| /external/selinux/policycoreutils/sandbox/ |
| sandbox.8 | 1 .TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
3 sandbox \- Run cmd under an SELinux sandbox
5 .B sandbox
9 .B sandbox
16 application within a tightly confined SELinux domain. The default sandbox domain only allows applications the ability to read and write stdin, stdout and any other file descriptors handed to it. It is not allowed to open any other files. The \-M option will mount an alternate homedir and tmpdir to be used by the sandbox.
19 .I policycoreutils-sandbox
21 .B sandbox \-
[all...] |
| /external/libchrome/sandbox/linux/seccomp-bpf-helpers/ |
| syscall_parameters_restrictions_unittests.cc | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
21 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
22 #include "sandbox/linux/bpf_dsl/policy.h"
23 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
24 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
25 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
26 #include "sandbox/linux/seccomp-bpf/syscall.h"
27 #include "sandbox/linux/services/syscall_wrappers.h"
28 #include "sandbox/linux/system_headers/linux_syscalls.h"
29 #include "sandbox/linux/system_headers/linux_time.h
36 namespace sandbox { namespace
[all...] |
| baseline_policy.h | 9 #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
10 #include "sandbox/linux/bpf_dsl/policy.h"
11 #include "sandbox/sandbox_export.h"
13 namespace sandbox { namespace
15 // This is a helper to build seccomp-bpf policies, i.e. policies for a sandbox
47 } // namespace sandbox.
|
| baseline_policy_unittest.cc | 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
30 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
31 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
32 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
33 #include "sandbox/linux/seccomp-bpf/syscall.h"
34 #include "sandbox/linux/services/syscall_wrappers.h"
35 #include "sandbox/linux/services/thread_helpers.h"
36 #include "sandbox/linux/system_headers/linux_futex.h"
37 #include "sandbox/linux/system_headers/linux_syscalls.h"
38 #include "sandbox/linux/tests/test_utils.h
45 namespace sandbox { namespace
[all...] |
| /external/libchrome/sandbox/linux/services/ |
| resource_limits_unittests.cc | 5 #include "sandbox/linux/services/resource_limits.h"
13 #include "sandbox/linux/tests/test_utils.h"
14 #include "sandbox/linux/tests/unit_tests.h"
17 namespace sandbox { namespace
43 } // namespace sandbox
|
| init_process_reaper.h | 9 #include "sandbox/sandbox_export.h"
11 namespace sandbox { namespace
23 } // namespace sandbox.
|
| resource_limits.cc | 5 #include "sandbox/linux/services/resource_limits.h"
12 namespace sandbox { namespace
26 } // namespace sandbox
|
| namespace_utils_unittest.cc | 5 #include "sandbox/linux/services/namespace_utils.h"
15 #include "sandbox/linux/services/credentials.h"
16 #include "sandbox/linux/tests/unit_tests.h"
19 namespace sandbox { namespace
72 } // namespace sandbox.
|
| /external/libchrome/sandbox/linux/bpf_dsl/ |
| errorcode.h | 9 #include "sandbox/sandbox_export.h"
11 namespace sandbox { namespace
35 } // namespace sandbox
|
| verifier.h | 13 #include "sandbox/sandbox_export.h"
17 namespace sandbox { namespace
32 // is used for purposes other than verifying the output of the sandbox's
43 } // namespace sandbox
|
| /external/libchrome/sandbox/linux/seccomp-bpf/ |
| bpf_tests_unittest.cc | 5 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
17 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
18 #include "sandbox/linux/bpf_dsl/policy.h"
19 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
20 #include "sandbox/linux/services/syscall_wrappers.h"
21 #include "sandbox/linux/system_headers/linux_syscalls.h"
22 #include "sandbox/linux/tests/unit_tests.h"
25 using sandbox::bpf_dsl::Allow;
26 using sandbox::bpf_dsl::Error;
27 using sandbox::bpf_dsl::ResultExpr
29 namespace sandbox { namespace
[all...] |
| sandbox_bpf.h | 13 #include "sandbox/linux/bpf_dsl/codegen.h"
14 #include "sandbox/sandbox_export.h"
16 namespace sandbox { namespace
33 // Ownership of |policy| is transfered here to the sandbox object.
36 // NOTE: Setting a policy and starting the sandbox is a one-way operation.
37 // The kernel does not provide any option for unloading a loaded sandbox. The
38 // sandbox remains engaged even when the object is destructed.
46 // the sandbox, and enters Seccomp mode.
