Chromium Code Reviews Chromium Code Reviews
Issue 101773003:
Linux sandbox: cleanup sandbox-bpf naming. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <sys/types.h> | 9 #include <sys/types.h> |
| 10 #include <sys/wait.h> | 10 #include <sys/wait.h> |
| 11 | 11 |
| 12 #include <algorithm> | 12 #include <algorithm> |
| 13 #include <limits> | 13 #include <limits> |
| 14 #include <map> | 14 #include <map> |
| 15 #include <set> | 15 #include <set> |
| 16 #include <utility> | 16 #include <utility> |
| 17 #include <vector> | 17 #include <vector> |
| 18 | 18 |
| 19 #include "base/memory/scoped_ptr.h" | 19 #include "base/memory/scoped_ptr.h" |
| 20 #include "sandbox/linux/seccomp-bpf/die.h" | 20 #include "sandbox/linux/seccomp-bpf/die.h" |
| 21 #include "sandbox/linux/seccomp-bpf/errorcode.h" | 21 #include "sandbox/linux/seccomp-bpf/errorcode.h" |
| 22 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" | 22 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" |
| 23 | 23 |
| 24 namespace playground2 { | 24 namespace sandbox { |
| 25 | 25 |
| 26 struct arch_seccomp_data { | 26 struct arch_seccomp_data { |
| 27 int nr; | 27 int nr; |
| 28 uint32_t arch; | 28 uint32_t arch; |
| 29 uint64_t instruction_pointer; | 29 uint64_t instruction_pointer; |
| 30 uint64_t args[6]; | 30 uint64_t args[6]; |
| 31 }; | 31 }; |
| 32 | 32 |
| 33 struct arch_sigsys { | 33 struct arch_sigsys { |
| 34 void* ip; | 34 void* ip; |
| 35 int nr; | 35 int nr; |
| 36 unsigned int arch; | 36 unsigned int arch; |
| 37 }; | 37 }; |
| 38 | 38 |
| 39 class CodeGen; | 39 class CodeGen; |
| 40 class SandboxUnittestHelper; | 40 class SandboxUnittestHelper; |
| 41 class SandboxBpfPolicy; | 41 class SandboxBpfPolicy; |
| 42 struct Instruction; | 42 struct Instruction; |
| 43 | 43 |
| 44 class Sandbox { | 44 class SandboxBPF { |
|
Robert Sesek
2013/12/10 15:07:46
So we have SandboxBPF and SandboxBpfPolicy. We sho
jln (very slow on Chromium)
2013/12/10 18:43:47
I've been through the whole codebase and capitaliz
| |
| 45 public: | 45 public: |
| 46 enum SandboxStatus { | 46 enum SandboxStatus { |
| 47 STATUS_UNKNOWN, // Status prior to calling supportsSeccompSandbox() | 47 STATUS_UNKNOWN, // Status prior to calling supportsSeccompSandbox() |
| 48 STATUS_UNSUPPORTED, // The kernel does not appear to support sandboxing | 48 STATUS_UNSUPPORTED, // The kernel does not appear to support sandboxing |
| 49 STATUS_UNAVAILABLE, // Currently unavailable but might work again later | 49 STATUS_UNAVAILABLE, // Currently unavailable but might work again later |
| 50 STATUS_AVAILABLE, // Sandboxing is available but not currently active | 50 STATUS_AVAILABLE, // Sandboxing is available but not currently active |
| 51 STATUS_ENABLED // The sandbox is now active | 51 STATUS_ENABLED // The sandbox is now active |
| 52 }; | 52 }; |
| 53 | 53 |
| 54 // When calling setSandboxPolicy(), the caller can provide an arbitrary | 54 // When calling setSandboxPolicy(), the caller can provide an arbitrary |
| 55 // pointer in |aux|. This pointer will then be forwarded to the sandbox | 55 // pointer in |aux|. This pointer will then be forwarded to the sandbox |
| 56 // policy each time a call is made through an EvaluateSyscall function | 56 // policy each time a call is made through an EvaluateSyscall function |
| 57 // pointer. One common use case would be to pass the "aux" pointer as an | 57 // pointer. One common use case would be to pass the "aux" pointer as an |
| 58 // argument to Trap() functions. | 58 // argument to Trap() functions. |
| 59 typedef ErrorCode (*EvaluateSyscall)(Sandbox* sandbox_compiler, | 59 typedef ErrorCode (*EvaluateSyscall)(SandboxBPF* sandbox_compiler, |
| 60 int system_call_number, | 60 int system_call_number, |
| 61 void* aux); | 61 void* aux); |
| 62 typedef std::vector<std::pair<EvaluateSyscall, void*> > Evaluators; | 62 typedef std::vector<std::pair<EvaluateSyscall, void*> > Evaluators; |
