39
edits
Changes
→Use in Gecko
* SandboxAssembler.{h,cpp}: implements the policies in terms of the Chromium CodeGen module
* Sandbox.cpp: the code that starts the sandbox and handles violations (note: this is changing soon; see {{bug|1041886}}).
* {arm,x86_{32,64}}arm_linux_syscalls.h and other *_linux_syscalls.h: syscall number definitions; grep these to translate syscall numbers seen in error messages (use the file corresponding to the architecture in question)
We also have an import of the Chromium seccomp-bpf libraries at security/sandbox/chromium/sandbox/linux/seccomp-bpf; we're currently using the CodeGen/BasicBlock/Instruction layer, but not ErrorCode or SandboxBPF (yet).
