projects / platform / framework / web / crosswalk.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Upstream version 5.34.104.0
[platform/framework/web/crosswalk.git] / src / sandbox / linux / seccomp-bpf-helpers / baseline_policy.cc
diff --git a/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index d0e53e3..c72b53a 100644 (file)
--- a/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -70,7 +70,6 @@ bool IsBaselinePolicyWatched(int sysno) {
 #endif
          SyscallSets::IsNuma(sysno) ||
          SyscallSets::IsProcessGroupOrSession(sysno) ||
-         SyscallSets::IsProcessPrivilegeChange(sysno) ||
 #if defined(__i386__)
          SyscallSets::IsSocketCall(sysno) ||
 #endif
@@ -137,7 +136,8 @@ ErrorCode EvaluateSyscallImpl(int fs_denied_errno, SandboxBPF* sandbox,
 
   if (SyscallSets::IsUmask(sysno) ||
       SyscallSets::IsDeniedFileSystemAccessViaFd(sysno) ||
-      SyscallSets::IsDeniedGetOrModifySocket(sysno)) {
+      SyscallSets::IsDeniedGetOrModifySocket(sysno) ||
+      SyscallSets::IsProcessPrivilegeChange(sysno)) {
     return ErrorCode(EPERM);
   }
 
Domain: Web Framework / Uncategorized;