pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
chromium: ship NetBSD relevant sources from a common repo
Module Name: pkgsrc-wip
Committed By: kikadf <kikadf.01%gmail.com@localhost>
Pushed By: kikadf
Date: Sat Jan 10 10:44:39 2026 +0100
Changeset: d2600e6b52f5fdd4be66b314b448cefc21fd570b
Modified Files:
chromium/Makefile
chromium/distinfo
Removed Files:
chromium/patches/patch-base_process_process__handle__netbsd.cc
chromium/patches/patch-base_process_process__iterator__netbsd.cc
chromium/patches/patch-base_process_process__metrics__netbsd.cc
chromium/patches/patch-base_system_sys__info__netbsd.cc
chromium/patches/patch-sandbox_policy_netbsd_sandbox__netbsd.cc
chromium/patches/patch-sandbox_policy_netbsd_sandbox__netbsd.h
Log Message:
chromium: ship NetBSD relevant sources from a common repo
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=d2600e6b52f5fdd4be66b314b448cefc21fd570b
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
chromium/Makefile | 9 +-
chromium/distinfo | 15 +-
.../patch-base_process_process__handle__netbsd.cc | 65 -----
...patch-base_process_process__iterator__netbsd.cc | 143 -----------
.../patch-base_process_process__metrics__netbsd.cc | 182 -------------
.../patches/patch-base_system_sys__info__netbsd.cc | 108 --------
.../patch-sandbox_policy_netbsd_sandbox__netbsd.cc | 219 ----------------
.../patch-sandbox_policy_netbsd_sandbox__netbsd.h | 285 ---------------------
8 files changed, 6 insertions(+), 1020 deletions(-)
diffs:
diff --git a/chromium/Makefile b/chromium/Makefile
index aeaf8b07b2..0d1666c285 100644
--- a/chromium/Makefile
+++ b/chromium/Makefile
@@ -8,12 +8,9 @@ EXTRACT_SUFX_C= .tar.xz
DISTFILES+= ${DISTNAME}-lite${EXTRACT_SUFX_C}
-# audioio source
-A_VERSION= 140.0
-GITHUB_SUBMODULES= kikadf chromium-audioio v${A_VERSION} media/audio/audioio
-# HID support
-H_VERSION= 143.0
-GITHUB_SUBMODULES+= kikadf chromium-hid-netbsd v${H_VERSION} services/device/hid
+# Sources to build on NetBSD
+NB_VERSION= 143.0
+GITHUB_SUBMODULES= kikadf chromium-nb v${NB_VERSION} ./
# LLVM_MAJOR_VERSION
LLVM_MV= 19
diff --git a/chromium/distinfo b/chromium/distinfo
index 1b7e0ce8d0..afcc5a528f 100644
--- a/chromium/distinfo
+++ b/chromium/distinfo
@@ -6,12 +6,9 @@ Size (chromium-143.0.7499.192-lite.tar.xz) = 1140785448 bytes
BLAKE2s (chromium-143.0.7499.192-testdata.tar.xz) = ef2e143311ea1d9a677a9c452032500342643bb6ba91ad89ee52ec673942ac22
SHA512 (chromium-143.0.7499.192-testdata.tar.xz) = 9160cbc9062ff110c3ddb4f78b7412e3f932378dd89e17bfe8f3fb174c62d7a2112a2c453513355ff140152ffda6af15921f6e3ab6f83415b28baf32d7530393
Size (chromium-143.0.7499.192-testdata.tar.xz) = 1155268448 bytes
-BLAKE2s (kikadf-chromium-audioio-v140.0.tar.gz) = 063582b80823694cfa30c020d3378dae3c7dbb1d0b3ffc3b756ce26e9984504c
-SHA512 (kikadf-chromium-audioio-v140.0.tar.gz) = e986fd201969e2ce9e7c092497c34bca84771992a2c8d980556d2dc77002ff68f3d13b4144629e9a8bc41b8ad0d4d06650eafadbfde7c0fa91ed84fbcd74763b
-Size (kikadf-chromium-audioio-v140.0.tar.gz) = 8453 bytes
-BLAKE2s (kikadf-chromium-hid-netbsd-v143.0.tar.gz) = e0b96e85c543476ef5c86f8a86b690097d3850f4514d1ee4676e91f756fe6b23
-SHA512 (kikadf-chromium-hid-netbsd-v143.0.tar.gz) = ebd756e5e53b99c5babc6d3b2bbbb19029b69e39f7e4db9dbff0eb3e26cc6becf6c62915bf822ab175d6f3cca02c1684542583ca1267fc0138cfb71210c528f7
-Size (kikadf-chromium-hid-netbsd-v143.0.tar.gz) = 6544 bytes
+BLAKE2s (kikadf-chromium-nb-v143.0.tar.gz) = e71af34a4243c8cff10dcfd3e379c0968a419fc784156b7b64c33ad8a1c9cf6d
+SHA512 (kikadf-chromium-nb-v143.0.tar.gz) = 565f74b27cec9ff813b3e3ba8c962707ef6b43606dfd1af52515649bb452f420a35e38d3b9d10d7dd74f9c9987a4d652d3f01c8ac6ea5790968d474257b685ad
+Size (kikadf-chromium-nb-v143.0.tar.gz) = 22472 bytes
SHA1 (patch-BUILD.gn) = a74154e4b825f7523beaa6ef83cf178e5072739d
SHA1 (patch-apps_ui_views_app__window__frame__view.cc) = 24c69da0b41a18096a6c37b7b08dd9debd588172
SHA1 (patch-base_BUILD.gn) = e5a87f0bcd46c61637ae82a294e482aef60fa5dd
@@ -84,16 +81,13 @@ SHA1 (patch-base_process_memory__linux.cc) = 66a5e4d2ae23524f83dd2a7a5a2abb3b442
SHA1 (patch-base_process_process__handle.cc) = 76688e930891777899164ae533b5bebb1a2d89db
SHA1 (patch-base_process_process__handle.h) = 6c99c95b067785edbb2336bec0cbfb6911412997
SHA1 (patch-base_process_process__handle__freebsd.cc) = bada72ac973dae78a697854092c8e917a915c6e3
