diff options
author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-10 22:18:42 +0000 |
---|---|---|
committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-10 22:18:42 +0000 |
commit | 2980768633ff5144fe6e7902abb39b8ff1740baa (patch) | |
tree | 5e99302565a71d9a76f2580b02be6f1b678f6e56 /content | |
parent | e91eae91d6330a50d227d1629d00d599f189f3d8 (diff) | |
download | chromium_src-2980768633ff5144fe6e7902abb39b8ff1740baa.zip chromium_src-2980768633ff5144fe6e7902abb39b8ff1740baa.tar.gz chromium_src-2980768633ff5144fe6e7902abb39b8ff1740baa.tar.bz2 |
Linux sandbox: cleanup sandbox-bpf naming.
1. Rename playground2 namespace to sandbox.
The playground2 namespace is confusing and against the style guide.
We rename it to sandbox, like the rest of sandbox/linux/.
2. Rename the "Sandbox" class to "SandboxBPF".
BUG=325535
R=rsesek@chromium.org
TBR=jochen@chromium.org
Review URL: https://codereview.chromium.org/101773003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@239865 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
-rw-r--r-- | content/common/sandbox_bpf_base_policy_linux.cc | 8 | ||||
-rw-r--r-- | content/common/sandbox_bpf_base_policy_linux.h | 16 | ||||
-rw-r--r-- | content/common/sandbox_init_linux.cc | 8 | ||||
-rw-r--r-- | content/common/sandbox_linux.cc | 16 | ||||
-rw-r--r-- | content/common/sandbox_linux.h | 2 | ||||
-rw-r--r-- | content/common/sandbox_seccomp_bpf_linux.cc | 111 | ||||
-rw-r--r-- | content/common/sandbox_seccomp_bpf_linux.h | 16 | ||||
-rw-r--r-- | content/public/common/sandbox_init.h | 11 | ||||
-rw-r--r-- | content/public/common/sandbox_linux.h | 2 | ||||
-rw-r--r-- | content/renderer/renderer_main_platform_delegate_linux.cc | 2 |
10 files changed, 95 insertions, 97 deletions
diff --git a/content/common/sandbox_bpf_base_policy_linux.cc b/content/common/sandbox_bpf_base_policy_linux.cc index 226c8e5..4341e92 100644 --- a/content/common/sandbox_bpf_base_policy_linux.cc +++ b/content/common/sandbox_bpf_base_policy_linux.cc @@ -18,18 +18,18 @@ static const int kFSDeniedErrno = EPERM; } // namespace. -SandboxBpfBasePolicy::SandboxBpfBasePolicy() +SandboxBPFBasePolicy::SandboxBPFBasePolicy() : baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {} -SandboxBpfBasePolicy::~SandboxBpfBasePolicy() {} +SandboxBPFBasePolicy::~SandboxBPFBasePolicy() {} -ErrorCode SandboxBpfBasePolicy::EvaluateSyscall(Sandbox* sandbox_compiler, +ErrorCode SandboxBPFBasePolicy::EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const { DCHECK(baseline_policy_); return baseline_policy_->EvaluateSyscall(sandbox_compiler, system_call_number); } -int SandboxBpfBasePolicy::GetFSDeniedErrno() { +int SandboxBPFBasePolicy::GetFSDeniedErrno() { return kFSDeniedErrno; } diff --git a/content/common/sandbox_bpf_base_policy_linux.h b/content/common/sandbox_bpf_base_policy_linux.h index 4ba83da..8edba1d 100644 --- a/content/common/sandbox_bpf_base_policy_linux.h +++ b/content/common/sandbox_bpf_base_policy_linux.h @@ -10,21 +10,21 @@ #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" -using playground2::ErrorCode; -using playground2::Sandbox; +using sandbox::ErrorCode; +using sandbox::SandboxBPF; namespace content { // The "baseline" BPF policy for content/. Any content/ seccomp-bpf policy // should inherit from it. -// It implements the main SandboxBpfPolicy interface. Due to its nature +// It implements the main SandboxBPFPolicy interface. Due to its nature // as a "kernel attack surface reduction" layer, it's implementation-defined. -class SandboxBpfBasePolicy : public playground2::SandboxBpfPolicy { +class SandboxBPFBasePolicy : public sandbox::SandboxBPFPolicy { public: - SandboxBpfBasePolicy(); - virtual ~SandboxBpfBasePolicy(); + SandboxBPFBasePolicy(); + virtual ~SandboxBPFBasePolicy(); - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; // Get the errno(3) to return for filesystem errors. static int GetFSDeniedErrno(); @@ -32,7 +32,7 @@ class SandboxBpfBasePolicy : public playground2::SandboxBpfPolicy { private: // Compose the BaselinePolicy from sandbox/. scoped_ptr<sandbox::BaselinePolicy> baseline_policy_; - DISALLOW_COPY_AND_ASSIGN(SandboxBpfBasePolicy); + DISALLOW_COPY_AND_ASSIGN(SandboxBPFBasePolicy); }; } // namespace content diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc index 16b1a60..b2e6b4a 100644 --- a/content/common/sandbox_init_linux.cc +++ b/content/common/sandbox_init_linux.cc @@ -10,12 +10,12 @@ namespace content { -bool InitializeSandbox(scoped_ptr<playground2::SandboxBpfPolicy> policy) { - return SandboxSeccompBpf::StartSandboxWithExternalPolicy(policy.Pass()); +bool InitializeSandbox(scoped_ptr<sandbox::SandboxBPFPolicy> policy) { + return SandboxSeccompBPF::StartSandboxWithExternalPolicy(policy.Pass()); } -scoped_ptr<playground2::SandboxBpfPolicy> GetBpfSandboxBaselinePolicy() { - return SandboxSeccompBpf::GetBaselinePolicy().Pass(); +scoped_ptr<sandbox::SandboxBPFPolicy> GetBPFSandboxBaselinePolicy() { + return SandboxSeccompBPF::GetBaselinePolicy().Pass(); } } // namespace content diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc index 85a3e36..55e5044 100644 --- a/content/common/sandbox_linux.cc +++ b/content/common/sandbox_linux.cc @@ -108,8 +108,8 @@ void LinuxSandbox::PreinitializeSandbox() { CHECK_GE(proc_fd_, 0); #endif // !defined(NDEBUG) // We "pre-warm" the code that detects supports for seccomp BPF. - if (SandboxSeccompBpf::IsSeccompBpfDesired()) { - if (!SandboxSeccompBpf::SupportsSandbox()) { + if (SandboxSeccompBPF::IsSeccompBPFDesired()) { + if (!SandboxSeccompBPF::SupportsSandbox()) { VLOG(1) << "Lacking support for seccomp-bpf sandbox."; } else { seccomp_bpf_supported_ = true; @@ -154,7 +154,7 @@ bool LinuxSandbox::InitializeSandbox() { linux_sandbox->LimitAddressSpace(process_type); // First, try to enable seccomp-bpf. - seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type); + seccomp_bpf_started = linux_sandbox->StartSeccompBPF(process_type); return seccomp_bpf_started; } @@ -171,10 +171,10 @@ int LinuxSandbox::GetStatus() const { } if (seccomp_bpf_supported() && - SandboxSeccompBpf::ShouldEnableSeccompBpf(switches::kRendererProcess)) { + SandboxSeccompBPF::ShouldEnableSeccompBPF(switches::kRendererProcess)) { // We report whether the sandbox will be activated when renderers go // through sandbox initialization. - sandbox_flags |= kSandboxLinuxSeccompBpf; + sandbox_flags |= kSandboxLinuxSeccompBPF; } return sandbox_flags; @@ -224,13 +224,13 @@ sandbox::SetuidSandboxClient* return setuid_sandbox_client_.get(); } -// For seccomp-bpf, we use the SandboxSeccompBpf class. -bool LinuxSandbox::StartSeccompBpf(const std::string& process_type) { +// For seccomp-bpf, we use the SandboxSeccompBPF class. +bool LinuxSandbox::StartSeccompBPF(const std::string& process_type) { CHECK(!seccomp_bpf_started_); if (!pre_initialized_) PreinitializeSandbox(); if (seccomp_bpf_supported()) - seccomp_bpf_started_ = SandboxSeccompBpf::StartSandbox(process_type); + seccomp_bpf_started_ = SandboxSeccompBPF::StartSandbox(process_type); if (seccomp_bpf_started_) LogSandboxStarted("seccomp-bpf"); diff --git a/content/common/sandbox_linux.h b/content/common/sandbox_linux.h index 2cf105f..5101f23 100644 --- a/content/common/sandbox_linux.h +++ b/content/common/sandbox_linux.h @@ -69,7 +69,7 @@ class LinuxSandbox { // Check the policy and eventually start the seccomp-bpf sandbox. This should // never be called with threads started. If we detect that threads have // started we will crash. - bool StartSeccompBpf(const std::string& process_type); + bool StartSeccompBPF(const std::string& process_type); // Limit the address space of the current process (and its children). // to make some vulnerabilities harder to exploit. diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc index e1f344d..484fe73 100644 --- a/content/common/sandbox_seccomp_bpf_linux.cc +++ b/content/common/sandbox_seccomp_bpf_linux.cc @@ -46,18 +46,18 @@ #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" #include "sandbox/linux/services/linux_syscalls.h" -using playground2::arch_seccomp_data; -using playground2::ErrorCode; -using playground2::Sandbox; -using sandbox::BrokerProcess; using sandbox::BaselinePolicy; +using sandbox::BrokerProcess; +using sandbox::ErrorCode; +using sandbox::SandboxBPF; using sandbox::SyscallSets; +using sandbox::arch_seccomp_data; namespace content { namespace { -void StartSandboxWithPolicy(playground2::SandboxBpfPolicy* policy); +void StartSandboxWithPolicy(sandbox::SandboxBPFPolicy* policy); inline bool IsChromeOS() { #if defined(OS_CHROMEOS) @@ -141,13 +141,13 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args, } } -class GpuProcessPolicy : public SandboxBpfBasePolicy { +class GpuProcessPolicy : public SandboxBPFBasePolicy { public: explicit GpuProcessPolicy(void* broker_process) : broker_process_(broker_process) {} virtual ~GpuProcessPolicy() {} - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; private: @@ -156,7 +156,8 @@ class GpuProcessPolicy : public SandboxBpfBasePolicy { }; // Main policy for x86_64/i386. Extended by ArmGpuProcessPolicy. -ErrorCode GpuProcessPolicy::EvaluateSyscall(Sandbox* sandbox, int sysno) const { +ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, + int sysno) const { switch (sysno) { case __NR_ioctl: #if defined(__i386__) || defined(__x86_64__) @@ -180,7 +181,7 @@ ErrorCode GpuProcessPolicy::EvaluateSyscall(Sandbox* sandbox, int sysno) const { return ErrorCode(ErrorCode::ERR_ALLOWED); // Default on the baseline policy. - return SandboxBpfBasePolicy::EvaluateSyscall(sandbox, sysno); + return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); } } @@ -189,7 +190,7 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy { GpuBrokerProcessPolicy() : GpuProcessPolicy(NULL) {} virtual ~GpuBrokerProcessPolicy() {} - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; private: @@ -199,7 +200,7 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy { // x86_64/i386. // A GPU broker policy is the same as a GPU policy with open and // openat allowed. -ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(Sandbox* sandbox, +ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, int sysno) const { switch (sysno) { case __NR_access: @@ -217,7 +218,7 @@ class ArmGpuProcessPolicy : public GpuProcessPolicy { : GpuProcessPolicy(broker_process), allow_shmat_(allow_shmat) {} virtual ~ArmGpuProcessPolicy() {} - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; private: @@ -226,7 +227,7 @@ class ArmGpuProcessPolicy : public GpuProcessPolicy { }; // Generic ARM GPU process sandbox, inheriting from GpuProcessPolicy. -ErrorCode ArmGpuProcessPolicy::EvaluateSyscall(Sandbox* sandbox, +ErrorCode ArmGpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, int sysno) const { #if defined(__arm__) if (allow_shmat_ && sysno == __NR_shmat) @@ -265,7 +266,7 @@ class ArmGpuBrokerProcessPolicy : public ArmGpuProcessPolicy { ArmGpuBrokerProcessPolicy() : ArmGpuProcessPolicy(NULL, false) {} virtual ~ArmGpuBrokerProcessPolicy() {} - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; private: @@ -274,7 +275,7 @@ class ArmGpuBrokerProcessPolicy : public ArmGpuProcessPolicy { // A GPU broker policy is the same as a GPU policy with open and // openat allowed. -ErrorCode ArmGpuBrokerProcessPolicy::EvaluateSyscall(Sandbox* sandbox, +ErrorCode ArmGpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, int sysno) const { switch (sysno) { case __NR_access: @@ -289,19 +290,19 @@ ErrorCode ArmGpuBrokerProcessPolicy::EvaluateSyscall(Sandbox* sandbox, // Policy for renderer and worker processes. // TODO(jln): move to renderer/ -class RendererOrWorkerProcessPolicy : public SandboxBpfBasePolicy { +class RendererOrWorkerProcessPolicy : public SandboxBPFBasePolicy { public: RendererOrWorkerProcessPolicy() {} virtual ~RendererOrWorkerProcessPolicy() {} - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; private: DISALLOW_COPY_AND_ASSIGN(RendererOrWorkerProcessPolicy); }; -ErrorCode RendererOrWorkerProcessPolicy::EvaluateSyscall(Sandbox* sandbox, +ErrorCode RendererOrWorkerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, int sysno) const { switch (sysno) { case __NR_clone: @@ -349,25 +350,25 @@ ErrorCode RendererOrWorkerProcessPolicy::EvaluateSyscall(Sandbox* sandbox, } // Default on the content baseline policy. - return SandboxBpfBasePolicy::EvaluateSyscall(sandbox, sysno); + return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); } } // Policy for PPAPI plugins. // TODO(jln): move to ppapi_plugin/. -class FlashProcessPolicy : public SandboxBpfBasePolicy { +class FlashProcessPolicy : public SandboxBPFBasePolicy { public: FlashProcessPolicy() {} virtual ~FlashProcessPolicy() {} - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; private: DISALLOW_COPY_AND_ASSIGN(FlashProcessPolicy); }; -ErrorCode FlashProcessPolicy::EvaluateSyscall(Sandbox* sandbox, +ErrorCode FlashProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, int sysno) const { switch (sysno) { case __NR_clone: @@ -397,25 +398,25 @@ ErrorCode FlashProcessPolicy::EvaluateSyscall(Sandbox* sandbox, } // Default on the baseline policy. - return SandboxBpfBasePolicy::EvaluateSyscall(sandbox, sysno); + return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); } } -class BlacklistDebugAndNumaPolicy : public SandboxBpfBasePolicy { +class BlacklistDebugAndNumaPolicy : public SandboxBPFBasePolicy { public: BlacklistDebugAndNumaPolicy() {} virtual ~BlacklistDebugAndNumaPolicy() {} - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; private: DISALLOW_COPY_AND_ASSIGN(BlacklistDebugAndNumaPolicy); }; -ErrorCode BlacklistDebugAndNumaPolicy::EvaluateSyscall(Sandbox* sandbox, +ErrorCode BlacklistDebugAndNumaPolicy::EvaluateSyscall(SandboxBPF* sandbox, int sysno) const { - if (!Sandbox::IsValidSyscallNumber(sysno)) { + if (!SandboxBPF::IsValidSyscallNumber(sysno)) { // TODO(jln) we should not have to do that in a trivial policy. return ErrorCode(ENOSYS); } @@ -425,12 +426,12 @@ ErrorCode BlacklistDebugAndNumaPolicy::EvaluateSyscall(Sandbox* sandbox, return ErrorCode(ErrorCode::ERR_ALLOWED); } -class AllowAllPolicy : public SandboxBpfBasePolicy { +class AllowAllPolicy : public SandboxBPFBasePolicy { public: AllowAllPolicy() {} virtual ~AllowAllPolicy() {} - virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, + virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, int system_call_number) const