Upstream version 7.36.149.0

[platform/framework/web/crosswalk.git] / src / sandbox / linux / seccomp-bpf-helpers / syscall_sets.cc

diff --git a/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
index 032f6c3..5f8785e 100644 (file)
--- a/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ b/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
@@ -14,12 +14,11 @@ namespace sandbox {
 // The implicitly defined sets form a partition of the sets of
 // system calls.
 
-// TODO(jln) we need to restrict the first parameter!
 bool SyscallSets::IsKill(int sysno) {
   switch (sysno) {
     case __NR_kill:
-    case __NR_tkill:
     case __NR_tgkill:
+    case __NR_tkill:  // Deprecated.
       return true;
     default:
       return false;
@@ -351,7 +350,6 @@ bool SyscallSets::IsKernelInternalApi(int sysno) {
 // This should be thought through in conjunction with IsFutex().
 bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
   switch (sysno) {
-    case __NR_clone:  // TODO(jln): restrict flags.
     case __NR_exit:
     case __NR_exit_group:
     case __NR_wait4:
@@ -360,6 +358,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
     case __NR_waitpid:
 #endif
       return true;
+    case __NR_clone:  // Should be parameter-restricted.
     case __NR_setns:  // Privileged.
     case __NR_fork:
 #if defined(__i386__) || defined(__x86_64__)