Upstream version 7.36.149.0

[platform/framework/web/crosswalk.git] / src / content / common / sandbox_linux / bpf_renderer_policy_linux.cc

diff --git a/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc b/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
index f4c19a6..2679778 100644 (file)
--- a/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
+++ b/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
@@ -18,26 +18,12 @@ using sandbox::SyscallSets;
 
 namespace content {
 
-namespace {
-
-inline bool IsUsingToolKitGtk() {
-#if defined(TOOLKIT_GTK)
-  return true;
-#else
-  return false;
-#endif
-}
-
-}  // namespace
-
 RendererProcessPolicy::RendererProcessPolicy() {}
 RendererProcessPolicy::~RendererProcessPolicy() {}
 
 ErrorCode RendererProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
                                                  int sysno) const {
   switch (sysno) {
-    case __NR_clone:
-      return sandbox::RestrictCloneToThreadsAndEPERMFork(sandbox);
     case __NR_ioctl:
       return sandbox::RestrictIoctl(sandbox);
     case __NR_prctl:
@@ -72,17 +58,6 @@ ErrorCode RendererProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
     case __NR_prlimit64:
       return ErrorCode(EPERM);  // See crbug.com/160157.
     default:
-      if (IsUsingToolKitGtk()) {
-#if defined(__x86_64__) || defined(__arm__)
-        if (SyscallSets::IsSystemVSharedMemory(sysno))
-          return ErrorCode(ErrorCode::ERR_ALLOWED);
-#endif
-#if defined(__i386__)
-        if (SyscallSets::IsSystemVIpc(sysno))
-          return ErrorCode(ErrorCode::ERR_ALLOWED);
-#endif
-      }
-
       // Default on the content baseline policy.
       return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno);
   }