-SHA1 (patch-base_process_process__handle__netbsd.cc) = 9e5a40cac60c7e7a5751773ce049b7603aa62f5c
SHA1 (patch-base_process_process__handle__openbsd.cc) = 0a180b2879716ee7cfe9ebf71bbf570e7473d0f1
SHA1 (patch-base_process_process__iterator.h) = bc09ade6b4b0e3fa8211cce668880d7ad6c760fa
SHA1 (patch-base_process_process__iterator__freebsd.cc) = 1e1e7ccb20ab864b56bac5f73f4165e77ee659d4
-SHA1 (patch-base_process_process__iterator__netbsd.cc) = 713e584f40a24d249d09248ad697d79cb656ccfe
SHA1 (patch-base_process_process__iterator__openbsd.cc) = 25c8e9e4f08353a01b1488560544efe7fe8f63d6
SHA1 (patch-base_process_process__metrics.cc) = 37cf51c1bc1e9957badf759dfb7179df8f1747eb
SHA1 (patch-base_process_process__metrics.h) = 7cabb25c69d5a233b50a123a16ef1661de158db8
SHA1 (patch-base_process_process__metrics__freebsd.cc) = c48a9d584e89569422aaf1095dbc67d4dc19133b
-SHA1 (patch-base_process_process__metrics__netbsd.cc) = 599b53e03d89f9f79df109c9e7f0d7462670baff
SHA1 (patch-base_process_process__metrics__openbsd.cc) = 45a44caab37c05ec1ad28d4a894b1a0dc2c5f12d
SHA1 (patch-base_process_process__metrics__posix.cc) = ac31abc89768748e66a3fcccde99df3eb8b25f52
SHA1 (patch-base_process_process__metrics__unittest.cc) = 6bad9f37497519f7beecad12f9189895953bb645
@@ -115,7 +109,6 @@ SHA1 (patch-base_syslog__logging.cc) = 84e5a8338073d3af084e759aca6f2756290c5701
SHA1 (patch-base_system_sys__info.cc) = 3a1a898c608348f849c5f9235328d9e39cf8e6b0
SHA1 (patch-base_system_sys__info.h) = 81412406c190a6f2235fb5a8c866822e93f0f387
SHA1 (patch-base_system_sys__info__freebsd.cc) = 96b7b7ae0f8003908843228d6017d252f9aec761
-SHA1 (patch-base_system_sys__info__netbsd.cc) = e70df8ab41cd257613c32ec4351cdbcbafd25d1c
SHA1 (patch-base_system_sys__info__openbsd.cc) = 9a60872f585f8b425c67d6b2372ad80945f11ea3
SHA1 (patch-base_system_sys__info__posix.cc) = 7d22a541216e7421df616422db90eaec1de170aa
SHA1 (patch-base_system_sys__info__unittest.cc) = 246315006f19fe06c00f56fc6b77b96a7d651c58
@@ -1078,8 +1071,6 @@ SHA1 (patch-sandbox_policy_features.cc) = fc6bef491831c410d2f4b8672fbf0e3896fa59
SHA1 (patch-sandbox_policy_freebsd_sandbox__freebsd.cc) = 39f43ce3b5c1a989f8058d0aeae6c414e2d33e12
SHA1 (patch-sandbox_policy_freebsd_sandbox__freebsd.h) = 4c4211c9d73e90dd12ecc2b35f03b397bec1e8de
SHA1 (patch-sandbox_policy_mojom_sandbox.mojom) = ccf8e674629a411e0b3070e246df38e8a06f964a
-SHA1 (patch-sandbox_policy_netbsd_sandbox__netbsd.cc) = c276453084ebd657987824a31b02b6749e366b17
-SHA1 (patch-sandbox_policy_netbsd_sandbox__netbsd.h) = 09444472979e551bf7e25bbeaf01b2a076fa7698
SHA1 (patch-sandbox_policy_openbsd_sandbox__openbsd.cc) = c362a0bf17805f7509b0fe9547ec8328c17b6d98
SHA1 (patch-sandbox_policy_openbsd_sandbox__openbsd.h) = eeb9a7a5bcd27d0bfd3d0d9a1aaec700df224cbe
SHA1 (patch-sandbox_policy_sandbox.cc) = b20f6b61c296fd722d2385a215e8205d8dda449b
diff --git a/chromium/patches/patch-base_process_process__handle__netbsd.cc b/chromium/patches/patch-base_process_process__handle__netbsd.cc
deleted file mode 100644
index 49363993e7..0000000000
--- a/chromium/patches/patch-base_process_process__handle__netbsd.cc
+++ /dev/null
@@ -1,65 +0,0 @@
-$NetBSD$
-
-* Part of patchset to build chromium on NetBSD
-* Based on OpenBSD's chromium patches, and
- pkgsrc's qt5-qtwebengine patches
-
---- base/process/process_handle_netbsd.cc.orig 2025-12-30 13:49:36.212803611 +0000
-+++ base/process/process_handle_netbsd.cc
-@@ -0,0 +1,56 @@
-+// Copyright 2011 The Chromium Authors
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+
-+#include "base/process/process_handle.h"
-+#include "base/files/file_util.h"
-+
-+#include <stddef.h>
-+#include <sys/param.h>
-+#include <sys/proc.h>
-+#include <sys/sysctl.h>
-+#include <sys/types.h>
-+#include <unistd.h>
-+
-+#include <optional>
-+
-+#include "base/files/file_path.h"
-+#include "base/posix/sysctl.h"
-+
-+namespace base {
-+
-+ProcessId GetParentProcessId(ProcessHandle process) {
-+ struct kinfo_proc2 *info;
-+ size_t length;
-+ pid_t ppid;
-+ int mib[] = { CTL_KERN, KERN_PROC2, KERN_PROC_PID, process,
-+ sizeof(struct kinfo_proc2), 1 };
-+
-+ if (sysctl(mib, std::size(mib), NULL, &length, NULL, 0) < 0) {
-+ return -1;
-+ }
-+
-+ info = (struct kinfo_proc2 *)malloc(length);
-+
-+ mib[5] = static_cast<int>((length / sizeof(struct kinfo_proc2)));
-+
-+ if (sysctl(mib, std::size(mib), info, &length, NULL, 0) < 0) {
-+ ppid = -1;
-+ goto out;
-+ }
