Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(490)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/util.cc

Issue 11411254: SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Changelist is ready for initial review; still needs a few TODO()s to be resolved, though. Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« sandbox/linux/seccomp-bpf/syscall_iterator.cc ('K') | « sandbox/linux/seccomp-bpf/util.h ('k') | sandbox/linux/seccomp-bpf/verifier.h » ('j') | sandbox/linux/seccomp-bpf/verifier.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <dirent.h> 5 #include <dirent.h>
6 #include <errno.h> 6 #include <errno.h>
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <stdarg.h> 8 #include <stdarg.h>
9 #include <stdlib.h> 9 #include <stdlib.h>
10 #include <string.h> 10 #include <string.h>
11 #include <sys/socket.h> 11 #include <sys/socket.h>
12 #include <sys/types.h> 12 #include <sys/types.h>
13 #include <unistd.h> 13 #include <unistd.h>
14 14
15 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 15 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
16 #include "sandbox/linux/seccomp-bpf/util.h" 16 #include "sandbox/linux/seccomp-bpf/util.h"
17 17
18 namespace playground2 { 18 namespace playground2 {
19 19
20 bool Util::sendFds(int transport, const void *buf, size_t len, ...) { 20 bool Util::SendFds(int transport, const void *buf, size_t len, ...) {
21 int count = 0; 21 int count = 0;
22 va_list ap; 22 va_list ap;
23 va_start(ap, len); 23 va_start(ap, len);
24 while (va_arg(ap, int) >= 0) { 24 while (va_arg(ap, int) >= 0) {
25 ++count; 25 ++count;
26 } 26 }
27 va_end(ap); 27 va_end(ap);
28 if (!count) { 28 if (!count) {
29 return false; 29 return false;
30 } 30 }
(...skipping 17 matching lines...) Expand all
48 cmsg->cmsg_type = SCM_RIGHTS; 48 cmsg->cmsg_type = SCM_RIGHTS;
49 cmsg->cmsg_len = CMSG_LEN(count*sizeof(int)); 49 cmsg->cmsg_len = CMSG_LEN(count*sizeof(int));
50 va_start(ap, len); 50 va_start(ap, len);
51 for (int i = 0, fd; (fd = va_arg(ap, int)) >= 0; ++i) { 51 for (int i = 0, fd; (fd = va_arg(ap, int)) >= 0; ++i) {
52 (reinterpret_cast<int *>(CMSG_DATA(cmsg)))[i] = fd; 52 (reinterpret_cast<int *>(CMSG_DATA(cmsg)))[i] = fd;
53 } 53 }
54 return sendmsg(transport, &msg, 0) == 54 return sendmsg(transport, &msg, 0) ==
55 static_cast<ssize_t>(sizeof(dummy) + ((buf && len > 0) ? len : 0)); 55 static_cast<ssize_t>(sizeof(dummy) + ((buf && len > 0) ? len : 0));
56 } 56 }
57 57
58 bool Util::getFds(int transport, void *buf, size_t *len, ...) { 58 bool Util::GetFds(int transport, void *buf, size_t *len, ...) {
59 int count = 0; 59 int count = 0;
60 va_list ap; 60 va_list ap;
61 va_start(ap, len); 61 va_start(ap, len);
62 for (int *fd; (fd = va_arg(ap, int *)) != NULL; ++count) { 62 for (int *fd; (fd = va_arg(ap, int *)) != NULL; ++count) {
63 *fd = -1; 63 *fd = -1;
64 } 64 }
65 va_end(ap); 65 va_end(ap);
66 if (!count) { 66 if (!count) {
67 return false; 67 return false;
68 } 68 }
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 return false; 108 return false;
109 } 109 }
110 va_start(ap, len); 110 va_start(ap, len);
111 for (int *fd, i = 0; (fd = va_arg(ap, int *)) != NULL; ++i) { 111 for (int *fd, i = 0; (fd = va_arg(ap, int *)) != NULL; ++i) {
112 *fd = (reinterpret_cast<int *>(CMSG_DATA(cmsg)))[i]; 112 *fd = (reinterpret_cast<int *>(CMSG_DATA(cmsg)))[i];
113 } 113 }
114 va_end(ap); 114 va_end(ap);
115 return true; 115 return true;
116 } 116 }
117 117
118 void Util::closeAllBut(int fd, ...) { 118 void Util::CloseAllBut(int fd, ...) {
119 int proc_fd; 119 int proc_fd;
120 int fdir; 120 int fdir;
121 if ((proc_fd = Sandbox::proc_fd()) < 0 || 121 if ((proc_fd = Sandbox::ProcFd()) < 0 ||
122 (fdir = openat(proc_fd, "self/fd", O_RDONLY|O_DIRECTORY)) < 0) { 122 (fdir = openat(proc_fd, "self/fd", O_RDONLY|O_DIRECTORY)) < 0) {
123 SANDBOX_DIE("Cannot access \"/proc/self/fd\""); 123 SANDBOX_DIE("Cannot access \"/proc/self/fd\"");
124 } 124 }
125 int dev_null = open("/dev/null", O_RDWR); 125 int dev_null = open("/dev/null", O_RDWR);
126 DIR *dir = fdopendir(fdir); 126 DIR *dir = fdopendir(fdir);
127 struct dirent de, *res; 127 struct dirent de, *res;
128 while (!readdir_r(dir, &de, &res) && res) { 128 while (!readdir_r(dir, &de, &res) && res) {
129 if (res->d_name[0] < '0') { 129 if (res->d_name[0] < '0') {
130 continue; 130 continue;
131 } 131 }
(...skipping 23 matching lines...) Expand all
155 } 155 }
156 } 156 }
157 closedir(dir); 157 closedir(dir);
158 if (dev_null >= 0) { 158 if (dev_null >= 0) {
159 if (HANDLE_EINTR(close(dev_null))) { } 159 if (HANDLE_EINTR(close(dev_null))) { }
160 } 160 }
161 return; 161 return;
162 } 162 }
163 163
164 } // namespace 164 } // namespace
OLDNEW
« sandbox/linux/seccomp-bpf/syscall_iterator.cc ('K') | « sandbox/linux/seccomp-bpf/util.h ('k') | sandbox/linux/seccomp-bpf/verifier.h » ('j') | sandbox/linux/seccomp-bpf/verifier.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698