| Index: sandbox/linux/seccomp-bpf/sandbox_bpf.h
|
| diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
|
| index 5a177ad72bbd330cdb53fd24dd909392a5c3ac1a..8cc3b7b00b3267726512397075da0879cd9bd0e9 100644
|
| --- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
|
| +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
|
| @@ -87,8 +87,9 @@
|
| #define SECCOMP_MAX_PROGRAM_SIZE (1<<30)
|
|
|
| #if defined(__i386__)
|
| -#define MIN_SYSCALL 0u
|
| -#define MAX_SYSCALL 1024u
|
| +#define MIN_SYSCALL 0u
|
| +#define MAX_PUBLIC_SYSCALL 1024u
|
| +#define MAX_SYSCALL MAX_PUBLIC_SYSCALL
|
| #define SECCOMP_ARCH AUDIT_ARCH_I386
|
|
|
| #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
|
| @@ -103,8 +104,9 @@
|
| #define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, REG_EBP)
|
|
|
| #elif defined(__x86_64__)
|
| -#define MIN_SYSCALL 0u
|
| -#define MAX_SYSCALL 1024u
|
| +#define MIN_SYSCALL 0u
|
| +#define MAX_PUBLIC_SYSCALL 1024u
|
| +#define MAX_SYSCALL MAX_PUBLIC_SYSCALL
|
| #define SECCOMP_ARCH AUDIT_ARCH_X86_64
|
|
|
| #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
|
| @@ -123,8 +125,12 @@
|
| // and a "ghost syscall private to the kernel", cmpxchg,
|
| // at |__ARM_NR_BASE+0x00fff0|.
|
| // See </arch/arm/include/asm/unistd.h> in the Linux kernel.
|
| -#define MIN_SYSCALL ((unsigned int)__NR_SYSCALL_BASE)
|
| -#define MAX_SYSCALL ((unsigned int)__ARM_NR_BASE + 0x00ffffu)
|
| +#define MIN_SYSCALL ((unsigned int)__NR_SYSCALL_BASE)
|
| +#define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + 1024u)
|
| +#define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE)
|
| +#define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u)
|
| +#define MIN_GHOST_SYSCALL ((unsigned int)__ARM_NR_BASE + 0xfff0u)
|
| +#define MAX_SYSCALL (MIN_GHOST_SYSCALL + 4u)
|
| // <linux/audit.h> includes <linux/elf-em.h>, which does not define EM_ARM.
|
| // <linux/elf.h> only includes <asm/elf.h> if we're in the kernel.
|
| # if !defined(EM_ARM)
|
| @@ -151,6 +157,15 @@
|
|
|
| #endif
|
|
|
| +#if defined(SECCOMP_BPF_STANDALONE)
|
| +#define arraysize(x) (sizeof(x)/sizeof(*(x)))
|
| +#define HANDLE_EINTR TEMP_FAILURE_RETRY
|
| +#define DISALLOW_IMPLICIT_CONSTRUCTORS(TypeName) \
|
| + TypeName(); \
|
| + TypeName(const TypeName&); \
|
| + void operator=(const TypeName&)
|
| +#endif
|
| +
|
| #include "sandbox/linux/seccomp-bpf/die.h"
|
| #include "sandbox/linux/seccomp-bpf/errorcode.h"
|
|
|
| @@ -169,15 +184,6 @@ struct arch_sigsys {
|
| unsigned int arch;
|
| };
|
|
|
| -#if defined(SECCOMP_BPF_STANDALONE)
|
| -#define arraysize(x) sizeof(x)/sizeof(*(x)))
|
| -#define HANDLE_EINTR TEMP_FAILURE_RETRY
|
| -#define DISALLOW_IMPLICIT_CONSTRUCTORS(TypeName) \
|
| - TypeName(); \
|
| - TypeName(const TypeName&); \
|
| - void operator=(const TypeName&)
|
| -#endif
|
| -
|
| class Sandbox {
|
| public:
|
| enum SandboxStatus {
|
| @@ -217,6 +223,11 @@ class Sandbox {
|
| Constraint *constraint);
|
| typedef std::vector<std::pair<EvaluateSyscall,EvaluateArguments> >Evaluators;
|
|
|
| + // Checks whether a particular system call number is valid on the current
|
| + // architecture. E.g. on ARM there's a non-contiguous range of private
|
| + // system calls.
|
| + static bool isValidSyscallNumber(int sysnum);
|
| +
|
| // There are a lot of reasons why the Seccomp sandbox might not be available.
|
| // This could be because the kernel does not support Seccomp mode, or it
|
| // could be because another sandbox is already active.
|
| @@ -291,7 +302,7 @@ class Sandbox {
|
|
|
| static ErrorCode probeEvaluator(int signo) __attribute__((const));
|
| static void probeProcess(void);
|
| - static ErrorCode allowAllEvaluator(int signo);
|
| + static ErrorCode allowAllEvaluator(int sysnum);
|
| static void tryVsyscallProcess(void);
|
| static bool kernelSupportSeccompBPF(int proc_fd);
|
| static bool RunFunctionInPolicy(void (*function)(),
|
|
|
Chromium Code Reviews
Issue 11096012:
Add a platform-specific syscall number iterator. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master