-+
-+ ppid = info->p_ppid;
-+
-+out:
-+ free(info);
-+ return ppid;
-+}
-+
-+FilePath GetProcessExecutablePath(ProcessHandle process) {
-+ std::optional<std::string> pathname =
-+ base::StringSysctl({CTL_KERN, KERN_PROC_ARGS, process, KERN_PROC_PATHNAME});
-+
-+ return FilePath(pathname.value_or(std::string{}));
-+}
-+
-+} // namespace base
diff --git a/chromium/patches/patch-base_process_process__iterator__netbsd.cc b/chromium/patches/patch-base_process_process__iterator__netbsd.cc
deleted file mode 100644
index e741667820..0000000000
--- a/chromium/patches/patch-base_process_process__iterator__netbsd.cc
+++ /dev/null
@@ -1,143 +0,0 @@
-$NetBSD$
-
-* Part of patchset to build chromium on NetBSD
-* Based on OpenBSD's chromium patches, and
- pkgsrc's qt5-qtwebengine patches
-
---- base/process/process_iterator_netbsd.cc.orig 2025-12-30 13:49:36.213289259 +0000
-+++ base/process/process_iterator_netbsd.cc
-@@ -0,0 +1,134 @@
-+// Copyright 2013 The Chromium Authors
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+
-+#include "base/process/process_iterator.h"
-+
-+#include <errno.h>
-+#include <stddef.h>
-+#include <unistd.h>
-+#include <sys/param.h>
-+#include <sys/proc.h>
-+#include <sys/sysctl.h>
-+
-+#include "base/logging.h"
-+#include "base/strings/string_split.h"
-+#include "base/strings/string_util.h"
-+
-+namespace base {
-+
-+ProcessIterator::ProcessIterator(const ProcessFilter* filter)
-+ : filter_(filter) {
-+ int mib[] = { CTL_KERN, KERN_PROC2, KERN_PROC_UID, static_cast<int>(getuid()),
-+ sizeof(struct kinfo_proc2), 1 };
-+
-+ bool done = false;
-+ int try_num = 1;
-+ const int max_tries = 10;
-+ size_t num_of_kinfo_proc;
-+
-+ do {
-+ size_t len = 0;
-+ if (sysctl(mib, std::size(mib), NULL, &len, NULL, 0) < 0) {
-+ DLOG(ERROR) << "failed to get the size needed for the process list";
-+ kinfo_procs_.resize(0);
-+ done = true;
-+ } else {
-+ num_of_kinfo_proc = len / sizeof(struct kinfo_proc2);
-+ // Leave some spare room for process table growth (more could show up
-+ // between when we check and now)
-+ num_of_kinfo_proc += 16;
-+ kinfo_procs_.resize(num_of_kinfo_proc);
-+ len = num_of_kinfo_proc * sizeof(struct kinfo_proc2);
-+ if (sysctl(mib, std::size(mib), &kinfo_procs_[0], &len, NULL, 0) < 0) {
-+ // If we get a mem error, it just means we need a bigger buffer, so
-+ // loop around again. Anything else is a real error and give up.
-+ if (errno != ENOMEM) {
-+ DLOG(ERROR) << "failed to get the process list";
-+ kinfo_procs_.resize(0);
-+ done = true;
-+ }
-+ } else {
-+ // Got the list, just make sure we're sized exactly right
-+ num_of_kinfo_proc = len / sizeof(struct kinfo_proc2);
-+ kinfo_procs_.resize(num_of_kinfo_proc);
-+ done = true;
-+ }
-+ }
-+ } while (!done && (try_num++ < max_tries));
-+
-+ if (!done) {
-+ DLOG(ERROR) << "failed to collect the process list in a few tries";
-+ kinfo_procs_.resize(0);
-+ }
-+}
-+
-+ProcessIterator::~ProcessIterator() = default;
-+
-+bool ProcessIterator::CheckForNextProcess() {
-+ std::string data;
-+ for (; index_of_kinfo_proc_ < kinfo_procs_.size(); ++index_of_kinfo_proc_) {
-+ kinfo_proc2& kinfo = kinfo_procs_[index_of_kinfo_proc_];
-+
-+ // Skip processes just awaiting collection
-+ if ((kinfo.p_pid > 0) && (kinfo.p_stat == SZOMB)) {
-+ continue;
-+ }
-+
-+ int mib[] = { CTL_KERN, KERN_PROC_ARGS, kinfo.p_pid };
-+
-+ // Find out what size buffer we need.
-+ size_t data_len = 0;
-+ if (sysctl(mib, std::size(mib), NULL, &data_len, NULL, 0) < 0) {
-+ DVPLOG(1) << "failed to figure out the buffer size for a commandline";
-+ continue;
-+ }
-+
-+ data.resize(data_len);
-+ if (sysctl(mib, std::size(mib), &data[0], &data_len, NULL, 0) < 0) {
-+ DVPLOG(1) << "failed to fetch a commandline";
-+ continue;
-+ }
-+
-+ // |data| contains all the command line parameters of the process, separated
-+ // by blocks of one or more null characters. We tokenize |data| into a
-+ // vector of strings using '\0' as a delimiter and populate
-+ // |entry_.cmd_line_args_|.
-+ std::string delimiters;
-+ delimiters.push_back('\0');
-+ entry_.cmd_line_args_ = SplitString(data, delimiters, KEEP_WHITESPACE,
-+ SPLIT_WANT_NONEMPTY);
-+
-+ // |data| starts with the full executable path followed by a null character.
-+ // We search for the first instance of '\0' and extract everything before it
-+ // to populate |entry_.exe_file_|.
