diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-04 22:24:16 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-04 22:24:16 +0000 |
| commit | f29bf1b43557870f5f1b7dd1ac45323cddc43458 (patch) | |
| tree | ad3d5fd4e90e511763c626b8b41cb24ab6172032 /content | |
| parent | e5578b17d88fd9922b1b5b6e4edfce7b1bb57bef (diff) | |
| download | chromium_src-f29bf1b43557870f5f1b7dd1ac45323cddc43458.zip chromium_src-f29bf1b43557870f5f1b7dd1ac45323cddc43458.tar.gz chromium_src-f29bf1b43557870f5f1b7dd1ac45323cddc43458.tar.bz2 | |
Add a couple more syscalls for the Nvidia binary driver, based on a real-world
strace from a failing machine.
Also one more Flash policy tweak.
BUG=125712
Review URL: https://chromiumcodereview.appspot.com/10383010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@135461 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
| -rw-r--r-- | content/common/sandbox_init_linux.cc | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc index 370f369..99f631b 100644 --- a/content/common/sandbox_init_linux.cc +++ b/content/common/sandbox_init_linux.cc @@ -187,6 +187,11 @@ static void EmitAllowKillSelf(int signal, EmitAllowSyscallArgN(__NR_kill, 2, signal, program); } +static void EmitAllowGettime(std::vector<struct sock_filter>* program) { + EmitAllowSyscall(__NR_clock_gettime, program); + EmitAllowSyscall(__NR_gettimeofday, program); +} + static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) { // "Hot" syscalls go first. EmitAllowSyscall(__NR_read, program); @@ -197,9 +202,10 @@ static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) { EmitAllowSyscall(__NR_write, program); EmitAllowSyscall(__NR_writev, program); EmitAllowSyscall(__NR_gettid, program); + EmitAllowSyscall(__NR_sched_yield, program); // Nvidia binary driver. + EmitAllowGettime(program); // Less hot syscalls. - EmitAllowSyscall(__NR_clock_gettime, program); EmitAllowSyscall(__NR_futex, program); EmitAllowSyscall(__NR_madvise, program); EmitAllowSyscall(__NR_sendmsg, program); @@ -231,8 +237,9 @@ static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) { EmitAllowSyscall(__NR_munlock, program); EmitAllowSyscall(__NR_exit, program); EmitAllowSyscall(__NR_exit_group, program); - EmitAllowSyscall(__NR_getpid, program); // Seen in Nvidia binary driver. - EmitAllowSyscall(__NR_getppid, program); // Seen in ATI binary driver. + EmitAllowSyscall(__NR_getpid, program); // Nvidia binary driver. + EmitAllowSyscall(__NR_getppid, program); // ATI binary driver. + EmitAllowSyscall(__NR_lseek, program); // Nvidia binary driver. EmitAllowKillSelf(SIGTERM, program); // GPU watchdog. // Generally, filename-based syscalls will fail with ENOENT to behave @@ -252,7 +259,7 @@ static void ApplyFlashPolicy(std::vector<struct sock_filter>* program) { EmitAllowSyscall(__NR_times, program); // Less hot syscalls. - EmitAllowSyscall(__NR_gettimeofday, program); + EmitAllowGettime(program); EmitAllowSyscall(__NR_clone, program); EmitAllowSyscall(__NR_set_robust_list, program); EmitAllowSyscall(__NR_getuid, program); |