1 # Copyright 2016 The Chromium Authors
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 # The seccomp-bpf sandbox is only supported on six architectures
7 # Do not disable seccomp_bpf anywhere without talking to
8 # security@chromium.org!
9 use_seccomp_bpf = (is_linux || is_tizen|| is_chromeos || is_android) &&
10 (current_cpu == "x86" || current_cpu == "x64" ||
11 current_cpu == "arm" || current_cpu == "arm64" ||
12 current_cpu == "mipsel" || current_cpu == "mips64el")
14 # SSBD (Speculative Store Bypass Disable) is a mitigation of Spectre Variant 4.
15 # As Spectre Variant 4 can be mitigated by site isolation, opt-out SSBD on site
16 # isolation fully applied platform.
17 disable_seccomp_ssbd = use_seccomp_bpf && !is_android