Add a platform-specific syscall number iterator.

sandbox/linux/seccomp-bpf/sandbox_bpf.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
 
 #include <endian.h>
 #include <errno.h>
 #include <fcntl.h>
@@ skipping 69 matching lines @@
 #ifndef SYS_SECCOMP
 #define SYS_SECCOMP                   1
 #endif
 
 // Impose some reasonable maximum BPF program size. Realistically, the
 // kernel probably has much lower limits. But by limiting to less than
 // 30 bits, we can ease requirements on some of our data types.
 #define SECCOMP_MAX_PROGRAM_SIZE (1<<30)
 
 #if defined(__i386__)
-#define MIN_SYSCALL  0u
-#define MAX_SYSCALL  1024u
+#define MIN_SYSCALL         0u
+#define MAX_PUBLIC_SYSCALL  1024u
+#define MAX_SYSCALL         MAX_PUBLIC_SYSCALL
 #define SECCOMP_ARCH AUDIT_ARCH_I386
 
 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
 #define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_EAX)
 #define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_EAX)
 #define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_EIP)
 #define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_EBX)
 #define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_ECX)
 #define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_EDX)
 #define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_ESI)
 #define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_EDI)
 #define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_EBP)
 
 #elif defined(__x86_64__)
-#define MIN_SYSCALL  0u
-#define MAX_SYSCALL  1024u
+#define MIN_SYSCALL         0u
+#define MAX_PUBLIC_SYSCALL  1024u
+#define MAX_SYSCALL         MAX_PUBLIC_SYSCALL
 #define SECCOMP_ARCH AUDIT_ARCH_X86_64
 
 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
 #define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_RAX)
 #define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_RAX)
 #define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_RIP)
 #define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_RDI)
 #define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_RSI)
 #define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_RDX)
 #define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_R10)
 #define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_R8)
 #define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_R9)
 
 #elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
 // ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|,
 // and a "ghost syscall private to the kernel", cmpxchg,
 // at |__ARM_NR_BASE+0x00fff0|.
 // See </arch/arm/include/asm/unistd.h> in the Linux kernel.
-#define MIN_SYSCALL  ((unsigned int)__NR_SYSCALL_BASE)
-#define MAX_SYSCALL  ((unsigned int)__ARM_NR_BASE + 0x00ffffu)
+#define MIN_SYSCALL         ((unsigned int)__NR_SYSCALL_BASE)
+#define MAX_PUBLIC_SYSCALL  (MIN_SYSCALL + 1024u)
+#define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE)
+#define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u)
+#define MIN_GHOST_SYSCALL   ((unsigned int)__ARM_NR_BASE + 0xfff0u)
+#define MAX_SYSCALL         (MIN_GHOST_SYSCALL + 4u)
 // <linux/audit.h> includes <linux/elf-em.h>, which does not define EM_ARM.
 // <linux/elf.h> only includes <asm/elf.h> if we're in the kernel.
 # if !defined(EM_ARM)
 # define EM_ARM 40
 # endif
 #define SECCOMP_ARCH AUDIT_ARCH_ARM
 
 // ARM sigcontext_t is different from i386/x86_64.
 // See </arch/arm/include/asm/sigcontext.h> in the Linux kernel.
 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.arm_##_reg)
 // ARM EABI syscall convention.
 #define SECCOMP_RESULT(_ctx)     SECCOMP_REG(_ctx, r0)
 #define SECCOMP_SYSCALL(_ctx)    SECCOMP_REG(_ctx, r7)
 #define SECCOMP_IP(_ctx)         SECCOMP_REG(_ctx, pc)
 #define SECCOMP_PARM1(_ctx)      SECCOMP_REG(_ctx, r0)
 #define SECCOMP_PARM2(_ctx)      SECCOMP_REG(_ctx, r1)
 #define SECCOMP_PARM3(_ctx)      SECCOMP_REG(_ctx, r2)
 #define SECCOMP_PARM4(_ctx)      SECCOMP_REG(_ctx, r3)
 #define SECCOMP_PARM5(_ctx)      SECCOMP_REG(_ctx, r4)
 #define SECCOMP_PARM6(_ctx)      SECCOMP_REG(_ctx, r5)
 
