Chromium Code Reviews Chromium Code Reviews
Issue 11612014:
Linux sandbox: modify GYP files to compile under Android. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ |
| 7 | 7 |
| 8 #include <endian.h> | 8 #include <endian.h> |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| 11 #include <linux/audit.h> | 11 //#include <linux/audit.h> |
|
Markus (顧孟勤)
2012/12/18 23:20:48
Probably insert a space so it looks the same as fo
jln (very slow on Chromium)
2012/12/18 23:24:55
Done.
| |
| 12 #include <linux/filter.h> | 12 #include <linux/filter.h> |
| 13 // #include <linux/seccomp.h> | 13 // #include <linux/seccomp.h> |
| 14 #include <linux/unistd.h> | 14 #include <linux/unistd.h> |
| 15 #include <netinet/in.h> | 15 #include <netinet/in.h> |
| 16 #include <netinet/tcp.h> | 16 #include <netinet/tcp.h> |
| 17 #include <netinet/udp.h> | 17 #include <netinet/udp.h> |
| 18 #include <sched.h> | 18 #include <sched.h> |
| 19 #include <signal.h> | 19 #include <signal.h> |
| 20 #include <stddef.h> | 20 #include <stddef.h> |
| 21 #include <stdint.h> | 21 #include <stdint.h> |
| 22 #include <stdio.h> | 22 #include <stdio.h> |
| 23 #include <stdlib.h> | 23 #include <stdlib.h> |
| 24 #include <string.h> | 24 #include <string.h> |
| 25 #include <sys/ioctl.h> | 25 #include <sys/ioctl.h> |
| 26 #include <sys/ipc.h> | 26 #include <sys/ipc.h> |
| 27 #include <sys/mman.h> | 27 #include <sys/mman.h> |
| 28 #include <sys/prctl.h> | 28 #include <sys/prctl.h> |
| 29 #include <sys/shm.h> | |
| 30 #include <sys/stat.h> | 29 #include <sys/stat.h> |
| 31 #include <sys/types.h> | 30 #include <sys/types.h> |
| 32 #include <sys/uio.h> | 31 #include <sys/uio.h> |
| 33 #include <sys/wait.h> | 32 #include <sys/wait.h> |
| 34 #include <time.h> | 33 #include <time.h> |
| 35 #include <unistd.h> | 34 #include <unistd.h> |
| 36 | 35 |
| 37 #include <algorithm> | 36 #include <algorithm> |
| 38 #include <limits> | 37 #include <limits> |
| 39 #include <map> | 38 #include <map> |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 51 #if !defined(SECCOMP_BPF_STANDALONE) | 50 #if !defined(SECCOMP_BPF_STANDALONE) |
| 52 #include "base/third_party/valgrind/valgrind.h" | 51 #include "base/third_party/valgrind/valgrind.h" |
| 53 #endif | 52 #endif |
| 54 #endif | 53 #endif |
| 55 | 54 |
| 56 | 55 |
| 57 // The Seccomp2 kernel ABI is not part of older versions of glibc. | 56 // The Seccomp2 kernel ABI is not part of older versions of glibc. |
| 58 // As we can't break compilation with these versions of the library, | 57 // As we can't break compilation with these versions of the library, |
| 59 // we explicitly define all missing symbols. | 58 // we explicitly define all missing symbols. |
| 60 | 59 |
| 60 // For audit.h | |
|
Markus (顧孟勤)
2012/12/18 23:20:48
This is all generally fine, and I don't have a pro
jln (very slow on Chromium)
2012/12/18 23:24:55
Done.