-+ size_t exec_name_end = data.find('\0');
-+ if (exec_name_end == std::string::npos) {
-+ DLOG(ERROR) << "command line data didn't match expected format";
-+ continue;
-+ }
-+
-+ entry_.pid_ = kinfo.p_pid;
-+ entry_.ppid_ = kinfo.p_ppid;
-+ entry_.gid_ = kinfo.p__pgid;
-+ size_t last_slash = data.rfind('/', exec_name_end);
-+ if (last_slash == std::string::npos) {
-+ entry_.exe_file_.assign(data, 0, exec_name_end);
-+ } else {
-+ entry_.exe_file_.assign(data, last_slash + 1,
-+ exec_name_end - last_slash - 1);
-+ }
-+ // Start w/ the next entry next time through
-+ ++index_of_kinfo_proc_;
-+ // Done
-+ return true;
-+ }
-+ return false;
-+}
-+
-+bool NamedProcessIterator::IncludeEntry() {
-+ return (executable_name_ == entry().exe_file() &&
-+ ProcessIterator::IncludeEntry());
-+}
-+
-+} // namespace base
diff --git a/chromium/patches/patch-base_process_process__metrics__netbsd.cc b/chromium/patches/patch-base_process_process__metrics__netbsd.cc
deleted file mode 100644
index a0ee182816..0000000000
--- a/chromium/patches/patch-base_process_process__metrics__netbsd.cc
+++ /dev/null
@@ -1,182 +0,0 @@
-$NetBSD$
-
-* Part of patchset to build chromium on NetBSD
-* Based on OpenBSD's chromium patches, and
- pkgsrc's qt5-qtwebengine patches
-
---- base/process/process_metrics_netbsd.cc.orig 2025-12-30 13:49:36.213972755 +0000
-+++ base/process/process_metrics_netbsd.cc
-@@ -0,0 +1,173 @@
-+// Copyright 2013 The Chromium Authors
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+
-+#include "base/process/process_metrics.h"
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+#include <fcntl.h>
-+#include <sys/param.h>
-+#include <sys/sysctl.h>
-+#include <sys/vmmeter.h>
-+
-+#include "base/files/dir_reader_posix.h" // DirReaderPosix
-+#include "base/process/internal_linux.h" // GetProcPidDir()
-+#include "base/memory/ptr_util.h"
-+#include "base/types/expected.h"
-+#include "base/values.h"
-+#include "base/notimplemented.h"
-+
-+namespace base {
-+
-+ProcessMetrics::ProcessMetrics(ProcessHandle process) : process_(process) {}
-+
-+base::expected<ProcessMemoryInfo, ProcessUsageError>
-+ProcessMetrics::GetMemoryInfo() const {
-+ ProcessMemoryInfo memory_info;
-+ struct kinfo_proc2 info;
-+ size_t length = sizeof(struct kinfo_proc2);
-+
-+ int mib[] = { CTL_KERN, KERN_PROC2, KERN_PROC_PID, process_,
-+ sizeof(struct kinfo_proc2), 1 };
-+
-+ if (process_ == 0) {
-+ return base::unexpected(ProcessUsageError::kSystemError);
-+ }
-+
-+ if (sysctl(mib, std::size(mib), &info, &length, NULL, 0) < 0) {
-+ return base::unexpected(ProcessUsageError::kSystemError);
-+ }
-+
-+ if (length == 0) {
-+ return base::unexpected(ProcessUsageError::kProcessNotFound);
-+ }
-+
-+ memory_info.resident_set_bytes =
-+ checked_cast<uint64_t>(info.p_vm_rssize * getpagesize());
-+
-+ return memory_info;
-+}
-+
-+base::expected<TimeDelta, ProcessCPUUsageError>
-+ProcessMetrics::GetCumulativeCPUUsage() {
-+ struct kinfo_proc2 info;
-+ size_t length = sizeof(struct kinfo_proc2);
-+ struct timeval tv;
-+
-+ int mib[] = { CTL_KERN, KERN_PROC2, KERN_PROC_PID, process_,
-+ sizeof(struct kinfo_proc2), 1 };
-+
-+ if (process_ == 0) {
-+ return base::unexpected(ProcessCPUUsageError::kSystemError);
-+ }
-+
-+ if (sysctl(mib, std::size(mib), &info, &length, NULL, 0) < 0) {
-+ return base::unexpected(ProcessCPUUsageError::kSystemError);
-+ }
-+
-+ if (length == 0) {
-+ return base::unexpected(ProcessCPUUsageError::kProcessNotFound);
-+ }
-+
-+ tv.tv_sec = info.p_rtime_sec;
-+ tv.tv_usec = info.p_rtime_usec;
-+
-+ return base::ok(Microseconds(TimeValToMicroseconds(tv)));
-+}
-+
-+// static
-+std::unique_ptr<ProcessMetrics> ProcessMetrics::CreateProcessMetrics(
-+ ProcessHandle process) {
-+ return WrapUnique(new ProcessMetrics(process));
-+}
-+
-+size_t GetSystemCommitCharge() {
-+ int mib[] = { CTL_VM, VM_METER };
-+ size_t pagesize;
-+ struct vmtotal vmtotal;
-+ unsigned long mem_total, mem_free, mem_inactive;
-+ size_t len = sizeof(vmtotal);
-+
-+ if (sysctl(mib, std::size(mib), &vmtotal, &len, NULL, 0) < 0) {
-+ return 0;
-+ }
-+
-+ mem_total = vmtotal.t_vm;
-+ mem_free = vmtotal.t_free;
-+ mem_inactive = vmtotal.t_vm - vmtotal.t_avm;
-+
-+ pagesize = checked_cast<size_t>(getpagesize());
-+
-+ return mem_total - (mem_free * pagesize) - (mem_inactive * pagesize);
-+}
-+
-+int ProcessMetrics::GetOpenFdCount() const {
-+ // Use /proc/<pid>/fd to count the number of entries there.
-+ FilePath fd_path = internal::GetProcPidDir(process_).Append("fd");
-+
-+ DirReaderPosix dir_reader(fd_path.value().c_str());
-+ if (!dir_reader.IsValid()) {
-+ return -1;
-+ }
-+
-+ int total_count = 0;
-+ for (; dir_reader.Next();) {
-+ const char* name = dir_reader.name();
-+ if (strcmp(name, ".") != 0 && strcmp(name, "..") != 0) {
-+ ++total_count;
-+ }
-+ }
-+
-+ return total_count;
-+}
-+
-+int ProcessMetrics::GetOpenFdSoftLimit() const {
-+ return getdtablesize();
-+// return GetMaxFds();
-+}
-+
-+bool ProcessMetrics::GetPageFaultCounts(PageFaultCounts* counts) const {
-+ NOTIMPLEMENTED();
-+ return false;
-+}
-+
-+bool GetSystemMemoryInfo(SystemMemoryInfo* meminfo) {
-+ NOTIMPLEMENTED();
-+ return false;
-+}
-+
-+bool GetSystemDiskInfo(SystemDiskInfo* diskinfo) {
-+ NOTIMPLEMENTED();
-+ return false;
-+}
-+
-+bool GetVmStatInfo(VmStatInfo* vmstat) {
-+ NOTIMPLEMENTED();
-+ return false;
-+}
-+
-+int ProcessMetrics::GetIdleWakeupsPerSecond() {
-+ NOTIMPLEMENTED();
-+ return 0;
-+}
-+
-+SystemDiskInfo::SystemDiskInfo() {
-+ reads = 0;
-+ reads_merged = 0;
-+ sectors_read = 0;
-+ read_time = 0;
-+ writes = 0;
-+ writes_merged = 0;
-+ sectors_written = 0;
-+ write_time = 0;
-+ io = 0;
-+ io_time = 0;
-+ weighted_io_time = 0;
-+}
-+
-+SystemDiskInfo::SystemDiskInfo(const SystemDiskInfo&) = default;
-+
-+SystemDiskInfo& SystemDiskInfo::operator=(const SystemDiskInfo&) = default;
-+
-+} // namespace base
diff --git a/chromium/patches/patch-base_system_sys__info__netbsd.cc b/chromium/patches/patch-base_system_sys__info__netbsd.cc
deleted file mode 100644
index b523cb256b..0000000000
