forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Linux sandbox: migrate policies to new format.
seccomp-bpf policies are now the implementation of the interface that lives in sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h Sandbox policies inside content/ will all derive from the SandboxBpfBasePolicy (sandbox_bpf_base_policy.h) class. We can now rely on real C++ inheritance to implement our policy hierarchy. This is a first CL, part of a larger refactor. It should help minmize the risk of error and facilitate review by keeping the general layout of the code similar. In upcoming changes, we will: 1. Migrate NaCl and get rid of the compatibility / deprecated interfaces. 2. Extend the interface of SandboxBpfBasePolicy to be compatible with starting a GPU sandbox and reflect all the steps. 3. Move all the policies to directories such as renderer/ and gpu/ and each policy class will be able to live in its own file. BUG=325535 R=creis@chromium.org, jorgelo@chromium.org, mseaborn@chromium.org, rsesek@chromium.org Review URL: https://codereview.chromium.org/105673005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@239550 0039d316-1c4b-4281-b951-d872f2087c98
- Loading branch information
jln@chromium.org
committed
Dec 9, 2013
1 parent
b445632
commit add747d
Showing
10 changed files
with
701 additions
and
394 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| // Copyright 2013 The Chromium Authors. All rights reserved. | ||
| // Use of this source code is governed by a BSD-style license that can be | ||
| // found in the LICENSE file. | ||
|
|
||
| #include "content/common/sandbox_bpf_base_policy_linux.h" | ||
|
|
||
| #include <errno.h> | ||
|
|
||
| #include "base/logging.h" | ||
| #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | ||
|
|
||
| namespace content { | ||
|
|
||
| namespace { | ||
|
|
||
| // The errno used for denied file system access system calls, such as open(2). | ||
| static const int kFSDeniedErrno = EPERM; | ||
|
|
||
| } // namespace. | ||
|
|
||
| SandboxBpfBasePolicy::SandboxBpfBasePolicy() | ||
| : baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {} | ||
| SandboxBpfBasePolicy::~SandboxBpfBasePolicy() {} | ||
|
|
||
| ErrorCode SandboxBpfBasePolicy::EvaluateSyscall(Sandbox* sandbox_compiler, | ||
| int system_call_number) const { | ||
| DCHECK(baseline_policy_); | ||
| return baseline_policy_->EvaluateSyscall(sandbox_compiler, | ||
| system_call_number); | ||
| } | ||
|
|
||
| int SandboxBpfBasePolicy::GetFSDeniedErrno() { | ||
| return kFSDeniedErrno; | ||
| } | ||
|
|
||
| } // namespace content. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| // Copyright 2013 The Chromium Authors. All rights reserved. | ||
| // Use of this source code is governed by a BSD-style license that can be | ||
| // found in the LICENSE file. | ||
|
|
||
| #ifndef CONTENT_COMMON_SANDBOX_BPF_BASE_POLICY_LINUX_H_ | ||
| #define CONTENT_COMMON_SANDBOX_BPF_BASE_POLICY_LINUX_H_ | ||
|
|
||
| #include "base/basictypes.h" | ||
| #include "base/memory/scoped_ptr.h" | ||
| #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | ||
| #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" | ||
|
|
||
| using playground2::ErrorCode; | ||
| using playground2::Sandbox; | ||
|
|
||
| namespace content { | ||
|
|
||
| // The "baseline" BPF policy for content/. Any content/ seccomp-bpf policy | ||
| // should inherit from it. | ||
| // It implements the main SandboxBpfPolicy interface. Due to its nature | ||
| // as a "kernel attack surface reduction" layer, it's implementation-defined. | ||
| class SandboxBpfBasePolicy : public playground2::SandboxBpfPolicy { | ||
| public: | ||
| SandboxBpfBasePolicy(); | ||
| virtual ~SandboxBpfBasePolicy(); | ||
|
|
||
| virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, | ||
| int system_call_number) const OVERRIDE; | ||
| // Get the errno(3) to return for filesystem errors. | ||
| static int GetFSDeniedErrno(); | ||
|
|
||
| private: | ||
| // Compose the BaselinePolicy from sandbox/. | ||
| scoped_ptr<sandbox::BaselinePolicy> baseline_policy_; | ||
| DISALLOW_COPY_AND_ASSIGN(SandboxBpfBasePolicy); | ||
| }; | ||
|
|
||
| } // namespace content | ||
|
|
||
| #endif // CONTENT_COMMON_SANDBOX_BPF_BASE_POLICY_LINUX_H_ |
Oops, something went wrong.