X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fcontent%2Fcommon%2Fsandbox_linux%2Fbpf_utility_policy_linux.cc;h=a9288fbb4a60873166e05dfd66b81d5ceec5878e;hb=3545e9f2671f595d2a2f3ee75ca0393b01e35ef6;hp=ee92f82a11ed0cacbc5700d449e479230b5590cc;hpb=7d210d4c7e9ba36e635eabc5b5780495f8a63292;p=platform%2Fframework%2Fweb%2Fcrosswalk.git diff --git a/src/content/common/sandbox_linux/bpf_utility_policy_linux.cc b/src/content/common/sandbox_linux/bpf_utility_policy_linux.cc index ee92f82..a9288fb 100644 --- a/src/content/common/sandbox_linux/bpf_utility_policy_linux.cc +++ b/src/content/common/sandbox_linux/bpf_utility_policy_linux.cc @@ -11,7 +11,6 @@ #include "content/common/sandbox_linux/sandbox_linux.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" -#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" #include "sandbox/linux/services/linux_syscalls.h" using sandbox::SyscallSets; @@ -37,34 +36,20 @@ ResultExpr UtilityProcessPolicy::EvaluateSyscall(int sysno) const { case __NR_ioctl: return sandbox::RestrictIoctl(); // Allow the system calls below. - // The baseline policy allows __NR_clock_gettime. Allow - // clock_getres() for V8. crbug.com/329053. - case __NR_clock_getres: case __NR_fdatasync: case __NR_fsync: - case __NR_getpriority: #if defined(__i386__) || defined(__x86_64__) case __NR_getrlimit: #endif #if defined(__i386__) || defined(__arm__) case __NR_ugetrlimit: #endif - case __NR_mremap: // See crbug.com/149834. case __NR_pread64: case __NR_pwrite64: - case __NR_sched_getaffinity: - case __NR_sched_get_priority_max: - case __NR_sched_get_priority_min: - case __NR_sched_getparam: - case __NR_sched_getscheduler: - case __NR_sched_setscheduler: - case __NR_setpriority: case __NR_sysinfo: case __NR_times: case __NR_uname: return Allow(); - case __NR_prlimit64: - return Error(EPERM); // See crbug.com/160157. default: // Default on the content baseline policy. return SandboxBPFBasePolicy::EvaluateSyscall(sysno);