projects
/
platform
/
framework
/
web
/
crosswalk.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Upstream version 7.36.149.0
[platform/framework/web/crosswalk.git]
/
src
/
content
/
common
/
sandbox_linux
/
bpf_gpu_policy_linux.cc
diff --git
a/src/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
b/src/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
index
c2c8a03
..
1cdca30
100644
(file)
--- a/
src/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/
src/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@
-106,13
+106,16
@@
intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
class GpuBrokerProcessPolicy : public GpuProcessPolicy {
public:
class GpuBrokerProcessPolicy : public GpuProcessPolicy {
public:
- GpuBrokerProcessPolicy() {}
+ static sandbox::SandboxBPFPolicy* Create() {
+ return new GpuBrokerProcessPolicy();
+ }
virtual ~GpuBrokerProcessPolicy() {}
virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
virtual ~GpuBrokerProcessPolicy() {}
virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
+ GpuBrokerProcessPolicy() {}
DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy);
};
DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy);
};
@@
-146,9
+149,11
@@
void UpdateProcessTypeToGpuBroker() {
}
bool UpdateProcessTypeAndEnableSandbox(
}
bool UpdateProcessTypeAndEnableSandbox(
- const base::Callback<bool(void)>& broker_sandboxer_callback) {
+ sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void)) {
+ DCHECK(broker_sandboxer_allocator);
UpdateProcessTypeToGpuBroker();
UpdateProcessTypeToGpuBroker();
- return broker_sandboxer_callback.Run();
+ return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
+ make_scoped_ptr(broker_sandboxer_allocator()));
}
} // namespace
}
} // namespace
@@
-198,9
+203,7
@@
bool GpuProcessPolicy::PreSandboxHook() {
DCHECK(!broker_process());
// Create a new broker process.
InitGpuBrokerProcess(
DCHECK(!broker_process());
// Create a new broker process.
InitGpuBrokerProcess(
- base::Bind(&SandboxSeccompBPF::StartSandboxWithExternalPolicy,
- base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>(
- new GpuBrokerProcessPolicy))),
+ GpuBrokerProcessPolicy::Create,
std::vector<std::string>(), // No extra files in whitelist.
std::vector<std::string>());
std::vector<std::string>(), // No extra files in whitelist.
std::vector<std::string>());
@@
-236,7
+239,7
@@
bool GpuProcessPolicy::PreSandboxHook() {
}
void GpuProcessPolicy::InitGpuBrokerProcess(
}
void GpuProcessPolicy::InitGpuBrokerProcess(
-
const base::Callback<bool(void)>& broker_sandboxer_callback
,
+
sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void)
,
const std::vector<std::string>& read_whitelist_extra,
const std::vector<std::string>& write_whitelist_extra) {
static const char kDriRcPath[] = "/etc/drirc";
const std::vector<std::string>& read_whitelist_extra,
const std::vector<std::string>& write_whitelist_extra) {
static const char kDriRcPath[] = "/etc/drirc";
@@
-266,7
+269,7
@@
void GpuProcessPolicy::InitGpuBrokerProcess(
// The initialization callback will perform generic initialization and then
// call broker_sandboxer_callback.
CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
// The initialization callback will perform generic initialization and then
// call broker_sandboxer_callback.
CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
- broker_sandboxer_
callback
)));
+ broker_sandboxer_
allocator
)));
}
} // namespace content
}
} // namespace content