summaryrefslogtreecommitdiffstats
path: root/content
diff options
context:
space:
mode:
authorjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-12-10 22:18:42 +0000
committerjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-12-10 22:18:42 +0000
commit2980768633ff5144fe6e7902abb39b8ff1740baa (patch)
tree5e99302565a71d9a76f2580b02be6f1b678f6e56 /content
parente91eae91d6330a50d227d1629d00d599f189f3d8 (diff)
downloadchromium_src-2980768633ff5144fe6e7902abb39b8ff1740baa.zip
chromium_src-2980768633ff5144fe6e7902abb39b8ff1740baa.tar.gz
chromium_src-2980768633ff5144fe6e7902abb39b8ff1740baa.tar.bz2
Linux sandbox: cleanup sandbox-bpf naming.
1. Rename playground2 namespace to sandbox. The playground2 namespace is confusing and against the style guide. We rename it to sandbox, like the rest of sandbox/linux/. 2. Rename the "Sandbox" class to "SandboxBPF". BUG=325535 R=rsesek@chromium.org TBR=jochen@chromium.org Review URL: https://codereview.chromium.org/101773003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@239865 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
-rw-r--r--content/common/sandbox_bpf_base_policy_linux.cc8
-rw-r--r--content/common/sandbox_bpf_base_policy_linux.h16
-rw-r--r--content/common/sandbox_init_linux.cc8
-rw-r--r--content/common/sandbox_linux.cc16
-rw-r--r--content/common/sandbox_linux.h2
-rw-r--r--content/common/sandbox_seccomp_bpf_linux.cc111
-rw-r--r--content/common/sandbox_seccomp_bpf_linux.h16
-rw-r--r--content/public/common/sandbox_init.h11
-rw-r--r--content/public/common/sandbox_linux.h2
-rw-r--r--content/renderer/renderer_main_platform_delegate_linux.cc2
10 files changed, 95 insertions, 97 deletions
diff --git a/content/common/sandbox_bpf_base_policy_linux.cc b/content/common/sandbox_bpf_base_policy_linux.cc
index 226c8e5..4341e92 100644
--- a/content/common/sandbox_bpf_base_policy_linux.cc
+++ b/content/common/sandbox_bpf_base_policy_linux.cc
@@ -18,18 +18,18 @@ static const int kFSDeniedErrno = EPERM;
} // namespace.
-SandboxBpfBasePolicy::SandboxBpfBasePolicy()
+SandboxBPFBasePolicy::SandboxBPFBasePolicy()
: baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {}
-SandboxBpfBasePolicy::~SandboxBpfBasePolicy() {}
+SandboxBPFBasePolicy::~SandboxBPFBasePolicy() {}
-ErrorCode SandboxBpfBasePolicy::EvaluateSyscall(Sandbox* sandbox_compiler,
+ErrorCode SandboxBPFBasePolicy::EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const {
DCHECK(baseline_policy_);
return baseline_policy_->EvaluateSyscall(sandbox_compiler,
system_call_number);
}
-int SandboxBpfBasePolicy::GetFSDeniedErrno() {
+int SandboxBPFBasePolicy::GetFSDeniedErrno() {
return kFSDeniedErrno;
}
diff --git a/content/common/sandbox_bpf_base_policy_linux.h b/content/common/sandbox_bpf_base_policy_linux.h
index 4ba83da..8edba1d 100644
--- a/content/common/sandbox_bpf_base_policy_linux.h
+++ b/content/common/sandbox_bpf_base_policy_linux.h
@@ -10,21 +10,21 @@
#include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
-using playground2::ErrorCode;
-using playground2::Sandbox;
+using sandbox::ErrorCode;
+using sandbox::SandboxBPF;
namespace content {
// The "baseline" BPF policy for content/. Any content/ seccomp-bpf policy
// should inherit from it.
-// It implements the main SandboxBpfPolicy interface. Due to its nature
+// It implements the main SandboxBPFPolicy interface. Due to its nature
// as a "kernel attack surface reduction" layer, it's implementation-defined.
