| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_H__ |
| 7 |
| 8 #include <signal.h> |
| 9 #include <stdint.h> |
| 10 |
| 11 namespace playground2 { |
| 12 |
| 13 // We have to make sure that we have a single "magic" return address for |
| 14 // our system calls, which we can check from within a BPF filter. This |
| 15 // works by writing a little bit of asm() code that a) enters the kernel, and |
| 16 // that also b) can be invoked in a way that computes this return address. |
| 17 // Passing "nr" as "-1" computes the "magic" return address. Passing any |
| 18 // other value invokes the appropriate system call. |
| 19 intptr_t SandboxSyscall(int nr, ...); |
| 20 |
| 21 } // namespace |
| 22 |
| 23 #endif // SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11419121:
SECCOMP-BPF: Added support for greylisting of system calls. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src