Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(502)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf/die.cc

Issue 11419121: SECCOMP-BPF: Added support for greylisting of system calls. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: More unittest coverage Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/die.h ('k') | sandbox/linux/seccomp-bpf/errorcode.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf/die.cc
diff --git a/sandbox/linux/seccomp-bpf/die.cc b/sandbox/linux/seccomp-bpf/die.cc
index b141424f58de33a93cdd4bbfc6d6681b6f7c549e..92ffa2ab1e41a4cb52ea3160ec9e3824349546c3 100644
--- a/sandbox/linux/seccomp-bpf/die.cc
+++ b/sandbox/linux/seccomp-bpf/die.cc
@@ -5,6 +5,7 @@
#include <string>
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/seccomp-bpf/syscall.h"
namespace playground2 {
@@ -15,7 +16,7 @@ void Die::ExitGroup() {
// Especially, since we are dealing with system call filters. Continuing
// execution would be very bad in most cases where ExitGroup() gets called.
// So, we'll try a few other strategies too.
- syscall(__NR_exit_group, 1);
+ SandboxSyscall(__NR_exit_group, 1);
// We have no idea what our run-time environment looks like. So, signal
// handlers might or might not do the right thing. Try to reset settings
@@ -23,7 +24,7 @@ void Die::ExitGroup() {
// succeeded in doing so. Nonetheless, triggering a fatal signal could help
// us terminate.
signal(SIGSEGV, SIG_DFL);
- syscall(__NR_prctl, PR_SET_DUMPABLE, (void *)0, (void *)0, (void *)0);
+ SandboxSyscall(__NR_prctl, PR_SET_DUMPABLE, (void *)0, (void *)0, (void *)0);
if (*(volatile char *)0) { }
// If there is no way for us to ask for the program to exit, the next
@@ -32,7 +33,7 @@ void Die::ExitGroup() {
// We in fact retry the system call inside of our loop so that it will
// stand out when somebody tries to diagnose the problem by using "strace".
for (;;) {
- syscall(__NR_exit_group, 1);
+ SandboxSyscall(__NR_exit_group, 1);
}
}
@@ -49,6 +50,16 @@ void Die::SandboxDie(const char *msg, const char *file, int line) {
ExitGroup();
}
+void Die::SandboxInfo(const char *msg, const char *file, int line) {
+ if (!suppress_info_) {
+ #if defined(SECCOMP_BPF_STANDALONE)
+ Die::LogToStderr(msg, file, line);
+ #else
+ logging::LogMessage(file, line, logging::LOG_INFO).stream() << msg;
+ #endif
+ }
+}
+
void Die::LogToStderr(const char *msg, const char *file, int line) {
if (msg) {
char buf[40];
@@ -57,10 +68,11 @@ void Die::LogToStderr(const char *msg, const char *file, int line) {
// No need to loop. Short write()s are unlikely and if they happen we
// probably prefer them over a loop that blocks.
- if (HANDLE_EINTR(write(2, s.c_str(), s.length()))) { }
+ if (HANDLE_EINTR(SandboxSyscall(__NR_write, 2, s.c_str(), s.length()))) { }
}
}
-bool Die::simple_exit_ = false;
+bool Die::simple_exit_ = false;
+bool Die::suppress_info_ = false;
} // namespace
« no previous file with comments | « sandbox/linux/seccomp-bpf/die.h ('k') | sandbox/linux/seccomp-bpf/errorcode.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698