-class SandboxBpfBasePolicy : public playground2::SandboxBpfPolicy {
+class SandboxBPFBasePolicy : public sandbox::SandboxBPFPolicy {
public:
- SandboxBpfBasePolicy();
- virtual ~SandboxBpfBasePolicy();
+ SandboxBPFBasePolicy();
+ virtual ~SandboxBPFBasePolicy();
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
// Get the errno(3) to return for filesystem errors.
static int GetFSDeniedErrno();
@@ -32,7 +32,7 @@ class SandboxBpfBasePolicy : public playground2::SandboxBpfPolicy {
private:
// Compose the BaselinePolicy from sandbox/.
scoped_ptr<sandbox::BaselinePolicy> baseline_policy_;
- DISALLOW_COPY_AND_ASSIGN(SandboxBpfBasePolicy);
+ DISALLOW_COPY_AND_ASSIGN(SandboxBPFBasePolicy);
};
} // namespace content
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index 16b1a60..b2e6b4a 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -10,12 +10,12 @@
namespace content {
-bool InitializeSandbox(scoped_ptr<playground2::SandboxBpfPolicy> policy) {
- return SandboxSeccompBpf::StartSandboxWithExternalPolicy(policy.Pass());
+bool InitializeSandbox(scoped_ptr<sandbox::SandboxBPFPolicy> policy) {
+ return SandboxSeccompBPF::StartSandboxWithExternalPolicy(policy.Pass());
}
-scoped_ptr<playground2::SandboxBpfPolicy> GetBpfSandboxBaselinePolicy() {
- return SandboxSeccompBpf::GetBaselinePolicy().Pass();
+scoped_ptr<sandbox::SandboxBPFPolicy> GetBPFSandboxBaselinePolicy() {
+ return SandboxSeccompBPF::GetBaselinePolicy().Pass();
}
} // namespace content
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
index 85a3e36..55e5044 100644
--- a/content/common/sandbox_linux.cc
+++ b/content/common/sandbox_linux.cc
@@ -108,8 +108,8 @@ void LinuxSandbox::PreinitializeSandbox() {
CHECK_GE(proc_fd_, 0);
#endif // !defined(NDEBUG)
// We "pre-warm" the code that detects supports for seccomp BPF.
- if (SandboxSeccompBpf::IsSeccompBpfDesired()) {
- if (!SandboxSeccompBpf::SupportsSandbox()) {
+ if (SandboxSeccompBPF::IsSeccompBPFDesired()) {
+ if (!SandboxSeccompBPF::SupportsSandbox()) {
VLOG(1) << "Lacking support for seccomp-bpf sandbox.";
} else {
seccomp_bpf_supported_ = true;
@@ -154,7 +154,7 @@ bool LinuxSandbox::InitializeSandbox() {
linux_sandbox->LimitAddressSpace(process_type);
// First, try to enable seccomp-bpf.
- seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type);
+ seccomp_bpf_started = linux_sandbox->StartSeccompBPF(process_type);
return seccomp_bpf_started;
}
@@ -171,10 +171,10 @@ int LinuxSandbox::GetStatus() const {
}
if (seccomp_bpf_supported() &&
- SandboxSeccompBpf::ShouldEnableSeccompBpf(switches::kRendererProcess)) {
+ SandboxSeccompBPF::ShouldEnableSeccompBPF(switches::kRendererProcess)) {
// We report whether the sandbox will be activated when renderers go
// through sandbox initialization.
- sandbox_flags |= kSandboxLinuxSeccompBpf;
+ sandbox_flags |= kSandboxLinuxSeccompBPF;
}
return sandbox_flags;
@@ -224,13 +224,13 @@ sandbox::SetuidSandboxClient*
return setuid_sandbox_client_.get();
}
-// For seccomp-bpf, we use the SandboxSeccompBpf class.
-bool LinuxSandbox::StartSeccompBpf(const std::string& process_type) {
+// For seccomp-bpf, we use the SandboxSeccompBPF class.
