1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "content/common/sandbox_linux/bpf_ppapi_policy_linux.h" 6 7 #include <errno.h> 8 9 #include "base/basictypes.h" 10 #include "build/build_config.h" 11 #include "content/common/sandbox_linux/sandbox_linux.h" 12 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 13 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 14 #include "sandbox/linux/services/linux_syscalls.h" 15 16 using sandbox::SyscallSets; 17 using sandbox::bpf_dsl::Allow; 18 using sandbox::bpf_dsl::Error; 19 using sandbox::bpf_dsl::ResultExpr; 20 21 namespace content { 22 23 PpapiProcessPolicy::PpapiProcessPolicy() {} 24 PpapiProcessPolicy::~PpapiProcessPolicy() {} 25 26 ResultExpr PpapiProcessPolicy::EvaluateSyscall(int sysno) const { 27 switch (sysno) { 28 // TODO(jln): restrict prctl. 29 case __NR_prctl: 30 case __NR_pread64: 31 case __NR_pwrite64: 32 case __NR_sched_get_priority_max: 33 case __NR_sched_get_priority_min: 34 case __NR_sched_getaffinity: 35 case __NR_sched_getparam: 36 case __NR_sched_getscheduler: 37 case __NR_sched_setscheduler: 38 case __NR_times: 39 return Allow(); 40 case __NR_ioctl: 41 return Error(ENOTTY); // Flash Access. 42 default: 43 // Default on the baseline policy. 44 return SandboxBPFBasePolicy::EvaluateSyscall(sysno); 45 } 46 } 47 48 } // namespace content 49
