Add basic ARM support to the seccomp-bpf sandbox.

sandbox/linux/seccomp-bpf/sandbox_bpf.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <time.h>
 
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/seccomp-bpf/verifier.h"
 
 // The kernel gives us a sandbox, we turn it into a playground :-)
@@ skipping 584 matching lines @@
   // all CPU registers at the time of the signal.
   ucontext_t *ctx = reinterpret_cast<ucontext_t *>(void_context);
 
   // Obtain the siginfo information that is specific to SIGSYS. Unfortunately,
   // most versions of glibc don't include this information in siginfo_t. So,
   // we need to explicitly copy it into a arch_sigsys structure.
   struct arch_sigsys sigsys;
   memcpy(&sigsys, &info->_sifields, sizeof(sigsys));
 
   // Some more sanity checks.
-  if (sigsys.ip != reinterpret_cast<void *>(ctx->uc_mcontext.gregs[REG_IP]) ||
-      sigsys.nr != static_cast<int>(ctx->uc_mcontext.gregs[REG_SYSCALL]) ||
+  if (sigsys.ip != reinterpret_cast<void *>(SECCOMP_IP(ctx)) ||
+      sigsys.nr != static_cast<int>(SECCOMP_SYSCALL(ctx)) ||
       sigsys.arch != SECCOMP_ARCH) {
     goto sigsys_err;
   }
 
   // Copy the seccomp-specific data into a arch_seccomp_data structure. This
   // is what we are showing to TrapFnc callbacks that the system call evaluator
   // registered with the sandbox.
   struct arch_seccomp_data data = {
     sigsys.nr,
     SECCOMP_ARCH,
     reinterpret_cast<uint64_t>(sigsys.ip),
     {
-      static_cast<uint64_t>(ctx->uc_mcontext.gregs[REG_PARM1]),
-      static_cast<uint64_t>(ctx->uc_mcontext.gregs[REG_PARM2]),
-      static_cast<uint64_t>(ctx->uc_mcontext.gregs[REG_PARM3]),
-      static_cast<uint64_t>(ctx->uc_mcontext.gregs[REG_PARM4]),
-      static_cast<uint64_t>(ctx->uc_mcontext.gregs[REG_PARM5]),
-      static_cast<uint64_t>(ctx->uc_mcontext.gregs[REG_PARM6])
+      static_cast<uint64_t>(SECCOMP_PARM1(ctx)),
+      static_cast<uint64_t>(SECCOMP_PARM2(ctx)),
+      static_cast<uint64_t>(SECCOMP_PARM3(ctx)),
+      static_cast<uint64_t>(SECCOMP_PARM4(ctx)),
+      static_cast<uint64_t>(SECCOMP_PARM5(ctx)),
+      static_cast<uint64_t>(SECCOMP_PARM6(ctx))
     }
   };
 
   // Now call the TrapFnc callback associated with this particular instance
   // of SECCOMP_RET_TRAP.
   const ErrorCode& err = trapArray_[info->si_errno - 1];
   intptr_t rc          = err.fnc_(data, err.aux_);
 
   // Update the CPU register that stores the return code of the system call
   // that we just handled, and restore "errno" to the value that it had
   // before entering the signal handler.
-  ctx->uc_mcontext.gregs[REG_RESULT] = static_cast<greg_t>(rc);
-  errno                              = old_errno;
+  SECCOMP_RESULT(ctx) = static_cast<greg_t>(rc);
+  errno               = old_errno;
 
   return;
 }
 
 intptr_t Sandbox::bpfFailure(const struct arch_seccomp_data&, void *aux) {
   die(static_cast<char *>(aux));
 }
 
 int Sandbox::getTrapId(Sandbox::TrapFnc fnc, const void *aux) {
   // Each unique pair of TrapFnc and auxiliary data make up a distinct instance
@@ skipping 38 matching lines @@
 bool Sandbox::dryRun_                   = false;
 Sandbox::SandboxStatus Sandbox::status_ = STATUS_UNKNOWN;
 int    Sandbox::proc_fd_                = -1;
 Sandbox::Evaluators Sandbox::evaluators_;
 Sandbox::Traps *Sandbox::traps_         = NULL;
 Sandbox::TrapIds Sandbox::trapIds_;
 Sandbox::ErrorCode *Sandbox::trapArray_ = NULL;
 size_t Sandbox::trapArraySize_          = 0;
 
 }  // namespace