+bool LinuxSandbox::StartSeccompBPF(const std::string& process_type) {
CHECK(!seccomp_bpf_started_);
if (!pre_initialized_)
PreinitializeSandbox();
if (seccomp_bpf_supported())
- seccomp_bpf_started_ = SandboxSeccompBpf::StartSandbox(process_type);
+ seccomp_bpf_started_ = SandboxSeccompBPF::StartSandbox(process_type);
if (seccomp_bpf_started_)
LogSandboxStarted("seccomp-bpf");
diff --git a/content/common/sandbox_linux.h b/content/common/sandbox_linux.h
index 2cf105f..5101f23 100644
--- a/content/common/sandbox_linux.h
+++ b/content/common/sandbox_linux.h
@@ -69,7 +69,7 @@ class LinuxSandbox {
// Check the policy and eventually start the seccomp-bpf sandbox. This should
// never be called with threads started. If we detect that threads have
// started we will crash.
- bool StartSeccompBpf(const std::string& process_type);
+ bool StartSeccompBPF(const std::string& process_type);
// Limit the address space of the current process (and its children).
// to make some vulnerabilities harder to exploit.
diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc
index e1f344d..484fe73 100644
--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -46,18 +46,18 @@
#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
#include "sandbox/linux/services/linux_syscalls.h"
-using playground2::arch_seccomp_data;
-using playground2::ErrorCode;
-using playground2::Sandbox;
-using sandbox::BrokerProcess;
using sandbox::BaselinePolicy;
+using sandbox::BrokerProcess;
+using sandbox::ErrorCode;
+using sandbox::SandboxBPF;
using sandbox::SyscallSets;
+using sandbox::arch_seccomp_data;
namespace content {
namespace {
-void StartSandboxWithPolicy(playground2::SandboxBpfPolicy* policy);
+void StartSandboxWithPolicy(sandbox::SandboxBPFPolicy* policy);
inline bool IsChromeOS() {
#if defined(OS_CHROMEOS)
@@ -141,13 +141,13 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
}
}
-class GpuProcessPolicy : public SandboxBpfBasePolicy {
+class GpuProcessPolicy : public SandboxBPFBasePolicy {
public:
explicit GpuProcessPolicy(void* broker_process)
: broker_process_(broker_process) {}
virtual ~GpuProcessPolicy() {}
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
@@ -156,7 +156,8 @@ class GpuProcessPolicy : public SandboxBpfBasePolicy {
};
// Main policy for x86_64/i386. Extended by ArmGpuProcessPolicy.
-ErrorCode GpuProcessPolicy::EvaluateSyscall(Sandbox* sandbox, int sysno) const {
+ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
+ int sysno) const {
switch (sysno) {
case __NR_ioctl:
#if defined(__i386__) || defined(__x86_64__)
@@ -180,7 +181,7 @@ ErrorCode GpuProcessPolicy::EvaluateSyscall(Sandbox* sandbox, int sysno) const {
return ErrorCode(ErrorCode::ERR_ALLOWED);
// Default on the baseline policy.
- return SandboxBpfBasePolicy::EvaluateSyscall(sandbox, sysno);
+ return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno);
}
}
@@ -189,7 +190,7 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy {
GpuBrokerProcessPolicy() : GpuProcessPolicy(NULL) {}
virtual ~GpuBrokerProcessPolicy() {}
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
@@ -199,7 +200,7 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy {
// x86_64/i386.
// A GPU broker policy is the same as a GPU policy with open and
// openat allowed.
-ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(Sandbox* sandbox,
+ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
int sysno) const {
switch (sysno) {
case __NR_access:
@@ -217,7 +218,7 @@ class ArmGpuProcessPolicy : public GpuProcessPolicy {
: GpuProcessPolicy(broker_process), allow_shmat_(allow_shmat) {}
virtual ~ArmGpuProcessPolicy() {}
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
@@ -226,7 +227,7 @@ class ArmGpuProcessPolicy : public GpuProcessPolicy {
};
// Generic ARM GPU process sandbox, inheriting from GpuProcessPolicy.
-ErrorCode ArmGpuProcessPolicy::EvaluateSyscall(Sandbox* sandbox,
+ErrorCode ArmGpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
int sysno) const {
#if defined(__arm__)
if (allow_shmat_ && sysno == __NR_shmat)
@@ -265,7 +266,7 @@ class ArmGpuBrokerProcessPolicy : public ArmGpuProcessPolicy {
ArmGpuBrokerProcessPolicy() : ArmGpuProcessPolicy(NULL, false) {}
virtual ~ArmGpuBrokerProcessPolicy() {}
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
@@ -274,7 +275,7 @@ class ArmGpuBrokerProcessPolicy : public ArmGpuProcessPolicy {
// A GPU broker policy is the same as a GPU policy with open and
// openat allowed.
