From c37fb8efaecfd3ca87725466de4abdeae86ad343 Mon Sep 17 00:00:00 2001 From: parkch98 Date: Sat, 13 Dec 2014 09:47:10 -0800 Subject: [PATCH] content: bpf: exclude the syscalls if arm64 __NR_open, __NR_access are not defined on arm64. So, I just blocked the syscall to build properly on arm64. BUG=None Review URL: https://codereview.chromium.org/784733002 Cr-Commit-Position: refs/heads/master@{#308281} Index: qtwebengine-opensource-src-5.5.0/src/3rdparty/chromium/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc =================================================================== --- qtwebengine-opensource-src-5.5.0.orig/src/3rdparty/chromium/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc +++ qtwebengine-opensource-src-5.5.0/src/3rdparty/chromium/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc @@ -46,7 +46,7 @@ inline bool IsChromeOS() { } inline bool IsArchitectureArm() { -#if defined(__arm__) +#if defined(__arm__) || defined(__aarch64__) return true; #else return false; @@ -113,8 +113,11 @@ class CrosArmGpuBrokerProcessPolicy : pu // openat allowed. ResultExpr CrosArmGpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const { switch (sysno) { +#if !defined(__aarch64__) case __NR_access: case __NR_open: +#endif // !defined(__aarch64__) + case __NR_faccessat: case __NR_openat: return Allow(); default: @@ -130,13 +133,13 @@ CrosArmGpuProcessPolicy::CrosArmGpuProce CrosArmGpuProcessPolicy::~CrosArmGpuProcessPolicy() {} ResultExpr CrosArmGpuProcessPolicy::EvaluateSyscall(int sysno) const { -#if defined(__arm__) +#if defined(__arm__) || defined(__aarch64__) if (allow_shmat_ && sysno == __NR_shmat) return Allow(); -#endif // defined(__arm__) +#endif // defined(__arm__) || defined(__aarch64__) switch (sysno) { -#if defined(__arm__) +#if defined(__arm__) || defined(__aarch64__) // ARM GPU sandbox is started earlier so we need to allow networking // in the sandbox. case __NR_connect: @@ -151,7 +154,7 @@ ResultExpr CrosArmGpuProcessPolicy::Eval const Arg domain(0); return If(domain == AF_UNIX, Allow()).Else(Error(EPERM)); } -#endif // defined(__arm__) +#endif // defined(__arm__) || defined(__aarch64__) default: // Default to the generic GPU policy. return GpuProcessPolicy::EvaluateSyscall(sysno); Index: qtwebengine-opensource-src-5.5.0/src/3rdparty/chromium/content/common/sandbox_linux/bpf_gpu_policy_linux.cc =================================================================== --- qtwebengine-opensource-src-5.5.0.orig/src/3rdparty/chromium/content/common/sandbox_linux/bpf_gpu_policy_linux.cc +++ qtwebengine-opensource-src-5.5.0/src/3rdparty/chromium/content/common/sandbox_linux/bpf_gpu_policy_linux.cc @@ -92,6 +92,7 @@ intptr_t GpuSIGSYS_Handler(const struct BrokerProcess* broker_process = static_cast(aux_broker_process); switch (args.nr) { +#if !defined(__aarch64__) case __NR_access: return broker_process->Access(reinterpret_cast(args.args[0]), static_cast(args.args[1])); @@ -102,6 +103,15 @@ intptr_t GpuSIGSYS_Handler(const struct #endif return broker_process->Open(reinterpret_cast(args.args[0]), static_cast(args.args[1])); +#endif // !defined(__aarch64__) + case __NR_faccessat: + if (static_cast(args.args[0]) == AT_FDCWD) { + return + broker_process->Access(reinterpret_cast(args.args[1]), + static_cast(args.args[2])); + } else { + return -EPERM; + } case __NR_openat: // Allow using openat() as open(). if (static_cast(args.args[0]) == AT_FDCWD) { @@ -136,8 +146,11 @@ class GpuBrokerProcessPolicy : public Gp // openat allowed. ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const { switch (sysno) { +#if !defined(__aarch64__) case __NR_access: case __NR_open: +#endif // !defined(__aarch64__) + case __NR_faccessat: case __NR_openat: return Allow(); default: @@ -201,8 +214,11 @@ ResultExpr GpuProcessPolicy::EvaluateSys // TODO(jln): restrict prctl. case __NR_prctl: return Allow(); +#if !defined(__aarch64__) case __NR_access: case __NR_open: +#endif // !defined(__aarch64__) + case __NR_faccessat: case __NR_openat: DCHECK(broker_process_); return Trap(GpuSIGSYS_Handler, broker_process_);