--- a/chromium/patches/patch-base_system_sys__info__netbsd.cc
+++ /dev/null
@@ -1,108 +0,0 @@
-$NetBSD$
-
-* Part of patchset to build chromium on NetBSD
-* Based on OpenBSD's chromium patches, and
- pkgsrc's qt5-qtwebengine patches
-
---- base/system/sys_info_netbsd.cc.orig 2025-12-30 13:49:36.216990601 +0000
-+++ base/system/sys_info_netbsd.cc
-@@ -0,0 +1,99 @@
-+// Copyright 2011 The Chromium Authors
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+
-+#include "base/system/sys_info.h"
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+#include <sys/param.h>
-+#include <sys/shm.h>
-+#include <sys/sysctl.h>
-+#include <uvm/uvm_extern.h>
-+
-+#include "base/notreached.h"
-+#include "base/posix/sysctl.h"
-+#include "base/strings/string_util.h"
-+
-+namespace base {
-+
-+namespace {
-+
-+ByteCount AmountOfMemory(int pages_name) {
-+ long pages = sysconf(pages_name);
-+ long page_size = sysconf(_SC_PAGESIZE);
-+ if (pages < 0 || page_size < 0) {
-+ return ByteCount(0);
-+ }
-+ return ByteCount(page_size) * page_size;
-+}
-+
-+} // namespace
-+
-+// static
-+int SysInfo::NumberOfProcessors() {
-+ int mib[] = {CTL_HW, HW_NCPU};
-+ int ncpu;
-+ size_t size = sizeof(ncpu);
-+ if (sysctl(mib, std::size(mib), &ncpu, &size, NULL, 0) < 0) {
-+ NOTREACHED();
-+ }
-+ return ncpu;
-+}
-+
-+// static
-+std::string SysInfo::CPUModelName() {
-+ int mib[] = { CTL_HW, HW_MODEL };
-+ char name[256];
-+ size_t size = std::size(name);
-+
-+ if (sysctl(mib, std::size(mib), &name, &size, NULL, 0) == 0) {
-+ return name;
-+ }
-+
-+ return std::string();
-+}
-+
-+// static
-+ByteCount SysInfo::AmountOfPhysicalMemoryImpl() {
-+ return AmountOfMemory(_SC_PHYS_PAGES);
-+}
-+
-+// static
-+ByteCount SysInfo::AmountOfAvailablePhysicalMemoryImpl() {
-+ // With NetBSD-11
-+ //return AmountOfMemory(_SC_AVPHYS_PAGES);
-+ struct uvmexp_sysctl uvmexp;
-+ size_t len = sizeof(uvmexp);
-+ int mib[] = { CTL_VM, VM_UVMEXP2 };
-+ if (sysctl(mib, std::size(mib), &uvmexp, &len, NULL, 0) <0) {
-+ NOTREACHED();
-+ return ByteCount();
-+ }
-+ return ByteCount(uvmexp.free);
-+}
-+
-+// static
-+uint64_t SysInfo::MaxSharedMemorySize() {
-+ int mib[] = {CTL_KERN, KERN_SYSVIPC, KERN_SYSVIPC_SHMMAX};
-+ size_t limit;
-+ size_t size = sizeof(limit);
-+ if (sysctl(mib, std::size(mib), &limit, &size, NULL, 0) < 0) {
-+ NOTREACHED();
-+ }
-+ return static_cast<uint64_t>(limit);
-+}
-+
-+// static
-+SysInfo::HardwareInfo SysInfo::GetHardwareInfoSync() {
-+ HardwareInfo info;
-+ // Set the manufacturer to "NetBSD" and the model to
-+ // an empty string.
-+ info.manufacturer = "NetBSD";
-+ info.model = HardwareModelName();
-+ DCHECK(IsStringUTF8(info.manufacturer));
-+ DCHECK(IsStringUTF8(info.model));
-+ return info;
-+}
-+
-+} // namespace base
diff --git a/chromium/patches/patch-sandbox_policy_netbsd_sandbox__netbsd.cc b/chromium/patches/patch-sandbox_policy_netbsd_sandbox__netbsd.cc
deleted file mode 100644
index 6caad6d9c1..0000000000
--- a/chromium/patches/patch-sandbox_policy_netbsd_sandbox__netbsd.cc
+++ /dev/null
@@ -1,219 +0,0 @@
-$NetBSD$
-
-* Part of patchset to build chromium on NetBSD
-* Based on OpenBSD's chromium patches, and
- pkgsrc's qt5-qtwebengine patches
-
---- sandbox/policy/netbsd/sandbox_netbsd.cc.orig 2025-12-30 13:49:36.377188393 +0000
-+++ sandbox/policy/netbsd/sandbox_netbsd.cc
-@@ -0,0 +1,210 @@
-+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+
-+#include "sandbox/policy/netbsd/sandbox_netbsd.h"
-+
-+#include <dirent.h>
-+#include <fcntl.h>
-+#include <stdint.h>
-+#include <sys/resource.h>
-+#include <sys/stat.h>
-+#include <sys/time.h>
-+#include <sys/types.h>
-+#include <unistd.h>
-+
-+#include <limits>
-+#include <memory>
-+#include <string>
-+#include <vector>
-+
-+#include "base/command_line.h"
-+#include "base/debug/stack_trace.h"
-+#include "base/feature_list.h"
-+#include "base/files/file_path.h"
-+#include "base/files/file_util.h"
-+#include "base/files/scoped_file.h"
-+#include "base/logging.h"
-+#include "base/memory/singleton.h"
-+#include "base/path_service.h"
-+#include "base/posix/eintr_wrapper.h"
-+#include "base/strings/string_number_conversions.h"
-+#include "base/system/sys_info.h"
-+#include "base/threading/thread.h"
-+#include "base/time/time.h"
-+#include "build/build_config.h"
-+#include "crypto/crypto_buildflags.h"
-+#include "sandbox/constants.h"
-+#include "sandbox/linux/services/credentials.h"
-+#include "sandbox/linux/services/namespace_sandbox.h"
-+#include "sandbox/linux/services/proc_util.h"
-+#include "sandbox/linux/services/resource_limits.h"
-+#include "sandbox/linux/services/thread_helpers.h"
-+#include "sandbox/linux/syscall_broker/broker_command.h"
-+#include "sandbox/linux/syscall_broker/broker_process.h"
-+#include "sandbox/policy/sandbox.h"
-+#include "sandbox/policy/sandbox_type.h"
-+#include "sandbox/policy/mojom/sandbox.mojom.h"
-+#include "sandbox/policy/switches.h"
-+#include "sandbox/sandbox_buildflags.h"
-+
-+#if BUILDFLAG(USING_SANITIZER)
-+#include <sanitizer/common_interface_defs.h>
-+#endif
-+
-+#if BUILDFLAG(USE_NSS_CERTS)
-+#include "crypto/nss_util.h"
-+#endif
-+
-+#include "third_party/boringssl/src/include/openssl/crypto.h"
-+
-+#include "ui/gfx/font_util.h"
-+
-+namespace sandbox {
-+namespace policy {
-+
-+SandboxLinux::SandboxLinux()
-+ : sandbox_status_flags_(kInvalid),
-+ pre_initialized_(false),
-+ initialize_sandbox_ran_(false),
-+ broker_process_(nullptr) {
-+}
-+
-+SandboxLinux::~SandboxLinux() {
-+ if (pre_initialized_) {
-+ CHECK(initialize_sandbox_ran_);
-+ }
-+}
-+
-+SandboxLinux* SandboxLinux::GetInstance() {
-+ SandboxLinux* instance = base::Singleton<SandboxLinux>::get();
-+ CHECK(instance);
-+ return instance;
-+}
-+
-+void SandboxLinux::StopThread(base::Thread* thread) {
-+ DCHECK(thread);
-+ thread->Stop();
-+}
-+
-+void SandboxLinux::PreinitializeSandbox(sandbox::mojom::Sandbox sandbox_type) {
-+ CHECK(!pre_initialized_);
-+#if BUILDFLAG(USING_SANITIZER)
-+ // Sanitizers need to open some resources before the sandbox is enabled.