-ErrorCode ArmGpuBrokerProcessPolicy::EvaluateSyscall(Sandbox* sandbox,
+ErrorCode ArmGpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
int sysno) const {
switch (sysno) {
case __NR_access:
@@ -289,19 +290,19 @@ ErrorCode ArmGpuBrokerProcessPolicy::EvaluateSyscall(Sandbox* sandbox,
// Policy for renderer and worker processes.
// TODO(jln): move to renderer/
-class RendererOrWorkerProcessPolicy : public SandboxBpfBasePolicy {
+class RendererOrWorkerProcessPolicy : public SandboxBPFBasePolicy {
public:
RendererOrWorkerProcessPolicy() {}
virtual ~RendererOrWorkerProcessPolicy() {}
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(RendererOrWorkerProcessPolicy);
};
-ErrorCode RendererOrWorkerProcessPolicy::EvaluateSyscall(Sandbox* sandbox,
+ErrorCode RendererOrWorkerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
int sysno) const {
switch (sysno) {
case __NR_clone:
@@ -349,25 +350,25 @@ ErrorCode RendererOrWorkerProcessPolicy::EvaluateSyscall(Sandbox* sandbox,
}
// Default on the content baseline policy.
- return SandboxBpfBasePolicy::EvaluateSyscall(sandbox, sysno);
+ return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno);
}
}
// Policy for PPAPI plugins.
// TODO(jln): move to ppapi_plugin/.
-class FlashProcessPolicy : public SandboxBpfBasePolicy {
+class FlashProcessPolicy : public SandboxBPFBasePolicy {
public:
FlashProcessPolicy() {}
virtual ~FlashProcessPolicy() {}
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(FlashProcessPolicy);
};
-ErrorCode FlashProcessPolicy::EvaluateSyscall(Sandbox* sandbox,
+ErrorCode FlashProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
int sysno) const {
switch (sysno) {
case __NR_clone:
@@ -397,25 +398,25 @@ ErrorCode FlashProcessPolicy::EvaluateSyscall(Sandbox* sandbox,
}
// Default on the baseline policy.
- return SandboxBpfBasePolicy::EvaluateSyscall(sandbox, sysno);
+ return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno);
}
}
-class BlacklistDebugAndNumaPolicy : public SandboxBpfBasePolicy {
+class BlacklistDebugAndNumaPolicy : public SandboxBPFBasePolicy {
public:
BlacklistDebugAndNumaPolicy() {}
virtual ~BlacklistDebugAndNumaPolicy() {}
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(BlacklistDebugAndNumaPolicy);
};
-ErrorCode BlacklistDebugAndNumaPolicy::EvaluateSyscall(Sandbox* sandbox,
+ErrorCode BlacklistDebugAndNumaPolicy::EvaluateSyscall(SandboxBPF* sandbox,
int sysno) const {
- if (!Sandbox::IsValidSyscallNumber(sysno)) {
+ if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
// TODO(jln) we should not have to do that in a trivial policy.
return ErrorCode(ENOSYS);
}
@@ -425,12 +426,12 @@ ErrorCode BlacklistDebugAndNumaPolicy::EvaluateSyscall(Sandbox* sandbox,
return ErrorCode(ErrorCode::ERR_ALLOWED);
}
-class AllowAllPolicy : public SandboxBpfBasePolicy {
+class AllowAllPolicy : public SandboxBPFBasePolicy {
public:
AllowAllPolicy() {}
virtual ~AllowAllPolicy() {}
- virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler,
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
@@ -440,8 +441,8 @@ class AllowAllPolicy : public SandboxBpfBasePolicy {
// Allow all syscalls.
// This will still deny x32 or IA32 calls in 64 bits mode or
// 64 bits system calls in compatibility mode.
