Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Side by Side Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.h

Issue 10535089: Avoid all library calls (including calls to destructors) after enabling the sandbox. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_BPF_H__ 5 #ifndef SANDBOX_BPF_H__
6 #define SANDBOX_BPF_H__ 6 #define SANDBOX_BPF_H__
7 7
8 #include <endian.h> 8 #include <endian.h>
9 #include <errno.h> 9 #include <errno.h>
10 #include <fcntl.h> 10 #include <fcntl.h>
(...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after
223 // notice and file a bug... 223 // notice and file a bug...
224 syscall(__NR_exit_group, 1); 224 syscall(__NR_exit_group, 1);
225 _exit(1); 225 _exit(1);
226 } 226 }
227 } 227 }
228 228
229 // Get a file descriptor pointing to "/proc", if currently available. 229 // Get a file descriptor pointing to "/proc", if currently available.
230 static int getProcFd() { return proc_fd_; } 230 static int getProcFd() { return proc_fd_; }
231 231
232 private: 232 private:
233 typedef std::vector<struct sock_filter> Program;
234
233 static ErrorCode probeEvaluator(int signo); 235 static ErrorCode probeEvaluator(int signo);
234 static bool kernelSupportSeccompBPF(int proc_fd); 236 static bool kernelSupportSeccompBPF(int proc_fd);
235 237 static bool isSingleThreaded(int proc_fd);
236 static bool isSingleThreaded(int proc_fd); 238 static bool disableFilesystem();
237 static bool disableFilesystem(); 239 static void installFilter();
238 static void installFilter(); 240 static void sigSys(int nr, siginfo_t *info, void *void_context);
239 static void sigSys(int nr, siginfo_t *info, void *void_context);
240 241
241 static bool suppressLogging_; 242 static bool suppressLogging_;
242 static SandboxStatus status_; 243 static SandboxStatus status_;
243 static int proc_fd_; 244 static int proc_fd_;
244 static Evaluators evaluators_; 245 static Evaluators evaluators_;
245 }; 246 };
246 247
247 } // namespace 248 } // namespace
248 249
249 #endif // SANDBOX_BPF_H__ 250 #endif // SANDBOX_BPF_H__
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698