sandbox/linux/seccomp-bpf/syscall.h - Issue 11363212: Added support for greylisting of system calls.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/linux/seccomp-bpf/syscall.h

Issue 11363212: Added support for greylisting of system calls. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Addressed reviewer's comments Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_H__

	6 #define SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_H__

	7

	8 #include <stdint.h>

	9 #include <signal.h>

	10

	11 namespace playground2 {

	12

	13 // We have to make sure that we have a single "magic" return address for

	14 // our system calls, which we can check from within a BPF filter. This

	15 // works by writing a little bit of asm() code that a) enters the kernel, and

	16 // that also b) can be invoked in a way that computes this return address.

	17 // Passing "nr" as "-1" computes the "magic" return address. Passing any

	18 // other value invokes the appropriate system call.

	19 intptr_t Syscall(int nr, ...);
	jln (very slow on Chromium) 2012/11/20 01:08:31 Should we rename this to DirectSyscall() maybe ? I Should we rename this to DirectSyscall() maybe ? I fear confusion between Syscall() and syscall().
	20

	21 } // namespace

	22

	23 #endif // SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_H__

OLD	NEW