OVERRIDE; private: @@ -440,8 +441,8 @@ class AllowAllPolicy : public SandboxBpfBasePolicy { // Allow all syscalls. // This will still deny x32 or IA32 calls in 64 bits mode or // 64 bits system calls in compatibility mode. -ErrorCode AllowAllPolicy::EvaluateSyscall(Sandbox*, int sysno) const { - if (!Sandbox::IsValidSyscallNumber(sysno)) { +ErrorCode AllowAllPolicy::EvaluateSyscall(SandboxBPF*, int sysno) const { + if (!SandboxBPF::IsValidSyscallNumber(sysno)) { // TODO(jln) we should not have to do that in a trivial policy. return ErrorCode(ENOSYS); } else { @@ -469,7 +470,7 @@ void RunSandboxSanityChecks(const std::string& process_type) { // open() must be restricted. syscall_ret = open("/etc/passwd", O_RDONLY); CHECK_EQ(-1, syscall_ret); - CHECK_EQ(SandboxBpfBasePolicy::GetFSDeniedErrno(), errno); + CHECK_EQ(SandboxBPFBasePolicy::GetFSDeniedErrno(), errno); // We should never allow the creation of netlink sockets. syscall_ret = socket(AF_NETLINK, SOCK_DGRAM, 0); @@ -588,7 +589,7 @@ void InitGpuBrokerProcess(bool for_chromeos_arm, sandbox_callback = EnableGpuBrokerPolicyCallback; } - *broker_process = new BrokerProcess(SandboxBpfBasePolicy::GetFSDeniedErrno(), + *broker_process = new BrokerProcess(SandboxBPFBasePolicy::GetFSDeniedErrno(), read_whitelist, write_whitelist); // Initialize the broker process and give it a sandbox callback. @@ -664,7 +665,7 @@ void StartGpuProcessSandbox(const CommandLine& command_line, // eventually start a broker process. WarmupPolicy(chromeos_arm_gpu, &broker_process); - scoped_ptr<SandboxBpfBasePolicy> gpu_policy; + scoped_ptr<SandboxBPFBasePolicy> gpu_policy; if (chromeos_arm_gpu) { gpu_policy.reset(new ArmGpuProcessPolicy(broker_process, allow_sysv_shm)); } else { @@ -674,19 +675,19 @@ void StartGpuProcessSandbox(const CommandLine& command_line, } // This function takes ownership of |policy|. -void StartSandboxWithPolicy(playground2::SandboxBpfPolicy* policy) { +void StartSandboxWithPolicy(sandbox::SandboxBPFPolicy* policy) { // Starting the sandbox is a one-way operation. The kernel doesn't allow // us to unload a sandbox policy after it has been started. Nonetheless, // in order to make the use of the "Sandbox" object easier, we allow for // the object to be destroyed after the sandbox has been started. Note that // doing so does not stop the sandbox. - Sandbox sandbox; + SandboxBPF sandbox; sandbox.SetSandboxPolicy(policy); sandbox.StartSandbox(); } void StartNonGpuSandbox(const std::string& process_type) { - scoped_ptr<SandboxBpfBasePolicy> policy; + scoped_ptr<SandboxBPFBasePolicy> policy; if (process_type == switches::kRendererProcess || process_type == switches::kWorkerProcess) { @@ -704,7 +705,7 @@ void StartNonGpuSandbox(const std::string& process_type) { } // Initialize the seccomp-bpf sandbox. -bool StartBpfSandbox(const CommandLine& command_line, +bool StartBPFSandbox(const CommandLine& command_line, const std::string& process_type) { if (process_type == switches::kGpuProcess) { @@ -722,7 +723,7 @@ bool StartBpfSandbox(const CommandLine& command_line, #endif // SECCOMP_BPF_SANDBOX // Is seccomp BPF globally enabled? -bool SandboxSeccompBpf::IsSeccompBpfDesired() { +bool SandboxSeccompBPF::IsSeccompBPFDesired() { const CommandLine& command_line = *CommandLine::ForCurrentProcess(); if (!command_line.HasSwitch(switches::kNoSandbox) && !command_line.HasSwitch(switches::kDisableSeccompFilterSandbox)) { @@ -732,7 +733,7 @@ bool SandboxSeccompBpf::IsSeccompBpfDesired() { } } -bool SandboxSeccompBpf::ShouldEnableSeccompBpf( +bool SandboxSeccompBPF::ShouldEnableSeccompBPF( const