summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--content/common/sandbox_seccomp_bpf_linux.cc4
-rw-r--r--content/utility/utility_main.cc6
2 files changed, 10 insertions, 0 deletions
diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc
index d9dcfd1..446f314 100644
--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -1365,6 +1365,10 @@ Sandbox::EvaluateSyscall GetProcessSyscallPolicy(
return RendererOrWorkerProcessPolicy_x86_64;
}
+ if (process_type == switches::kUtilityProcess) {
+ return BlacklistDebugAndNumaPolicy;
+ }
+
NOTREACHED();
// This will be our default if we need one.
return AllowAllPolicy;
diff --git a/content/utility/utility_main.cc b/content/utility/utility_main.cc
index 711b7bc..6aeff1d 100644
--- a/content/utility/utility_main.cc
+++ b/content/utility/utility_main.cc
@@ -10,6 +10,7 @@
#include "content/common/child_process.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/main_function_params.h"
+#include "content/public/common/sandbox_init.h"
#include "content/utility/utility_thread_impl.h"
#if defined(OS_WIN)
@@ -25,6 +26,11 @@ int UtilityMain(const content::MainFunctionParams& parameters) {
base::SystemMonitor system_monitor;
HighResolutionTimerManager hi_res_timer_manager;
+#if defined(OS_LINUX)
+ // Initialize the sandbox before any thread is created.
+ content::InitializeSandbox();
+#endif
+
ChildProcess utility_process;
utility_process.set_main_thread(new UtilityThreadImpl());
generated by cgit v1.1 at 2025-04-02 09:08:51 +0000