-+ // This should not fork, not launch threads, not open a directory.
-+ __sanitizer_sandbox_on_notify(sanitizer_args());
-+ sanitizer_args_.reset();
-+#endif
-+ base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
-+ const std::string process_type =
-+ command_line->GetSwitchValueASCII(switches::kProcessType);
-+
-+ base::SysInfo::AmountOfPhysicalMemory();
-+ base::SysInfo::NumberOfProcessors();
-+ base::SysInfo::CPUModelName();
-+
-+ switch (sandbox_type) {
-+ case sandbox::mojom::Sandbox::kNoSandbox:
-+ {
-+#if BUILDFLAG(USE_NSS_CERTS)
-+ // The main process has to initialize the ~/.pki dir which won't work
-+ // after unveil(2).
-+ crypto::EnsureNSSInit();
-+#endif
-+ CRYPTO_pre_sandbox_init();
-+
-+ base::FilePath cache_directory, local_directory;
-+
-+ base::PathService::Get(base::DIR_CACHE, &cache_directory);
-+ base::PathService::Get(base::DIR_HOME, &local_directory);
-+
-+ cache_directory = cache_directory.AppendASCII("chromium");
-+ local_directory = local_directory.AppendASCII(".local").AppendASCII("share").AppendASCII("applications");
-+
-+ if (!base::CreateDirectory(cache_directory)) {
-+ LOG(ERROR) << "Failed to create " << cache_directory.value() << " directory.";
-+ }
-+
-+ if (!base::CreateDirectory(local_directory)) {
-+ LOG(ERROR) << "Failed to create " << local_directory.value() << " directory.";
-+ }
-+
-+ break;
-+ }
-+ case sandbox::mojom::Sandbox::kRenderer:
-+ gfx::InitializeFonts();
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ pre_initialized_ = true;
-+}
-+
-+bool SandboxLinux::InitializeSandbox(sandbox::mojom::Sandbox sandbox_type,
-+ SandboxLinux::PreSandboxHook hook,
-+ const Options& options) {
-+ DCHECK(!initialize_sandbox_ran_);
-+ initialize_sandbox_ran_ = true;
-+
-+ base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
-+ const std::string process_type =
-+ command_line->GetSwitchValueASCII(switches::kProcessType);
-+
-+ if (command_line->HasSwitch(switches::kNoSandbox))
-+ return true;
-+
-+ VLOG(1) << "SandboxLinux::InitializeSandbox: process_type="
-+ << process_type << " sandbox_type=" << sandbox_type;
-+
-+ // Only one thread is running, pre-initialize if not already done.
-+ if (!pre_initialized_)
-+ PreinitializeSandbox(sandbox_type);
-+
-+ // Attempt to limit the future size of the address space of the process.
-+ int error = 0;
-+ const bool limited_as = LimitAddressSpace(&error);
-+ if (error) {
-+ // Restore errno. Internally to |LimitAddressSpace|, the errno due to
-+ // setrlimit may be lost.
-+ errno = error;
-+ PCHECK(limited_as);
-+ }
-+
-+ if (hook)
-+ CHECK(std::move(hook).Run(options));
-+
-+ return true;
-+}
-+
-+bool SandboxLinux::LimitAddressSpace(int* error) {
-+#if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \
-+ !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER)
-+ base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
-+ if (SandboxTypeFromCommandLine(*command_line) == sandbox::mojom::Sandbox::kNoSandbox) {
-+ return false;
-+ }
-+
-+ // Unfortunately, it does not appear possible to set RLIMIT_AS such that it
-+ // will both (a) be high enough to support V8's and WebAssembly's address
-+ // space requirements while also (b) being low enough to mitigate exploits
-+ // using integer overflows that require large allocations, heap spray, or
-+ // other memory-hungry attack modes.
-+
-+ *error = sandbox::ResourceLimits::Lower(
-+ RLIMIT_DATA, static_cast<rlim_t>(sandbox::kDataSizeLimit));
-+
-+ // Cache the resource limit before turning on the sandbox.
