summaryrefslogtreecommitdiffstats
path: root/content/common/sandbox_linux
diff options
context:
space:
mode:
authorsgurun <sgurun@chromium.org>2016-02-05 16:52:08 -0800
committerCommit bot <commit-bot@chromium.org>2016-02-06 00:53:40 +0000
commitd8166bd9a4c900c9a8079c9e7b4d3e750b497f51 (patch)
tree58911aa657808e7a4ac4087cebe65739dcf02e32 /content/common/sandbox_linux
parent13f285d4687f9e39204a3d7e0743da52d7ab6f1c (diff)
downloadchromium_src-d8166bd9a4c900c9a8079c9e7b4d3e750b497f51.zip
chromium_src-d8166bd9a4c900c9a8079c9e7b4d3e750b497f51.tar.gz
chromium_src-d8166bd9a4c900c9a8079c9e7b4d3e750b497f51.tar.bz2
Revert of [Android] Fix Microdump generation when Seccomp-BPF is enabled. (patchset #3 id:40001 of https://codereview.chromium.org/1669043003/ )
Reason for revert: broke android x86 builder. Bug: 584857 Original issue's description: > [Android] Fix Microdump generation when Seccomp-BPF is enabled. > > BUG=584518,439573 > > Committed: https://crrev.com/4fe32a5a3c3c5db910517f70f45ea03ee1c676ed > Cr-Commit-Position: refs/heads/master@{#373934} TBR=mdempsky@chromium.org,rsesek@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=584518,439573 Review URL: https://codereview.chromium.org/1671333003 Cr-Commit-Position: refs/heads/master@{#373978}
Diffstat (limited to 'content/common/sandbox_linux')
-rw-r--r--content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc40
1 files changed, 0 insertions, 40 deletions
diff --git a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
index 7074a2d..c3b1605 100644
--- a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
+++ b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
@@ -4,33 +4,17 @@
#include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h"
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/socket.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include "build/build_config.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-using sandbox::bpf_dsl::AllOf;
using sandbox::bpf_dsl::Allow;
-using sandbox::bpf_dsl::AnyOf;
-using sandbox::bpf_dsl::Arg;
-using sandbox::bpf_dsl::If;
-using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
namespace content {
-#ifndef SOCK_CLOEXEC
-#define SOCK_CLOEXEC O_CLOEXEC
-#endif
-
-#ifndef SOCK_NONBLOCK
-#define SOCK_NONBLOCK O_NONBLOCK
-#endif
-
SandboxBPFBasePolicyAndroid::SandboxBPFBasePolicyAndroid()
: SandboxBPFBasePolicy() {}
@@ -46,10 +30,8 @@ ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const {
case __NR_flock:
#if defined(__x86_64__) || defined(__aarch64__)
case __NR_newfstatat:
- case __NR_getdents64:
#elif defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_fstatat64:
- case __NR_getdents:
#endif
case __NR_getpriority:
case __NR_ioctl:
@@ -74,32 +56,10 @@ ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const {
case __NR_getrlimit:
#endif
case __NR_uname:
-
- // Permit socket operations so that renderers can connect to logd and
- // debuggerd. The arguments to socket() are further restricted below.
- case __NR_socket:
- case __NR_connect:
-
- // Ptrace is allowed so the Breakpad Microdumper can fork in a renderer
- // and then ptrace the parent.
- case __NR_ptrace:
override_and_allow = true;
break;
}
- if (sysno == __NR_socket) {
- const Arg<int> domain(0);
- const Arg<int> type(1);
- const Arg<int> protocol(2);
- const int kSockFlags = SOCK_CLOEXEC | SOCK_NONBLOCK;
- return If(AllOf(domain == AF_UNIX,
- AnyOf((type & ~kSockFlags) == SOCK_DGRAM,
- (type & ~kSockFlags) == SOCK_STREAM),
- protocol == 0),
- Allow())
- .Else(Error(EPERM));
- }
-
if (override_and_allow)
return Allow();
generated by cgit v1.1 at 2024-06-09 17:03:45 +0000