std::string& process_type) { #if defined(SECCOMP_BPF_SANDBOX) const CommandLine& command_line = *CommandLine::ForCurrentProcess(); @@ -744,33 +745,33 @@ bool SandboxSeccompBpf::ShouldEnableSeccompBpf( return false; } -bool SandboxSeccompBpf::SupportsSandbox() { +bool SandboxSeccompBPF::SupportsSandbox() { #if defined(SECCOMP_BPF_SANDBOX) // TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton // here. - Sandbox::SandboxStatus bpf_sandbox_status = - Sandbox::SupportsSeccompSandbox(-1); + SandboxBPF::SandboxStatus bpf_sandbox_status = + SandboxBPF::SupportsSeccompSandbox(-1); // Kernel support is what we are interested in here. Other status // such as STATUS_UNAVAILABLE (has threads) still indicate kernel support. // We make this a negative check, since if there is a bug, we would rather // "fail closed" (expect a sandbox to be available and try to start it). - if (bpf_sandbox_status != Sandbox::STATUS_UNSUPPORTED) { + if (bpf_sandbox_status != SandboxBPF::STATUS_UNSUPPORTED) { return true; } #endif return false; } -bool SandboxSeccompBpf::StartSandbox(const std::string& process_type) { +bool SandboxSeccompBPF::StartSandbox(const std::string& process_type) { #if defined(SECCOMP_BPF_SANDBOX) const CommandLine& command_line = *CommandLine::ForCurrentProcess(); - if (IsSeccompBpfDesired() && // Global switches policy. - ShouldEnableSeccompBpf(process_type) && // Process-specific policy. + if (IsSeccompBPFDesired() && // Global switches policy. + ShouldEnableSeccompBPF(process_type) && // Process-specific policy. SupportsSandbox()) { // If the kernel supports the sandbox, and if the command line says we // should enable it, enable it or die. - bool started_sandbox = StartBpfSandbox(command_line, process_type); + bool started_sandbox = StartBPFSandbox(command_line, process_type); CHECK(started_sandbox); return true; } @@ -778,10 +779,10 @@ bool SandboxSeccompBpf::StartSandbox(const std::string& process_type) { return false; } -bool SandboxSeccompBpf::StartSandboxWithExternalPolicy( - scoped_ptr<playground2::SandboxBpfPolicy> policy) { +bool SandboxSeccompBPF::StartSandboxWithExternalPolicy( + scoped_ptr<sandbox::SandboxBPFPolicy> policy) { #if defined(SECCOMP_BPF_SANDBOX) - if (IsSeccompBpfDesired() && SupportsSandbox()) { + if (IsSeccompBPFDesired() && SupportsSandbox()) { CHECK(policy); StartSandboxWithPolicy(policy.release()); return true; @@ -790,12 +791,12 @@ bool SandboxSeccompBpf::StartSandboxWithExternalPolicy( return false; } -scoped_ptr<playground2::SandboxBpfPolicy> -SandboxSeccompBpf::GetBaselinePolicy() { +scoped_ptr<sandbox::SandboxBPFPolicy> +SandboxSeccompBPF::GetBaselinePolicy() { #if defined(SECCOMP_BPF_SANDBOX) - return scoped_ptr<playground2::SandboxBpfPolicy>(new BaselinePolicy); + return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy); #else - return scoped_ptr<playground2::SandboxBpfPolicy>(); + return scoped_ptr<sandbox::SandboxBPFPolicy>(); #endif // defined(SECCOMP_BPF_SANDBOX) } diff --git a/content/common/sandbox_seccomp_bpf_linux.h b/content/common/sandbox_seccomp_bpf_linux.h index a32973d..c6058c4 100644 --- a/content/common/sandbox_seccomp_bpf_linux.h +++ b/content/common/sandbox_seccomp_bpf_linux.h @@ -10,8 +10,8 @@ #include "base/basictypes.h" #include "base/memory/scoped_ptr.h" -namespace playground2 { -class SandboxBpfPolicy; +namespace sandbox { +class SandboxBPFPolicy; } namespace content { @@ -19,16 +19,16 @@ namespace content { // This class has two main sets of APIs. One can be used to start the sandbox // for internal content process types, the other is indirectly exposed as // a public content/ API and uses a supplied policy. -class SandboxSeccompBpf { +class SandboxSeccompBPF { public: // This is the API to enable a seccomp-bpf sandbox for content/ // process-types: // Is the sandbox globally enabled, can anything use it at all ? // This looks at global command line flags to see if the sandbox // should be enabled at all. - static bool IsSeccompBpfDesired(); + static bool IsSeccompBPFDesired(); // Should the sandbox be enabled for process_type ? - static bool ShouldEnableSeccompBpf(const std::string& process_type); + static bool ShouldEnableSeccompBPF(const std::string& process_type); // Check if the kernel supports this sandbox. It's useful to "prewarm" // this, part of the result will be cached. static bool SupportsSandbox(); @@ -39,12 +39,12 @@ class SandboxSeccompBpf { // This is the API to enable a seccomp-bpf sandbox by using an // external policy. static bool StartSandboxWithExternalPolicy( - scoped_ptr<playground2::SandboxBpfPolicy> policy); + scoped_ptr<sandbox::SandboxBPFPolicy> policy); // The "baseline" policy can be a useful base to build a sandbox policy. - static scoped_ptr<playground2::SandboxBpfPolicy> GetBaselinePolicy(); + static scoped_ptr<sandbox::SandboxBPFPolicy> GetBaselinePolicy(); private: - DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBpf); + DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBPF); }; } // namespace content diff --git a/content/public/common/sandbox_init.h b/content/public/common/sandbox_init.h index 33a76c2..f709d23 100644 --- a/content/public/common/sandbox_init.h +++ b/content/public/common/sandbox_init.h @@ -16,11 +16,8 @@ namespace base { class FilePath; } -namespace playground2 { -class SandboxBpfPolicy; -} - namespace sandbox { +class SandboxBPFPolicy; struct SandboxInterfaceInfo; } @@ -90,12 +87,12 @@ class SandboxInitializerDelegate; // Initialize a seccomp-bpf sandbox. |policy| may not be NULL. // Returns true if the sandbox has been properly engaged. CONTENT_EXPORT bool InitializeSandbox( - scoped_ptr<playground2::SandboxBpfPolicy> policy); + scoped_ptr<sandbox::SandboxBPFPolicy> policy); // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to // implement a policy that is derived from the baseline. -CONTENT_EXPORT scoped_ptr<playground2::SandboxBpfPolicy> -GetBpfSandboxBaselinePolicy(); +CONTENT_EXPORT scoped_ptr<sandbox::SandboxBPFPolicy> +GetBPFSandboxBaselinePolicy(); #endif // defined(OS_LINUX) } // namespace content diff --git a/content/public/common/sandbox_linux.h b/content/public/common/sandbox_linux.h index 6824d55..72e212e 100644 --- a/content/public/common/sandbox_linux.h +++ b/content/public/common/sandbox_linux.h @@ -21,7 +21,7 @@ enum LinuxSandboxStatus { kSandboxLinuxNetNS = 1 << 2, // seccomp-bpf sandbox active. - kSandboxLinuxSeccompBpf = 1 << 3, + kSandboxLinuxSeccompBPF = 1 << 3, }; } // namespace content diff --git a/content/renderer/renderer_main_platform_delegate_linux.cc b/content/renderer/renderer_main_platform_delegate_linux.cc index e473ad8..135a084 100644 --- a/content/renderer/renderer_main_platform_delegate_linux.cc +++ b/content/renderer/renderer_main_platform_delegate_linux.cc @@ -69,7 +69,7 @@ void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { // Here, we test that the status of SeccompBpf in the renderer is consistent // with what LinuxSandbox::GetStatus() said we would do. class LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance(); - if (linux_sandbox->GetStatus() & kSandboxLinuxSeccompBpf) { + if (linux_sandbox->GetStatus() & kSandboxLinuxSeccompBPF) { CHECK(linux_sandbox->seccomp_bpf_started()); } |