-+ base::SysInfo::AmountOfVirtualMemory();
-+ base::SysInfo::MaxSharedMemorySize();
-+
-+ return *error == 0;
-+#else
-+ base::SysInfo::AmountOfVirtualMemory();
-+ return false;
-+#endif // !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) &&
-+ // !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER)
-+}
-+
-+} // namespace policy
-+} // namespace sandbox
diff --git a/chromium/patches/patch-sandbox_policy_netbsd_sandbox__netbsd.h b/chromium/patches/patch-sandbox_policy_netbsd_sandbox__netbsd.h
deleted file mode 100644
index 159748c242..0000000000
--- a/chromium/patches/patch-sandbox_policy_netbsd_sandbox__netbsd.h
+++ /dev/null
@@ -1,285 +0,0 @@
-$NetBSD$
-
-* Part of patchset to build chromium on NetBSD
-* Based on OpenBSD's chromium patches, and
- pkgsrc's qt5-qtwebengine patches
-
---- sandbox/policy/netbsd/sandbox_netbsd.h.orig 2025-12-30 13:49:36.377324994 +0000
-+++ sandbox/policy/netbsd/sandbox_netbsd.h
-@@ -0,0 +1,276 @@
-+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+#ifndef SANDBOX_POLICY_LINUX_SANDBOX_OPENBSD_H_
-+#define SANDBOX_POLICY_LINUX_SANDBOX_OPENBSD_H_
-+
-+#include <memory>
-+#include <string>
-+#include <vector>
-+
-+#include "base/logging.h"
-+#include "base/posix/global_descriptors.h"
-+#include "sandbox/policy/export.h"
-+#include "sandbox/policy/linux/sandbox_seccomp_bpf_linux.h"
-+#include "sandbox/policy/mojom/sandbox.mojom.h"
-+#include "base/sanitizer_buildflags.h"
-+
-+#if BUILDFLAG(USING_SANITIZER)
-+#include <sanitizer/common_interface_defs.h>
-+#endif
-+
-+namespace base {
-+template <typename T>
-+struct DefaultSingletonTraits;
-+class Thread;
-+} // namespace base
-+
-+namespace sandbox {
-+namespace syscall_broker {
-+class BrokerProcess;
-+} // namespace syscall_broker
-+} // namespace sandbox
-+
-+namespace sandbox {
-+namespace policy {
-+
-+// A singleton class to represent and change our sandboxing state for the
-+// three main Linux sandboxes.
-+// The sandboxing model allows using two layers of sandboxing. The first layer
-+// can be implemented either with unprivileged namespaces or with the setuid
-+// sandbox. This class provides a way to engage the namespace sandbox, but does
-+// not deal with the legacy setuid sandbox directly.
-+// The second layer is mainly based on seccomp-bpf and is engaged with
-+// InitializeSandbox(). InitializeSandbox() is also responsible for "sealing"
-+// the first layer of sandboxing. That is, InitializeSandbox must always be
-+// called to have any meaningful sandboxing at all.
-+class SANDBOX_POLICY_EXPORT SandboxLinux {
-+ public:
-+ // This is a list of sandbox IPC methods which the renderer may send to the
-+ // sandbox host. See
-+ // https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandbox_ipc.md
-+ // This isn't the full list, values < 32 are reserved for methods called from
-+ // Skia, and values < 64 are reserved for libc_interceptor.cc.
-+ enum LinuxSandboxIPCMethods {
-+ DEPRECATED_METHOD_GET_FALLBACK_FONT_FOR_CHAR = 64,
-+ DEPRECATED_METHOD_GET_CHILD_WITH_INODE,
-+ DEPRECATED_METHOD_GET_STYLE_FOR_STRIKE,
-+ METHOD_MAKE_SHARED_MEMORY_SEGMENT,
-+ DEPRECATED_METHOD_MATCH_WITH_FALLBACK,
-+ };
-+
-+ // These form a bitmask which describes the conditions of the Linux sandbox.
-+ // Note: this doesn't strictly give you the current status, it states
-+ // what will be enabled when the relevant processes are initialized.
-+ enum Status {
-+ // SUID sandbox active.
-+ kSUID = 1 << 0,
-+
-+ // Sandbox is using a new PID namespace.
-+ kPIDNS = 1 << 1,
-+
-+ // Sandbox is using a new network namespace.
-+ kNetNS = 1 << 2,
-+
-+ // seccomp-bpf sandbox active.
-+ kSeccompBPF = 1 << 3,
-+
-+ // The Yama LSM module is present and enforcing.
-+ kYama = 1 << 4,
-+
-+ // seccomp-bpf sandbox is active and the kernel supports TSYNC.
-+ kSeccompTSYNC = 1 << 5,
-+
-+ // User namespace sandbox active.
-+ kUserNS = 1 << 6,
-+
-+ // A flag that denotes an invalid sandbox status.
-+ kInvalid = 1 << 31,
-+ };
-+
-+ // SandboxLinux Options are a superset of SandboxSecompBPF Options.
-+ struct Options : public SandboxSeccompBPF::Options {
-+ // When running with a zygote, the namespace sandbox will have already
-+ // been engaged prior to initializing SandboxLinux itself, and need not
-+ // be done so again. Set to true to indicate that there isn't a zygote
-+ // for this process and the step is to be performed here explicitly.
-+ bool engage_namespace_sandbox = false;
-+
-+ // Allow starting the sandbox with multiple threads already running. This
-+ // will enable TSYNC for seccomp-BPF, which syncs the seccomp-BPF policy
-+ // across all running threads.
-+ bool allow_threads_during_sandbox_init = false;
-+
-+ // Enables the CHECK for open directories. The open directory check is only
-+ // useful for the chroot jail (from the semantic layer of the sandbox), and
-+ // can safely be disabled if we are only enabling the seccomp-BPF layer.
-+ bool check_for_open_directories = true;
-+ };
-+
-+ // Callers can provide this hook to run code right before the policy
-+ // is passed to the BPF compiler and the sandbox is engaged. If
-+ // pre_sandbox_hook() returns true, the sandbox will be engaged
-+ // afterwards, otherwise the process is terminated.
-+ using PreSandboxHook = base::OnceCallback<bool(Options)>;
-+
-+ // Get our singleton instance.
-+ static SandboxLinux* GetInstance();
-+
-+ SandboxLinux(const SandboxLinux&) = delete;
-+ SandboxLinux& operator=(const SandboxLinux&) = delete;
-+
-+ bool SetPledge(const char *pstring, const char *ppath);
-+ bool SetUnveil(const std::string process_type, sandbox::mojom::Sandbox sandbox_type);
-+
-+ // Do some initialization that can only be done before any of the sandboxes
-+ // are enabled. If using the setuid sandbox, this should be called manually
-+ // before the setuid sandbox is engaged.
-+ // Security: When this runs, it is imperative that either InitializeSandbox()
-+ // runs as well or that all file descriptors returned in
-+ // GetFileDescriptorsToClose() get closed.
-+ // Otherwise file descriptors that bypass the security of the setuid sandbox
-+ // would be kept open. One must be particularly careful if a process performs
-+ // a fork().
