility_policy_linux.cc | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc index e799273..993e2a5 100644 --- a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc +++ b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc @@ -60,7 +60,8 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const { // Allow the system calls below. case __NR_fdatasync: case __NR_fsync: -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__aarch64__) case __NR_getrlimit: #endif #if defined(__i386__) || defined(__arm__) diff --git a/content/common/sandbox_linux/bpf_utility_policy_linux.cc b/content/common/sandbox_linux/bpf_utility_policy_linux.cc index 3ead1c8..1336796 100644 --- a/content/common/sandbox_linux/bpf_utility_policy_linux.cc +++ b/content/common/sandbox_linux/bpf_utility_policy_linux.cc @@ -32,7 +32,8 @@ ResultExpr UtilityProcessPolicy::EvaluateSyscall(int sysno) const { // Allow the system calls below. case __NR_fdatasync: case __NR_fsync: -#if defined(__i386__) || defined(__x86_64__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__aarch64__) case __NR_getrlimit: #endif #if defined(__i386__) || defined(__arm__) |