X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fcontent%2Fcommon%2Fsandbox_linux%2Fbpf_renderer_policy_linux.cc;h=86cef92cbe324bd18000b1301552ce292157e81e;hb=3545e9f2671f595d2a2f3ee75ca0393b01e35ef6;hp=b1ba0e37bc1868e5ebaa9a410536b32fb7393380;hpb=7d210d4c7e9ba36e635eabc5b5780495f8a63292;p=platform%2Fframework%2Fweb%2Fcrosswalk.git

diff --git a/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc b/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
index b1ba0e3..86cef92 100644
--- a/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
+++ b/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
@@ -11,7 +11,6 @@
 #include "content/common/sandbox_linux/sandbox_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 using sandbox::SyscallSets;
@@ -26,15 +25,15 @@ RendererProcessPolicy::~RendererProcessPolicy() {}
 
 ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
-    case __NR_ioctl:
-      return sandbox::RestrictIoctl();
-    // Allow the system calls below.
     // The baseline policy allows __NR_clock_gettime. Allow
     // clock_getres() for V8. crbug.com/329053.
     case __NR_clock_getres:
+      return sandbox::RestrictClockID();
+    case __NR_ioctl:
+      return sandbox::RestrictIoctl();
+    // Allow the system calls below.
     case __NR_fdatasync:
     case __NR_fsync:
-    case __NR_getpriority:
 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
     case __NR_getrlimit:
 #endif
@@ -50,7 +49,6 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {
     case __NR_sched_getparam:
     case __NR_sched_getscheduler:
     case __NR_sched_setscheduler:
-    case __NR_setpriority:
     case __NR_sysinfo:
     case __NR_times:
     case __NR_uname: