Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(421)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/errorcode.h

Issue 11363212: Added support for greylisting of system calls. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressed reviewer's comments Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf/die.cc ('k') | sandbox/linux/seccomp-bpf/errorcode.cc » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
7 7
8 namespace playground2 { 8 namespace playground2 {
9 9
10 struct arch_seccomp_data; 10 struct arch_seccomp_data;
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
87 friend class Sandbox; 87 friend class Sandbox;
88 friend class Verifier; 88 friend class Verifier;
89 89
90 enum ErrorType { 90 enum ErrorType {
91 ET_INVALID, ET_SIMPLE, ET_TRAP, ET_COND, 91 ET_INVALID, ET_SIMPLE, ET_TRAP, ET_COND,
92 }; 92 };
93 93
94 // If we are wrapping a callback, we must assign a unique id. This id is 94 // If we are wrapping a callback, we must assign a unique id. This id is
95 // how the kernel tells us which one of our different SECCOMP_RET_TRAP 95 // how the kernel tells us which one of our different SECCOMP_RET_TRAP
96 // cases has been triggered. 96 // cases has been triggered.
97 ErrorCode(TrapFnc fnc, const void *aux, uint16_t id); 97 ErrorCode(TrapFnc fnc, const void *aux, bool safe, uint16_t id);
98 98
99 // Some system calls require inspection of arguments. This constructor 99 // Some system calls require inspection of arguments. This constructor
100 // allows us to specify additional constraints. 100 // allows us to specify additional constraints.
101 ErrorCode(int argno, ArgType width, Operation op, uint64_t value, 101 ErrorCode(int argno, ArgType width, Operation op, uint64_t value,
102 const ErrorCode *passed, const ErrorCode *failed); 102 const ErrorCode *passed, const ErrorCode *failed);
103 103
104 ErrorType error_type_; 104 ErrorType error_type_;
105 105
106 union { 106 union {
107 // Fields needed for SECCOMP_RET_TRAP callbacks 107 // Fields needed for SECCOMP_RET_TRAP callbacks
108 struct { 108 struct {
109 TrapFnc fnc_; // Callback function and arg, if trap was 109 TrapFnc fnc_; // Callback function and arg, if trap was
110 void *aux_; // triggered by the kernel's BPF filter. 110 void *aux_; // triggered by the kernel's BPF filter.
111 bool safe_; // Keep sandbox active while calling fnc_()
111 }; 112 };
112 113
113 // Fields needed when inspecting additional arguments. 114 // Fields needed when inspecting additional arguments.
114 struct { 115 struct {
115 uint64_t value_; // Value that we are comparing with. 116 uint64_t value_; // Value that we are comparing with.
116 int argno_; // Syscall arg number that we are inspecting. 117 int argno_; // Syscall arg number that we are inspecting.
117 ArgType width_; // Whether we are looking at a 32/64bit value. 118 ArgType width_; // Whether we are looking at a 32/64bit value.
118 Operation op_; // Comparison operation. 119 Operation op_; // Comparison operation.
119 const ErrorCode *passed_; // Value to be returned if comparison passed, 120 const ErrorCode *passed_; // Value to be returned if comparison passed,
120 const ErrorCode *failed_; // or if it failed. 121 const ErrorCode *failed_; // or if it failed.
121 }; 122 };
122 }; 123 };
123 124
124 // 32bit field used for all possible types of ErrorCode values. This is 125 // 32bit field used for all possible types of ErrorCode values. This is
125 // the value that uniquely identifies any ErrorCode and it (typically) can 126 // the value that uniquely identifies any ErrorCode and it (typically) can
126 // be emitted directly into a BPF filter program. 127 // be emitted directly into a BPF filter program.
127 uint32_t err_; 128 uint32_t err_;
128 129
129 }; 130 };
130 131
131 } // namespace 132 } // namespace
132 133
133 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ 134 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/die.cc ('k') | sandbox/linux/seccomp-bpf/errorcode.cc » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698