-ErrorCode AllowAllPolicy::EvaluateSyscall(Sandbox*, int sysno) const {
- if (!Sandbox::IsValidSyscallNumber(sysno)) {
+ErrorCode AllowAllPolicy::EvaluateSyscall(SandboxBPF*, int sysno) const {
+ if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
// TODO(jln) we should not have to do that in a trivial policy.
return ErrorCode(ENOSYS);
} else {
@@ -469,7 +470,7 @@ void RunSandboxSanityChecks(const std::string& process_type) {
// open() must be restricted.
syscall_ret = open("/etc/passwd", O_RDONLY);
CHECK_EQ(-1, syscall_ret);
- CHECK_EQ(SandboxBpfBasePolicy::GetFSDeniedErrno(), errno);
+ CHECK_EQ(SandboxBPFBasePolicy::GetFSDeniedErrno(), errno);
// We should never allow the creation of netlink sockets.
syscall_ret = socket(AF_NETLINK, SOCK_DGRAM, 0);
@@ -588,7 +589,7 @@ void InitGpuBrokerProcess(bool for_chromeos_arm,
sandbox_callback = EnableGpuBrokerPolicyCallback;
}
- *broker_process = new BrokerProcess(SandboxBpfBasePolicy::GetFSDeniedErrno(),
+ *broker_process = new BrokerProcess(SandboxBPFBasePolicy::GetFSDeniedErrno(),
read_whitelist,
write_whitelist);
// Initialize the broker process and give it a sandbox callback.
@@ -664,7 +665,7 @@ void StartGpuProcessSandbox(const CommandLine& command_line,
// eventually start a broker process.
WarmupPolicy(chromeos_arm_gpu, &broker_process);
- scoped_ptr<SandboxBpfBasePolicy> gpu_policy;
+ scoped_ptr<SandboxBPFBasePolicy> gpu_policy;
if (chromeos_arm_gpu) {
gpu_policy.reset(new ArmGpuProcessPolicy(broker_process, allow_sysv_shm));
} else {
@@ -674,19 +675,19 @@ void StartGpuProcessSandbox(const CommandLine& command_line,
}
// This function takes ownership of |policy|.
-void StartSandboxWithPolicy(playground2::SandboxBpfPolicy* policy) {
+void StartSandboxWithPolicy(sandbox::SandboxBPFPolicy* policy) {
// Starting the sandbox is a one-way operation. The kernel doesn't allow
// us to unload a sandbox policy after it has been started. Nonetheless,
// in order to make the use of the "Sandbox" object easier, we allow for
// the object to be destroyed after the sandbox has been started. Note that
// doing so does not stop the sandbox.
- Sandbox sandbox;
+ SandboxBPF sandbox;
sandbox.SetSandboxPolicy(policy);
sandbox.StartSandbox();
}
void StartNonGpuSandbox(const std::string& process_type) {
- scoped_ptr<SandboxBpfBasePolicy> policy;
+ scoped_ptr<SandboxBPFBasePolicy> policy;
if (process_type == switches::kRendererProcess ||
process_type == switches::kWorkerProcess) {
@@ -704,7 +705,7 @@ void StartNonGpuSandbox(const std::string& process_type) {
}
// Initialize the seccomp-bpf sandbox.
-bool StartBpfSandbox(const CommandLine& command_line,
+bool StartBPFSandbox(const CommandLine& command_line,
const std::string& process_type) {
if (process_type == switches::kGpuProcess) {
@@ -722,7 +723,7 @@ bool StartBpfSandbox(const CommandLine& command_line,
#endif // SECCOMP_BPF_SANDBOX
// Is seccomp BPF globally enabled?
-bool SandboxSeccompBpf::IsSeccompBpfDesired() {
+bool SandboxSeccompBPF::IsSeccompBPFDesired() {
const CommandLine& command_line = *CommandLine::ForCurrentProcess();
if (!command_line.HasSwitch(switches::kNoSandbox) &&
!command_line.HasSwitch(switches::kDisableSeccompFilterSandbox)) {
@@ -732,7 +733,7 @@ bool SandboxSeccompBpf::IsSeccompBpfDesired() {
}
}
-bool SandboxSeccompBpf::ShouldEnableSeccompBpf(
+bool SandboxSeccompBPF::ShouldEnableSeccompBPF(
const std::string& process_type) {
#if defined(SECCOMP_BPF_SANDBOX)
const CommandLine& command_line = *CommandLine::ForCurrentProcess();
@@ -744,33 +745,33 @@ bool SandboxSeccompBpf::ShouldEnableSeccompBpf(
return false;
}
-bool SandboxSeccompBpf::SupportsSandbox() {
+bool SandboxSeccompBPF::SupportsSandbox() {
#if defined(SECCOMP_BPF_SANDBOX)
// TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton
// here.