| |
| 61 #ifndef EM_ARM | |
| 62 #define EM_ARM 40 | |
| 63 #endif | |
| 64 #ifndef EM_386 | |
| 65 #define EM_386 3 | |
| 66 #endif | |
| 67 #ifndef EM_X86_64 | |
| 68 #define EM_X86_64 62 | |
| 69 #endif | |
| 70 | |
| 71 #ifndef __AUDIT_ARCH_64BIT | |
| 72 #define __AUDIT_ARCH_64BIT 0x80000000 | |
| 73 #endif | |
| 74 #ifndef __AUDIT_ARCH_LE | |
| 75 #define __AUDIT_ARCH_LE 0x40000000 | |
| 76 #endif | |
| 77 #ifndef AUDIT_ARCH_ARM | |
| 78 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) | |
| 79 #endif | |
| 80 #ifndef AUDIT_ARCH_I386 | |
| 81 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) | |
| 82 #endif | |
| 83 #ifndef AUDIT_ARCH_X86_64 | |
| 84 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) | |
| 85 #endif | |
| 86 | |
| 87 // For prctl.h | |
| 61 #ifndef PR_SET_NO_NEW_PRIVS | 88 #ifndef PR_SET_NO_NEW_PRIVS |
| 62 #define PR_SET_NO_NEW_PRIVS 38 | 89 #define PR_SET_NO_NEW_PRIVS 38 |
| 63 #define PR_GET_NO_NEW_PRIVS 39 | 90 #define PR_GET_NO_NEW_PRIVS 39 |
| 64 #endif | 91 #endif |
| 65 #ifndef IPC_64 | 92 #ifndef IPC_64 |
| 66 #define IPC_64 0x0100 | 93 #define IPC_64 0x0100 |
| 67 #endif | 94 #endif |
| 68 | 95 |
| 69 // In order to build will older tool chains, we currently have to avoid | 96 // In order to build will older tool chains, we currently have to avoid |
| 70 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on | 97 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 158 // ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|, | 185 // ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|, |
| 159 // and a "ghost syscall private to the kernel", cmpxchg, | 186 // and a "ghost syscall private to the kernel", cmpxchg, |
| 160 // at |__ARM_NR_BASE+0x00fff0|. | 187 // at |__ARM_NR_BASE+0x00fff0|. |
| 161 // See </arch/arm/include/asm/unistd.h> in the Linux kernel. | 188 // See </arch/arm/include/asm/unistd.h> in the Linux kernel. |
| 162 #define MIN_SYSCALL ((unsigned int)__NR_SYSCALL_BASE) | 189 #define MIN_SYSCALL ((unsigned int)__NR_SYSCALL_BASE) |
| 163 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + 1024u) | 190 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + 1024u) |
| 164 #define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE) | 191 #define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE) |
| 165 #define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u) | 192 #define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u) |
| 166 #define MIN_GHOST_SYSCALL ((unsigned int)__ARM_NR_BASE + 0xfff0u) | 193 #define MIN_GHOST_SYSCALL ((unsigned int)__ARM_NR_BASE + 0xfff0u) |
| 167 #define MAX_SYSCALL (MIN_GHOST_SYSCALL + 4u) | 194 #define MAX_SYSCALL (MIN_GHOST_SYSCALL + 4u) |
| 168 // <linux/audit.h> includes <linux/elf-em.h>, which does not define EM_ARM. | 195 |
| 169 // <linux/elf.h> only includes <asm/elf.h> if we're in the kernel. | |
| 170 # if !defined(EM_ARM) | |
| 171 # define EM_ARM 40 | |
| 172 # endif | |
| 173 #define SECCOMP_ARCH AUDIT_ARCH_ARM | 196 #define SECCOMP_ARCH AUDIT_ARCH_ARM |
| 174 | 197 |
| 175 // ARM sigcontext_t is different from i386/x86_64. | 198 // ARM sigcontext_t is different from i386/x86_64. |
| 176 // See </arch/arm/include/asm/sigcontext.h> in the Linux kernel. | 199 // See </arch/arm/include/asm/sigcontext.h> in the Linux kernel. |
| 177 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.arm_##_reg) | 200 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.arm_##_reg) |
| 178 // ARM EABI syscall convention. | 201 // ARM EABI syscall convention. |
| 179 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, r0) | 202 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, r0) |
| 180 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, r7) | 203 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, r7) |
| 181 #define SECCOMP_IP(_ctx) SECCOMP_REG(_ctx, pc) | 204 #define SECCOMP_IP(_ctx) SECCOMP_REG(_ctx, pc) |
| 182 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, r0) | 205 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, r0) |
| (...skipping 271 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 454 static size_t trap_array_size_; | 477 static size_t trap_array_size_; |
| 455 static bool has_unsafe_traps_; | 478 static bool has_unsafe_traps_; |
| 456 static Conds conds_; | 479 static Conds conds_; |
| 457 | 480 |
| 458 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); | 481 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); |
| 459 }; | 482 }; |
| 460 | 483 |
| 461 } // namespace | 484 } // namespace |
| 462 | 485 |
| 463 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ | 486 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ |
| OLD | NEW |
