| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| 7 | 7 |
| 8 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" | 8 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" |
| 9 #include "sandbox/linux/seccomp-bpf/trap.h" | 9 #include "sandbox/linux/seccomp-bpf/trap.h" |
| 10 | 10 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 // completely arbitrary. But we want to pick it so that is is unlikely | 27 // completely arbitrary. But we want to pick it so that is is unlikely |
| 28 // to be passed in accidentally, when the user intended to return an | 28 // to be passed in accidentally, when the user intended to return an |
| 29 // "errno" (see below) value instead. | 29 // "errno" (see below) value instead. |
| 30 ERR_ALLOWED = 0x04000000, | 30 ERR_ALLOWED = 0x04000000, |
| 31 | 31 |
| 32 // Deny the system call with a particular "errno" value. | 32 // Deny the system call with a particular "errno" value. |
| 33 // N.B.: It is also possible to return "0" here. That would normally | 33 // N.B.: It is also possible to return "0" here. That would normally |
| 34 // indicate success, but it won't actually run the system call. | 34 // indicate success, but it won't actually run the system call. |
| 35 // This is very different from return ERR_ALLOWED. | 35 // This is very different from return ERR_ALLOWED. |
| 36 ERR_MIN_ERRNO = 0, | 36 ERR_MIN_ERRNO = 0, |
| 37 // TODO(markus): Android only supports errno up to 255 |
| 38 // (crbug.com/181647). |
| 37 ERR_MAX_ERRNO = 4095, | 39 ERR_MAX_ERRNO = 4095, |
| 38 }; | 40 }; |
| 39 | 41 |
| 40 // While BPF filter programs always operate on 32bit quantities, the kernel | 42 // While BPF filter programs always operate on 32bit quantities, the kernel |
| 41 // always sees system call arguments as 64bit values. This statement is true | 43 // always sees system call arguments as 64bit values. This statement is true |
| 42 // no matter whether the host system is natively operating in 32bit or 64bit. | 44 // no matter whether the host system is natively operating in 32bit or 64bit. |
| 43 // The BPF compiler hides the fact that BPF instructions cannot directly | 45 // The BPF compiler hides the fact that BPF instructions cannot directly |
| 44 // access 64bit quantities. But policies are still advised to specify whether | 46 // access 64bit quantities. But policies are still advised to specify whether |
| 45 // a system call expects a 32bit or a 64bit quantity. | 47 // a system call expects a 32bit or a 64bit quantity. |
| 46 enum ArgType { | 48 enum ArgType { |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 181 // 32bit field used for all possible types of ErrorCode values. This is | 183 // 32bit field used for all possible types of ErrorCode values. This is |
| 182 // the value that uniquely identifies any ErrorCode and it (typically) can | 184 // the value that uniquely identifies any ErrorCode and it (typically) can |
| 183 // be emitted directly into a BPF filter program. | 185 // be emitted directly into a BPF filter program. |
| 184 uint32_t err_; | 186 uint32_t err_; |
| 185 | 187 |
| 186 }; | 188 }; |
| 187 | 189 |
| 188 } // namespace | 190 } // namespace |
| 189 | 191 |
| 190 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 192 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12638015:
Android sandbox: workaround for restricted errno values. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src