Linux sandbox: allow *kill in the GPU process.

BUG=367986 R=mdempsky@chromium.org TBR=jorgelo Review URL: https://codereview.chromium.org/252323005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@267025 0039d316-1c4b-4281-b951-d872f2087c98

Linux sandbox: allow *kill in the GPU process.
BUG=367986 R=mdempsky@chromium.org TBR=jorgelo Review URL: https://codereview.chromium.org/252323005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@267025 0039d316-1c4b-4281-b951-d872f2087c98
8a6f6dfe · jln@chromium.org · d263d5b8 · 8a6f6dfe
Commit 8a6f6dfe authored Apr 30, 2014 by jln@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

content/common/sandbox_linux/bpf_gpu_policy_linux.cc content/common/sandbox_linux/bpf_gpu_policy_linux.cc +4 -0

No files found.
--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -185,6 +185,10 @@ ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
      DCHECK(broker_process_);
      return sandbox->Trap(GpuSIGSYS_Handler, broker_process_);
    default:
+      // Allow *kill from the GPU process temporarily until fork()
+      // is denied here.
+      if (SyscallSets::IsKill(sysno))
+        return ErrorCode(ErrorCode::ERR_ALLOWED);
      if (SyscallSets::IsEventFd(sysno))
        return ErrorCode(ErrorCode::ERR_ALLOWED);