// Copyright 2013 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sandbox/policy/linux/bpf_renderer_policy_linux.h" #include <errno.h> #include <sys/ioctl.h> #include "build/build_config.h" #include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" #include "sandbox/linux/system_headers/linux_syscalls.h" #include "sandbox/policy/linux/sandbox_linux.h" // TODO(vignatti): replace the local definitions below with #include // <linux/dma-buf.h> once kernel version 4.6 becomes widely used. #include <linux/types.h> struct local_dma_buf_sync { … }; #define LOCAL_DMA_BUF_BASE … #define LOCAL_DMA_BUF_IOCTL_SYNC … Allow; Arg; Error; ResultExpr; namespace sandbox { namespace policy { namespace { #if !BUILDFLAG(IS_ANDROID) ResultExpr RestrictIoctl() { … } #endif // !BUILDFLAG(IS_ANDROID) } // namespace #if !BUILDFLAG(IS_ANDROID) RendererProcessPolicy::RendererProcessPolicy() = default; #else RendererProcessPolicy::RendererProcessPolicy( const BaselinePolicyAndroid::RuntimeOptions& options) : BPFBasePolicy(options) {} #endif // !BUILDFLAG(IS_ANDROID) RendererProcessPolicy::~RendererProcessPolicy() = default; ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const { … } } // namespace policy } // namespace sandbox
Codebase Browser
chromium