-+ void PreinitializeSandbox(sandbox::mojom::Sandbox sandbox_type);
-+
-+ // Check that the current process is the init process of a new PID
-+ // namespace and then proceed to drop access to the file system by using
-+ // a new unprivileged namespace. This is a layer-1 sandbox.
-+ // In order for this sandbox to be effective, it must be "sealed" by calling
-+ // InitializeSandbox().
-+ void EngageNamespaceSandbox(bool from_zygote);
-+
-+ // Return a list of file descriptors to close if PreinitializeSandbox() ran
-+ // but InitializeSandbox() won't. Avoid using.
-+ // TODO(jln): get rid of this hack.
-+ std::vector<int> GetFileDescriptorsToClose();
-+
-+ // Seal an eventual layer-1 sandbox and initialize the layer-2 sandbox with
-+ // an adequate policy depending on the process type and command line
-+ // arguments.
-+ // Currently the layer-2 sandbox is composed of seccomp-bpf and address space
-+ // limitations.
-+ // This function should only be called without any thread running.
-+ bool InitializeSandbox(sandbox::mojom::Sandbox sandbox_type,
-+ PreSandboxHook hook,
-+ const Options& options);
-+
-+ // Stop |thread| in a way that can be trusted by the sandbox.
-+ void StopThread(base::Thread* thread);
-+
-+ // Returns the status of the renderer, worker and ppapi sandbox. Can only
-+ // be queried after going through PreinitializeSandbox(). This is a bitmask
-+ // and uses the constants defined in "enum Status" above. Since the
-+ // status needs to be provided before the sandboxes are actually started,
-+ // this returns what will actually happen once InitializeSandbox()
-+ // is called from inside these processes.
-+ int GetStatus();
-+
-+ // Returns true if the current process is single-threaded or if the number
-+ // of threads cannot be determined.
-+ bool IsSingleThreaded() const;
-+
-+ // Returns true if we started Seccomp BPF.
-+ bool seccomp_bpf_started() const;
-+
-+ // Check the policy and eventually start the seccomp-bpf sandbox. This should
-+ // never be called with threads started. If we detect that threads have
-+ // started we will crash.
-+ bool StartSeccompBPF(sandbox::mojom::Sandbox sandbox_type,
-+ PreSandboxHook hook,
-+ const Options& options);
-+
-+ // Limit the address space of the current process (and its children) to make
-+ // some vulnerabilities harder to exploit. Writes the errno due to setrlimit
-+ // (including 0 if no error) into |error|.
-+ bool LimitAddressSpace(int* error);
-+
-+ // Returns a file descriptor to proc. The file descriptor is no longer valid
-+ // after the sandbox has been sealed.
-+ int proc_fd() const {
-+ DCHECK_NE(-1, proc_fd_);
-+ return proc_fd_;
-+ }
-+
-+#if BUILDFLAG(USING_SANITIZER)
-+ __sanitizer_sandbox_arguments* sanitizer_args() const {
-+ return sanitizer_args_.get();
-+ };
-+#endif
-+
-+ // A BrokerProcess is a helper that is started before the sandbox is engaged,
-+ // typically from a pre-sandbox hook, that will serve requests to access
-+ // files over an IPC channel. The client of this runs from a SIGSYS handler
-+ // triggered by the seccomp-bpf sandbox.
-+ // |client_sandbox_policy| is the policy being run by the client, and is
-+ // used to derive the equivalent broker-side policy.
-+ // |broker_side_hook| is an alternate pre-sandbox hook to be run before the
-+ // broker itself gets sandboxed, to which the broker side policy and
-+ // |options| are passed.
-+ // Crashes the process if the broker can not be started since continuation
-+ // is impossible (and presumably unsafe).
-+ // This should never be destroyed, as after the sandbox is started it is
-+ // vital to the process.
-+#if 0
-+ void StartBrokerProcess(
-+ const sandbox::syscall_broker::BrokerCommandSet& allowed_command_set,
-+ std::vector<sandbox::syscall_broker::BrokerFilePermission> permissions,
-+ PreSandboxHook broker_side_hook,
-+ const Options& options);
-+
-+ sandbox::syscall_broker::BrokerProcess* broker_process() const {
-+ return broker_process_;
-+ }
-+#endif
-+
-+ private:
-+ friend struct base::DefaultSingletonTraits<SandboxLinux>;
-+
-+ SandboxLinux();
-+ ~SandboxLinux();
-+
-+ // We must have been pre_initialized_ before using these.
-+ bool seccomp_bpf_supported() const;
-+ bool seccomp_bpf_with_tsync_supported() const;
-+
-+ // Returns true if it can be determined that the current process has open
-+ // directories that are not managed by the SandboxLinux class. This would
-+ // be a vulnerability as it would allow to bypass the setuid sandbox.
-+ bool HasOpenDirectories() const;
-+
-+ // The last part of the initialization is to make sure any temporary "hole"
-+ // in the sandbox is closed. For now, this consists of closing proc_fd_.
-+ void SealSandbox();
-+
-+ // GetStatus() makes promises as to how the sandbox will behave. This
-+ // checks that no promises have been broken.
-+ void CheckForBrokenPromises(sandbox::mojom::Sandbox sandbox_type);
-+
-+ // Stop |thread| and make sure it does not appear in /proc/self/tasks/
-+ // anymore.
-+ void StopThreadAndEnsureNotCounted(base::Thread* thread) const;
-+
-+ // A file descriptor to /proc. It's dangerous to have it around as it could
-+ // allow for sandbox bypasses. It needs to be closed before we consider
-+ // ourselves sandboxed.
-+ int proc_fd_;
-+
-+ bool seccomp_bpf_started_;
-+ // The value returned by GetStatus(). Gets computed once and then cached.
-+ int sandbox_status_flags_;
-+ // Did PreinitializeSandbox() run?
-+ bool pre_initialized_;
-+ bool seccomp_bpf_supported_; // Accurate if pre_initialized_.
-+ bool seccomp_bpf_with_tsync_supported_; // Accurate if pre_initialized_.
-+ bool yama_is_enforcing_; // Accurate if pre_initialized_.
-+ bool initialize_sandbox_ran_; // InitializeSandbox() was called.
-+#if BUILDFLAG(USING_SANITIZER)
-+ std::unique_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;
-+#endif
-+ sandbox::syscall_broker::BrokerProcess* broker_process_; // Leaked as global.
-+};
-+
-+} // namespace policy
-+} // namespace sandbox
-+
-+#endif // SANDBOX_POLICY_LINUX_SANDBOX_OPENBSD_H_
Home |
Main Index |
Thread Index |
Old Index