summaryrefslogtreecommitdiffstats
path: root/content/common/sandbox_linux
diff options
context:
space:
mode:
authorriku.voipio <riku.voipio@linaro.org>2016-03-01 08:02:43 -0800
committerCommit bot <commit-bot@chromium.org>2016-03-01 16:04:08 +0000
commit4e8083b4ab953ba298aedfc4e79d464be15e4012 (patch)
tree6af47352a833a7101f0f218912d0cfc4c2b5a711 /content/common/sandbox_linux
parent432cd6e477aa68037aa0f836b96fcc194ec2bd31 (diff)
downloadchromium_src-4e8083b4ab953ba298aedfc4e79d464be15e4012.zip
chromium_src-4e8083b4ab953ba298aedfc4e79d464be15e4012.tar.gz
chromium_src-4e8083b4ab953ba298aedfc4e79d464be15e4012.tar.bz2
Linux Sandbox: whitelist arm64 syscalls
On debian/arm64, two syscalls needed whitelisting for chromium to work with seccomp: epoll_pwait, replacing epoll_wait which is a legacy syscall not available on arm64. epoll_wait implmentation in glibc calls epoll_pwait behind scenes, so this needs to be enabled. getrlimit, missing #ifdef for arm64 in several policy definitions. test for arm64 added for each case. BUG=581018 R=keescook@chromium.org,jln@chromium.org,rsesek@chromium.org TEST=Start chrome on arm64 with seccomp enabled kernel Review URL: https://codereview.chromium.org/1613883002 Cr-Commit-Position: refs/heads/master@{#378440}
Diffstat (limited to 'content/common/sandbox_linux')
-rw-r--r--content/common/sandbox_linux/bpf_renderer_policy_linux.cc3
-rw-r--r--content/common/sandbox_linux/bpf_utility_policy_linux.cc3
2 files changed, 4 insertions, 2 deletions
diff --git a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
index e799273..993e2a5 100644
--- a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
@@ -60,7 +60,8 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {
// Allow the system calls below.
case __NR_fdatasync:
case __NR_fsync:
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_getrlimit:
#endif
#if defined(__i386__) || defined(__arm__)
diff --git a/content/common/sandbox_linux/bpf_utility_policy_linux.cc b/content/common/sandbox_linux/bpf_utility_policy_linux.cc
index 3ead1c8..1336796 100644
--- a/content/common/sandbox_linux/bpf_utility_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_utility_policy_linux.cc
@@ -32,7 +32,8 @@ ResultExpr UtilityProcessPolicy::EvaluateSyscall(int sysno) const {
// Allow the system calls below.
case __NR_fdatasync:
case __NR_fsync:
-#if defined(__i386__) || defined(__x86_64__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_getrlimit:
#endif
#if defined(__i386__) || defined(__arm__)
generated by cgit v1.1 at 2024-06-18 09:36:34 +0000