diff options
author | hidehiko <hidehiko@chromium.org> | 2015-04-30 22:16:05 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-05-01 05:16:34 +0000 |
commit | aca25fdd9772e974b0399c24590fd864cebfcbab (patch) | |
tree | 04504d176310117a6a6f2c214a56587d3f5468ee /sandbox/sandbox_nacl_nonsfi.gyp | |
parent | 7f841930479d87f5c65082d26cc764883c1cd5dc (diff) | |
download | chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.zip chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.tar.gz chromium_src-aca25fdd9772e974b0399c24590fd864cebfcbab.tar.bz2 |
Non-SFI mode: Enable seccomp-bpf sandbox on nacl_helper_nonsfi.
This CL enables seccomp-bpf sandbox on nacl_helper_nonsfi.
In codegen.cc, static_cast is added as implicit narrowing triggers compiler warning (= error with -Werror), with PNaCl toolchain.
TEST=Ran bots. Ran ./sandbox_linux_unittests and ./nacl_loader_unittests locally with {Debug,Release} * {clang,gcc,msan,tsan} combinations. Ran ./browser_tests --gtest_filter=*NaCl*:*PPAPI* locally with {Release} * {clang,gcc,msan} combinations. Test an app using Non-SFI mode already with --use-nacl-helper-nonsfi.
BUG=358465
Review URL: https://codereview.chromium.org/1104993002
Cr-Commit-Position: refs/heads/master@{#327880}
Diffstat (limited to 'sandbox/sandbox_nacl_nonsfi.gyp')
-rw-r--r-- | sandbox/sandbox_nacl_nonsfi.gyp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/sandbox/sandbox_nacl_nonsfi.gyp b/sandbox/sandbox_nacl_nonsfi.gyp index 781df42..906fc7b 100644 --- a/sandbox/sandbox_nacl_nonsfi.gyp +++ b/sandbox/sandbox_nacl_nonsfi.gyp @@ -27,14 +27,28 @@ 'sources': [ # This is the subset of linux build target, needed for # nacl_helper_nonsfi's sandbox implementation. + 'linux/bpf_dsl/bpf_dsl.cc', + 'linux/bpf_dsl/codegen.cc', + 'linux/bpf_dsl/dump_bpf.cc', + 'linux/bpf_dsl/policy.cc', + 'linux/bpf_dsl/policy_compiler.cc', + 'linux/bpf_dsl/syscall_set.cc', + 'linux/bpf_dsl/verifier.cc', + 'linux/seccomp-bpf-helpers/sigsys_handlers.cc', + 'linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc', + 'linux/seccomp-bpf/die.cc', + 'linux/seccomp-bpf/errorcode.cc', + 'linux/seccomp-bpf/sandbox_bpf.cc', + 'linux/seccomp-bpf/syscall.cc', + 'linux/seccomp-bpf/trap.cc', 'linux/services/credentials.cc', - 'linux/services/namespace_utils.cc', 'linux/services/namespace_sandbox.cc', + 'linux/services/namespace_utils.cc', 'linux/services/proc_util.cc', + 'linux/services/resource_limits.cc', 'linux/services/syscall_wrappers.cc', 'linux/services/thread_helpers.cc', 'linux/suid/client/setuid_sandbox_client.cc', - # TODO(hidehiko): Support seccomp-bpf sandbox. ], }, 'dependencies': [ |