 #else
 #error Unsupported target platform
 
 #endif
 
+#if defined(SECCOMP_BPF_STANDALONE)
+#define arraysize(x) (sizeof(x)/sizeof(*(x)))
+#define HANDLE_EINTR TEMP_FAILURE_RETRY
+#define DISALLOW_IMPLICIT_CONSTRUCTORS(TypeName) \
+  TypeName();                                    \
+  TypeName(const TypeName&);                     \
+  void operator=(const TypeName&)
+#endif
+
 #include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 
 namespace playground2 {
 
 struct arch_seccomp_data {
   int      nr;
   uint32_t arch;
   uint64_t instruction_pointer;
   uint64_t args[6];
 };
 
 struct arch_sigsys {
   void         *ip;
   int          nr;
   unsigned int arch;
 };
 
-#if defined(SECCOMP_BPF_STANDALONE)
-#define arraysize(x) sizeof(x)/sizeof(*(x)))
-#define HANDLE_EINTR TEMP_FAILURE_RETRY
-#define DISALLOW_IMPLICIT_CONSTRUCTORS(TypeName) \
-  TypeName();                                    \
-  TypeName(const TypeName&);                     \
-  void operator=(const TypeName&)
-#endif
-
 class Sandbox {
  public:
   enum SandboxStatus {
     STATUS_UNKNOWN,      // Status prior to calling supportsSeccompSandbox()
     STATUS_UNSUPPORTED,  // The kernel does not appear to support sandboxing
     STATUS_UNAVAILABLE,  // Currently unavailable but might work again later
     STATUS_AVAILABLE,    // Sandboxing is available but not currently active
     STATUS_ENABLED       // The sandbox is now active
   };
 
@@ skipping 19 matching lines @@
     uint32_t  value;
     ErrorCode passed;
     ErrorCode failed;
   };
 
   typedef ErrorCode (*EvaluateSyscall)(int sysno);
   typedef int       (*EvaluateArguments)(int sysno, int arg,
                                          Constraint *constraint);
   typedef std::vector<std::pair<EvaluateSyscall,EvaluateArguments> >Evaluators;
 
+  // ARM has a non-contiguous range of "private" system calls.
+  // Checks whether a particular system call number is valid.

[jln (very slow on Chromium), 2012/10/12 20:26:52]

Please remove the specific line about ARM above (or give use it as an example
only: "for instance, on ARM..")

I think the comment would be more clear this way: "Checks whether a particular
system call number is valid on the current architecture."

[Jorge Lucangeli Obes, 2012/10/13 01:39:30]

Done.

+  static bool isValidSyscallNumber(int sysnum);
+
   // There are a lot of reasons why the Seccomp sandbox might not be available.
   // This could be because the kernel does not support Seccomp mode, or it
   // could be because another sandbox is already active.
   // "proc_fd" should be a file descriptor for "/proc", or -1 if not
   // provided by the caller.
   static SandboxStatus supportsSeccompSandbox(int proc_fd);
 
   // The sandbox needs to be able to access files in "/proc/self". If this
   // directory is not accessible when "startSandbox()" gets called, the caller
   // can provide an already opened file descriptor by calling "setProcFd()".
@@ skipping 54 matching lines @@
   typedef std::vector<struct sock_filter> Program;
   typedef std::map<uint32_t, ErrorCode> ErrMap;
   typedef std::vector<ErrorCode> Traps;
   typedef std::map<std::pair<TrapFnc, const void *>, int> TrapIds;
 
   // Get a file descriptor pointing to "/proc", if currently available.
   static int proc_fd() { return proc_fd_; }
 
   static ErrorCode probeEvaluator(int signo) __attribute__((const));
   static void      probeProcess(void);
-  static ErrorCode allowAllEvaluator(int signo);
+  static ErrorCode allowAllEvaluator(int sysnum);
   static void      tryVsyscallProcess(void);
   static bool      kernelSupportSeccompBPF(int proc_fd);
   static bool      RunFunctionInPolicy(void (*function)(),
                                        EvaluateSyscall syscallEvaluator,
                                        int proc_fd);
   static void      startSandboxInternal(bool quiet);
   static bool      isSingleThreaded(int proc_fd);
   static bool      isDenied(const ErrorCode& code);
   static bool      disableFilesystem();
   static void      policySanityChecks(EvaluateSyscall syscallEvaluator,
@@ skipping 15 matching lines @@
   static Traps         *traps_;
   static TrapIds       trapIds_;
   static ErrorCode     *trapArray_;
   static size_t        trapArraySize_;
   DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);
 };
 
 }  // namespace
 
 #endif  // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__