47 // The calling process must provide a |level| to tell the sandbox which type
49 // SINGLE_THREADED will only sandbox the calling thread. Since it would be
[all...] |
| sandbox_bpf.cc | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
19 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
20 #include "sandbox/linux/bpf_dsl/codegen.h"
21 #include "sandbox/linux/bpf_dsl/policy.h"
22 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
23 #include "sandbox/linux/bpf_dsl/seccomp_macros.h"
24 #include "sandbox/linux/bpf_dsl/syscall_set.h"
25 #include "sandbox/linux/seccomp-bpf/die.h"
26 #include "sandbox/linux/seccomp-bpf/syscall.h"
27 #include "sandbox/linux/seccomp-bpf/trap.h
36 namespace sandbox { namespace
[all...] |
| die.h | 9 #include "sandbox/sandbox_export.h"
11 namespace sandbox { namespace
15 #define SANDBOX_DIE(m) sandbox::Die::SandboxDie(m, __FILE__, __LINE__)
19 #define RAW_SANDBOX_DIE(m) sandbox::Die::RawSandboxDie(m)
22 #define SANDBOX_INFO(m) sandbox::Die::SandboxInfo(m, __FILE__, __LINE__)
26 // Terminate the program, even if the current sandbox policy prevents some
66 } // namespace sandbox
|
| trap.h | 14 #include "sandbox/linux/bpf_dsl/trap_registry.h"
15 #include "sandbox/linux/system_headers/linux_signal.h"
16 #include "sandbox/sandbox_export.h"
18 namespace sandbox { namespace
26 // time. For the purposes of our sandbox, this assertion should always be
27 // true. Threads are incompatible with the seccomp sandbox anyway.
84 } // namespace sandbox
|
| /external/libchrome/sandbox/linux/syscall_broker/ |
| broker_channel.cc | 5 #include "sandbox/linux/syscall_broker/broker_channel.h"
12 namespace sandbox { namespace
35 } // namespace sandbox
|
| broker_host.h | 9 #include "sandbox/linux/syscall_broker/broker_channel.h"
11 namespace sandbox { namespace
39 } // namespace sandbox
|
| broker_channel.h | 11 namespace sandbox { namespace
29 } // namespace sandbox
|
| /external/libchrome/sandbox/win/src/ |
| interceptors.h | 9 #include "sandbox/win/src/interceptors_64.h"
12 namespace sandbox { namespace
53 } // namespace sandbox
|
| sandbox_factory.h | 9 #include "sandbox/win/src/sandbox.h"
29 // The Sandbox library needs to be linked against the main executable, but
33 // the Sandbox API calls are made.
34 namespace sandbox { namespace
49 } // namespace sandbox
|
| ipc_tags.h | 8 namespace sandbox { namespace
38 } // namespace sandbox
|
| policy_params.h | 8 #include "sandbox/win/src/policy_engine_params.h"
10 namespace sandbox { namespace
19 typedef sandbox::ParameterSet type##Array [type::PolParamLast];
65 } // namespace sandbox
|
| /external/autotest/client/site_tests/security_SandboxStatus/ |
| control | 16 Checks the status of the sandbox by looking at chrome://sandbox and
|
| /external/libchrome/sandbox/ |
| sandbox.gyp | 26 # A 'default' to accomodate the "sandbox" target.
29 'target_name': 'sandbox',
|
| /external/compiler-rt/test/asan/TestCases/Darwin/ |
| sandbox-symbolizer.cc | 1 // In a non-forking sandbox, we can't spawn an external symbolizer, but dladdr()
7 // RUN: not %run sandbox-exec -p '(version 1)(allow default)(deny process-fork)' %t 2>&1 | FileCheck %s
8 // RUN: not %run sandbox-exec -p '(version 1)(allow default)(deny mach-priv-task-port)' %t 2>&1 | FileCheck %s
9 // RUN: env ASAN_SYMBOLIZER_PATH="" not %run sandbox-exec -p '(version 1)(allow default)(deny mach-priv-task-port)' %t 2>&1 | FileCheck %s
11 // RUN: not %run sandbox-exec -p '(version 1)(allow default)(deny process-fork)' %t 2>&1 | FileCheck %s
12 // RUN: not %run sandbox-exec -p '(version 1)(allow default)(deny mach-priv-task-port)' %t 2>&1 | FileCheck %s
13 // RUN: env ASAN_SYMBOLIZER_PATH="" not %run sandbox-exec -p '(version 1)(allow default)(deny mach-priv-task-port)' %t 2>&1 | FileCheck %s
|