- Sandbox::SandboxStatus bpf_sandbox_status =
- Sandbox::SupportsSeccompSandbox(-1);
+ SandboxBPF::SandboxStatus bpf_sandbox_status =
+ SandboxBPF::SupportsSeccompSandbox(-1);
// Kernel support is what we are interested in here. Other status
// such as STATUS_UNAVAILABLE (has threads) still indicate kernel support.
// We make this a negative check, since if there is a bug, we would rather
// "fail closed" (expect a sandbox to be available and try to start it).
- if (bpf_sandbox_status != Sandbox::STATUS_UNSUPPORTED) {
+ if (bpf_sandbox_status != SandboxBPF::STATUS_UNSUPPORTED) {
return true;
}
#endif
return false;
}
-bool SandboxSeccompBpf::StartSandbox(const std::string& process_type) {
+bool SandboxSeccompBPF::StartSandbox(const std::string& process_type) {
#if defined(SECCOMP_BPF_SANDBOX)
const CommandLine& command_line = *CommandLine::ForCurrentProcess();
- if (IsSeccompBpfDesired() && // Global switches policy.
- ShouldEnableSeccompBpf(process_type) && // Process-specific policy.
+ if (IsSeccompBPFDesired() && // Global switches policy.
+ ShouldEnableSeccompBPF(process_type) && // Process-specific policy.
SupportsSandbox()) {
// If the kernel supports the sandbox, and if the command line says we
// should enable it, enable it or die.
- bool started_sandbox = StartBpfSandbox(command_line, process_type);
+ bool started_sandbox = StartBPFSandbox(command_line, process_type);
CHECK(started_sandbox);
return true;
}
@@ -778,10 +779,10 @@ bool SandboxSeccompBpf::StartSandbox(const std::string& process_type) {
return false;
}
-bool SandboxSeccompBpf::StartSandboxWithExternalPolicy(
- scoped_ptr<playground2::SandboxBpfPolicy> policy) {
+bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
+ scoped_ptr<sandbox::SandboxBPFPolicy> policy) {
#if defined(SECCOMP_BPF_SANDBOX)
- if (IsSeccompBpfDesired() && SupportsSandbox()) {
+ if (IsSeccompBPFDesired() && SupportsSandbox()) {
CHECK(policy);
StartSandboxWithPolicy(policy.release());
return true;
@@ -790,12 +791,12 @@ bool SandboxSeccompBpf::StartSandboxWithExternalPolicy(
return false;
}
-scoped_ptr<playground2::SandboxBpfPolicy>
-SandboxSeccompBpf::GetBaselinePolicy() {
+scoped_ptr<sandbox::SandboxBPFPolicy>
+SandboxSeccompBPF::GetBaselinePolicy() {
#if defined(SECCOMP_BPF_SANDBOX)
- return scoped_ptr<playground2::SandboxBpfPolicy>(new BaselinePolicy);
+ return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy);
#else
- return scoped_ptr<playground2::SandboxBpfPolicy>();
+ return scoped_ptr<sandbox::SandboxBPFPolicy>();
#endif // defined(SECCOMP_BPF_SANDBOX)
}
diff --git a/content/common/sandbox_seccomp_bpf_linux.h b/content/common/sandbox_seccomp_bpf_linux.h
index a32973d..c6058c4 100644
--- a/content/common/sandbox_seccomp_bpf_linux.h
+++ b/content/common/sandbox_seccomp_bpf_linux.h
@@ -10,8 +10,8 @@
#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
-namespace playground2 {
-class SandboxBpfPolicy;
+namespace sandbox {
+class SandboxBPFPolicy;
}
namespace content {
@@ -19,16 +19,16 @@ namespace content {
// This class has two main sets of APIs. One can be used to start the sandbox
// for internal content process types, the other is indirectly exposed as
// a public content/ API and uses a supplied policy.
