BASELINE: Update Chromium to 85.0.4183.14085-based

Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2020-10-12 14:27:29 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2020-10-13 09:35:20 +0000
commit: c30a6232df03e1efbd9f3b226777b07e087a1122 (patch)
tree: e992f45784689f373bcc38d1b79a239ebe17ee23 /chromium/services/service_manager/sandbox/linux
parent: 7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (diff)
download: qtwebengine-chromium-85-based.tar.gz
4 files changed, 66 insertions, 1 deletions
diff --git a/chromium/services/service_manager/sandbox/linux/bpf_tts_policy_linux.cc b/chromium/services/service_manager/sandbox/linux/bpf_tts_policy_linux.cc
new file mode 100644
index 00000000000..812072395ec
--- /dev/null
+++ b/chromium/services/service_manager/sandbox/linux/bpf_tts_policy_linux.cc
@@ -0,0 +1,34 @@
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "services/service_manager/sandbox/linux/bpf_tts_policy_linux.h"
+
+#include <sys/socket.h>
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
+#include "sandbox/linux/syscall_broker/broker_process.h"
+#include "sandbox/linux/system_headers/linux_syscalls.h"
+#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+
+using sandbox::bpf_dsl::Allow;
+using sandbox::bpf_dsl::ResultExpr;
+using sandbox::bpf_dsl::Trap;
+using sandbox::syscall_broker::BrokerProcess;
+
+namespace service_manager {
+
+TtsProcessPolicy::TtsProcessPolicy() {}
+
+TtsProcessPolicy::~TtsProcessPolicy() {}
+
+ResultExpr TtsProcessPolicy::EvaluateSyscall(int sysno) const {
+  auto* broker_process = SandboxLinux::GetInstance()->broker_process();
+  if (broker_process->IsSyscallAllowed(sysno))
+    return Trap(BrokerProcess::SIGSYS_Handler, broker_process);
+
+  return BPFBasePolicy::EvaluateSyscall(sysno);
+}
+
+}  // namespace service_manager
diff --git a/chromium/services/service_manager/sandbox/linux/bpf_tts_policy_linux.h b/chromium/services/service_manager/sandbox/linux/bpf_tts_policy_linux.h
new file mode 100644
index 00000000000..a562a68cfce
--- /dev/null
+++ b/chromium/services/service_manager/sandbox/linux/bpf_tts_policy_linux.h
@@ -0,0 +1,27 @@
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_TTS_POLICY_LINUX_H_
+#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_TTS_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "services/service_manager/sandbox/export.h"
+#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
+
+namespace service_manager {
+
+class SERVICE_MANAGER_SANDBOX_EXPORT TtsProcessPolicy : public BPFBasePolicy {
+ public:
+  TtsProcessPolicy();
+  ~TtsProcessPolicy() override;
+
+  sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(TtsProcessPolicy);
+};
+
+}  // namespace service_manager
+
+#endif  // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_TTS_POLICY_LINUX_H_
diff --git a/chromium/services/service_manager/sandbox/linux/sandbox_linux.h b/chromium/services/service_manager/sandbox/linux/sandbox_linux.h
index 9f67272c5e2..6a17f9edb63 100644
--- a/chromium/services/service_manager/sandbox/linux/sandbox_linux.h
+++ b/chromium/services/service_manager/sandbox/linux/sandbox_linux.h
@@ -9,7 +9,7 @@
 #include <string>
 #include <vector>
 
-#include "base/logging.h"
+#include "base/check_op.h"
 #include "base/macros.h"
 #include "base/posix/global_descriptors.h"
 #include "sandbox/linux/syscall_broker/broker_command.h"
diff --git a/chromium/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc b/chromium/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc
index e2f22540a5a..1c16d68df91 100644
--- a/chromium/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc
+++ b/chromium/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc
@@ -54,6 +54,7 @@
 
 #if defined(OS_CHROMEOS)
 #include "services/service_manager/sandbox/linux/bpf_ime_policy_linux.h"
+#include "services/service_manager/sandbox/linux/bpf_tts_policy_linux.h"
 #endif  // defined(OS_CHROMEOS)
 
 using sandbox::BaselinePolicy;
@@ -185,6 +186,8 @@ std::unique_ptr<BPFBasePolicy> SandboxSeccompBPF::PolicyForSandboxType(
 #if defined(OS_CHROMEOS)
     case SandboxType::kIme:
       return std::make_unique<ImeProcessPolicy>();
+    case SandboxType::kTts:
+      return std::make_unique<TtsProcessPolicy>();
 #endif  // defined(OS_CHROMEOS)
     case SandboxType::kZygoteIntermediateSandbox:
     case SandboxType::kNoSandbox:
@@ -228,6 +231,7 @@ void SandboxSeccompBPF::RunSandboxSanityChecks(
     } break;
 #if defined(OS_CHROMEOS)
     case SandboxType::kIme:
+    case SandboxType::kTts:
 #endif  // defined(OS_CHROMEOS)
     case SandboxType::kAudio:
     case SandboxType::kSharingService:
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2020-10-12 14:27:29 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2020-10-13 09:35:20 +0000
commit	c30a6232df03e1efbd9f3b226777b07e087a1122 (patch)
tree	e992f45784689f373bcc38d1b79a239ebe17ee23 /chromium/services/service_manager/sandbox/linux
parent	7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (diff)
download	qtwebengine-chromium-85-based.tar.gz