mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 03:45:46 +00:00
3bd337c32c
This completely rewrites SandboxFilter.cpp and removes SandboxAssembler. System calls are now loosely grouped by what they do, now that order doesn't matter, and most of the intersection the content and media plugin whitelists is moved into a common superclass. Hopefully this improves the readability and comprehensibility of the syscall policies. Also, the macros that take the syscall name are gone, because a plain case label usually suffices now (the CASES_FOR_thing macros are a little unsightly, but they're relatively simple), and at one point we saw strange macro expansion issues with system header files that #define'd some syscall names. The signal handling is not migrated yet, so Trap() actions can't be used yet; the next patch will take care of that, and to keep the intermediate state working there's a minimal shim. Bonus fix: non-const global variables use the "g" prefix; "s" is for static class members and static variables in a function (where the default is to allocate a separate copy per instance/activation). |
||
|---|---|---|
| .. | ||
| chromium | ||
| chromium-shim | ||
| linux | ||
| mac | ||
| staticruntime | ||
| win | ||
| modifications-to-chromium-to-reapply-after-upstream-merge.txt | ||
| moz-chromium-commit-status.txt | ||
| moz.build | ||
| objs.mozbuild | ||