From a9a8e2f5c9ed51373ea26c7aca8ab1138c624c94 Mon Sep 17 00:00:00 2001 From: "mdempsky@chromium.org" Date: Tue, 13 May 2014 23:32:58 +0000 Subject: Split NaCl SFI and non-SFI helpers into separate processes With this change, NaCl SFI and non-SFI processes now run in disjoint PID namespaces, so the kernel should prevent sending signals from an SFI process to a non-SFI process, or vice versa. (The NaCl PID namespaces are still nested within the renderer's PID namespace though.) BUG=364945 NOTRY=true Review URL: https://codereview.chromium.org/279693002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@270244 0039d316-1c4b-4281-b951-d872f2087c98 --- components/nacl/common/nacl_nonsfi_util.cc | 24 ++++++++++++++++++++++++ components/nacl/common/nacl_nonsfi_util.h | 18 ++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 components/nacl/common/nacl_nonsfi_util.cc create mode 100644 components/nacl/common/nacl_nonsfi_util.h (limited to 'components/nacl/common') diff --git a/components/nacl/common/nacl_nonsfi_util.cc b/components/nacl/common/nacl_nonsfi_util.cc new file mode 100644 index 0000000..d56cea6 --- /dev/null +++ b/components/nacl/common/nacl_nonsfi_util.cc @@ -0,0 +1,24 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/nacl/common/nacl_nonsfi_util.h" + +#include "base/command_line.h" +#include "build/build_config.h" +#include "components/nacl/common/nacl_switches.h" + +namespace nacl { + +bool IsNonSFIModeEnabled() { +#if defined(OS_CHROMEOS) && defined(ARCH_CPU_ARMEL) + return true; +#elif defined(OS_LINUX) + return CommandLine::ForCurrentProcess()->HasSwitch( + switches::kEnableNaClNonSfiMode); +#else + return false; +#endif +} + +} // namespace nacl diff --git a/components/nacl/common/nacl_nonsfi_util.h b/components/nacl/common/nacl_nonsfi_util.h new file mode 100644 index 0000000..07c033f --- /dev/null +++ b/components/nacl/common/nacl_nonsfi_util.h @@ -0,0 +1,18 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_NACL_COMMON_NACL_NONSFI_UTIL_H_ +#define COMPONENTS_NACL_COMMON_NACL_NONSFI_UTIL_H_ + +namespace nacl { + +// Returns true if non-SFI mode *can* run on the current platform and if non-SFI +// manifest entries are preferred. There can be other restrictions which +// prevent a particular module from launching. See NaClProcessHost::Launch +// which makes the final determination. +bool IsNonSFIModeEnabled(); + +} // namespace nacl + +#endif // COMPONENTS_NACL_COMMON_NACL_NONSFI_UTIL_H_ -- cgit v1.1