-class SandboxSeccompBpf {
+class SandboxSeccompBPF {
public:
// This is the API to enable a seccomp-bpf sandbox for content/
// process-types:
// Is the sandbox globally enabled, can anything use it at all ?
// This looks at global command line flags to see if the sandbox
// should be enabled at all.
- static bool IsSeccompBpfDesired();
+ static bool IsSeccompBPFDesired();
// Should the sandbox be enabled for process_type ?
- static bool ShouldEnableSeccompBpf(const std::string& process_type);
+ static bool ShouldEnableSeccompBPF(const std::string& process_type);
// Check if the kernel supports this sandbox. It's useful to "prewarm"
// this, part of the result will be cached.
static bool SupportsSandbox();
@@ -39,12 +39,12 @@ class SandboxSeccompBpf {
// This is the API to enable a seccomp-bpf sandbox by using an
// external policy.
static bool StartSandboxWithExternalPolicy(
- scoped_ptr<playground2::SandboxBpfPolicy> policy);
+ scoped_ptr<sandbox::SandboxBPFPolicy> policy);
// The "baseline" policy can be a useful base to build a sandbox policy.
- static scoped_ptr<playground2::SandboxBpfPolicy> GetBaselinePolicy();
+ static scoped_ptr<sandbox::SandboxBPFPolicy> GetBaselinePolicy();
private:
- DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBpf);
+ DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBPF);
};
} // namespace content
diff --git a/content/public/common/sandbox_init.h b/content/public/common/sandbox_init.h
index 33a76c2..f709d23 100644
--- a/content/public/common/sandbox_init.h
+++ b/content/public/common/sandbox_init.h
@@ -16,11 +16,8 @@ namespace base {
class FilePath;
}
-namespace playground2 {
-class SandboxBpfPolicy;
-}
-
namespace sandbox {
+class SandboxBPFPolicy;
struct SandboxInterfaceInfo;
}
@@ -90,12 +87,12 @@ class SandboxInitializerDelegate;
// Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
// Returns true if the sandbox has been properly engaged.
CONTENT_EXPORT bool InitializeSandbox(
- scoped_ptr<playground2::SandboxBpfPolicy> policy);
+ scoped_ptr<sandbox::SandboxBPFPolicy> policy);
// Return a "baseline" policy. This is used by a SandboxInitializerDelegate to
// implement a policy that is derived from the baseline.
-CONTENT_EXPORT scoped_ptr<playground2::SandboxBpfPolicy>
-GetBpfSandboxBaselinePolicy();
+CONTENT_EXPORT scoped_ptr<sandbox::SandboxBPFPolicy>
+GetBPFSandboxBaselinePolicy();
#endif // defined(OS_LINUX)
} // namespace content
diff --git a/content/public/common/sandbox_linux.h b/content/public/common/sandbox_linux.h
index 6824d55..72e212e 100644
--- a/content/public/common/sandbox_linux.h
+++ b/content/public/common/sandbox_linux.h
@@ -21,7 +21,7 @@ enum LinuxSandboxStatus {
kSandboxLinuxNetNS = 1 << 2,
// seccomp-bpf sandbox active.
- kSandboxLinuxSeccompBpf = 1 << 3,
+ kSandboxLinuxSeccompBPF = 1 << 3,
};
} // namespace content
diff --git a/content/renderer/renderer_main_platform_delegate_linux.cc b/content/renderer/renderer_main_platform_delegate_linux.cc
index e473ad8..135a084 100644
--- a/content/renderer/renderer_main_platform_delegate_linux.cc
+++ b/content/renderer/renderer_main_platform_delegate_linux.cc
@@ -69,7 +69,7 @@ void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) {
// Here, we test that the status of SeccompBpf in the renderer is consistent
// with what LinuxSandbox::GetStatus() said we would do.
class LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();
- if (linux_sandbox->GetStatus() & kSandboxLinuxSeccompBpf) {
+ if (linux_sandbox->GetStatus() & kSandboxLinuxSeccompBPF) {
CHECK(linux_sandbox->seccomp_bpf_started());
}