| 63 // A vector of BPF instructions that need to be installed as a filter | 63 // A vector of BPF instructions that need to be installed as a filter |
| 64 // program in the kernel. | 64 // program in the kernel. |
| 65 typedef std::vector<struct sock_filter> Program; | 65 typedef std::vector<struct sock_filter> Program; |
| 66 | 66 |
| 67 // Constructors and destructors. | 67 // Constructors and destructors. |
| 68 // NOTE: Setting a policy and starting the sandbox is a one-way operation. | 68 // NOTE: Setting a policy and starting the sandbox is a one-way operation. |
| 69 // The kernel does not provide any option for unloading a loaded | 69 // The kernel does not provide any option for unloading a loaded |
| 70 // sandbox. Strictly speaking, that means we should disallow calling | 70 // sandbox. Strictly speaking, that means we should disallow calling |
| 71 // the destructor, if StartSandbox() has ever been called. In practice, | 71 // the destructor, if StartSandbox() has ever been called. In practice, |
| 72 // this makes it needlessly complicated to operate on "Sandbox" | 72 // this makes it needlessly complicated to operate on "Sandbox" |
| 73 // objects. So, we instead opted to allow object destruction. But it | 73 // objects. So, we instead opted to allow object destruction. But it |
| 74 // should be noted that during its lifetime, the object probably made | 74 // should be noted that during its lifetime, the object probably made |
| 75 // irreversible state changes to the runtime environment. These changes | 75 // irreversible state changes to the runtime environment. These changes |
| 76 // stay in effect even after the destructor has been run. | 76 // stay in effect even after the destructor has been run. |
| 77 Sandbox(); | 77 SandboxBPF(); |
| 78 ~Sandbox(); | 78 ~SandboxBPF(); |
| 79 | 79 |
| 80 // Checks whether a particular system call number is valid on the current | 80 // Checks whether a particular system call number is valid on the current |
| 81 // architecture. E.g. on ARM there's a non-contiguous range of private | 81 // architecture. E.g. on ARM there's a non-contiguous range of private |
| 82 // system calls. | 82 // system calls. |
| 83 static bool IsValidSyscallNumber(int sysnum); | 83 static bool IsValidSyscallNumber(int sysnum); |
| 84 | 84 |
| 85 // There are a lot of reasons why the Seccomp sandbox might not be available. | 85 // There are a lot of reasons why the Seccomp sandbox might not be available. |
| 86 // This could be because the kernel does not support Seccomp mode, or it | 86 // This could be because the kernel does not support Seccomp mode, or it |
| 87 // could be because another sandbox is already active. | 87 // could be because another sandbox is already active. |
| 88 // "proc_fd" should be a file descriptor for "/proc", or -1 if not | 88 // "proc_fd" should be a file descriptor for "/proc", or -1 if not |
| (...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 261 Instruction* CondExpression(CodeGen* gen, const ErrorCode& cond); | 261 Instruction* CondExpression(CodeGen* gen, const ErrorCode& cond); |
| 262 | 262 |
| 263 static SandboxStatus status_; | 263 static SandboxStatus status_; |
| 264 | 264 |
| 265 bool quiet_; | 265 bool quiet_; |
| 266 int proc_fd_; | 266 int proc_fd_; |
| 267 scoped_ptr<const SandboxBpfPolicy> policy_; | 267 scoped_ptr<const SandboxBpfPolicy> policy_; |
| 268 Conds* conds_; | 268 Conds* conds_; |
| 269 bool sandbox_has_started_; | 269 bool sandbox_has_started_; |
| 270 | 270 |
| 271 DISALLOW_COPY_AND_ASSIGN(Sandbox); | 271 DISALLOW_COPY_AND_ASSIGN(SandboxBPF); |
| 272 }; | 272 }; |
| 273 | 273 |
| 274 } // namespace | 274 } // namespace |
| 275 | 275 |
| 276 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ | 276 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ |
| OLD | NEW |
