Non-SFI mode: Enable seccomp-bpf sandbox on nacl_helper_nonsfi.

This CL enables seccomp-bpf sandbox on nacl_helper_nonsfi. In codegen.cc, static_cast is added as implicit narrowing triggers compiler warning (= error with -Werror), with PNaCl toolchain. TEST=Ran bots. Ran ./sandbox_linux_unittests and ./nacl_loader_unittests locally with {Debug,Release} * {clang,gcc,msan,tsan} combinations. Ran ./browser_tests --gtest_filter=*NaCl*:*PPAPI* locally with {Release} * {clang,gcc,msan} combinations. Test an app using Non-SFI mode already with --use-nacl-helper-nonsfi. BUG=358465 Review URL: https://codereview.chromium.org/1104993002 Cr-Commit-Position: refs/heads/master@{#327880}
author: hidehiko <hidehiko@chromium.org> 2015-04-30 22:16:05 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-05-01 05:16:34 +0000
commit: aca25fdd9772e974b0399c24590fd864cebfcbab (patch)
tree: 04504d176310117a6a6f2c214a56587d3f5468ee /sandbox/sandbox_nacl_nonsfi.gyp
parent: 7f841930479d87f5c65082d26cc764883c1cd5dc (diff)
download: chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.zip
chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.tar.gz
chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.tar.bz2
1 files changed, 16 insertions, 2 deletions
diff --git a/sandbox/sandbox_nacl_nonsfi.gyp b/sandbox/sandbox_nacl_nonsfi.gyp
index 781df42..906fc7b 100644
--- a/sandbox/sandbox_nacl_nonsfi.gyp
+++ b/sandbox/sandbox_nacl_nonsfi.gyp
@@ -27,14 +27,28 @@
             'sources': [
               # This is the subset of linux build target, needed for
               # nacl_helper_nonsfi's sandbox implementation.
+              'linux/bpf_dsl/bpf_dsl.cc',
+              'linux/bpf_dsl/codegen.cc',
+              'linux/bpf_dsl/dump_bpf.cc',
+              'linux/bpf_dsl/policy.cc',
+              'linux/bpf_dsl/policy_compiler.cc',
+              'linux/bpf_dsl/syscall_set.cc',
+              'linux/bpf_dsl/verifier.cc',
+              'linux/seccomp-bpf-helpers/sigsys_handlers.cc',
+              'linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
+              'linux/seccomp-bpf/die.cc',
+              'linux/seccomp-bpf/errorcode.cc',
+              'linux/seccomp-bpf/sandbox_bpf.cc',
+              'linux/seccomp-bpf/syscall.cc',
+              'linux/seccomp-bpf/trap.cc',
               'linux/services/credentials.cc',
-              'linux/services/namespace_utils.cc',
               'linux/services/namespace_sandbox.cc',
+              'linux/services/namespace_utils.cc',
               'linux/services/proc_util.cc',
+              'linux/services/resource_limits.cc',
               'linux/services/syscall_wrappers.cc',
               'linux/services/thread_helpers.cc',
               'linux/suid/client/setuid_sandbox_client.cc',
-              # TODO(hidehiko): Support seccomp-bpf sandbox.
             ],
           },
           'dependencies': [
author	hidehiko <hidehiko@chromium.org>	2015-04-30 22:16:05 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-05-01 05:16:34 +0000
commit	aca25fdd9772e974b0399c24590fd864cebfcbab (patch)
tree	04504d176310117a6a6f2c214a56587d3f5468ee /sandbox/sandbox_nacl_nonsfi.gyp
parent	7f841930479d87f5c65082d26cc764883c1cd5dc (diff)
download	chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.zip chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.tar.gz chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.tar.bz2