| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 #include "sandbox/linux/services/linux_syscalls.h" | 8 #include "sandbox/linux/services/linux_syscalls.h" |
| 9 | 9 |
| 10 namespace sandbox { | 10 namespace sandbox { |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 return true; | 22 return true; |
| 23 default: | 23 default: |
| 24 return false; | 24 return false; |
| 25 } | 25 } |
| 26 } | 26 } |
| 27 | 27 |
| 28 bool SyscallSets::IsAllowedGettime(int sysno) { | 28 bool SyscallSets::IsAllowedGettime(int sysno) { |
| 29 switch (sysno) { | 29 switch (sysno) { |
| 30 case __NR_clock_gettime: | 30 case __NR_clock_gettime: |
| 31 case __NR_gettimeofday: | 31 case __NR_gettimeofday: |
| 32 #if defined(__i386__) || defined(__x86_64__) | 32 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 33 case __NR_time: | 33 case __NR_time: |
| 34 #endif | 34 #endif |
| 35 return true; | 35 return true; |
| 36 case __NR_adjtimex: // Privileged. | 36 case __NR_adjtimex: // Privileged. |
| 37 case __NR_clock_adjtime: // Privileged. | 37 case __NR_clock_adjtime: // Privileged. |
| 38 case __NR_clock_getres: // Could be allowed. | 38 case __NR_clock_getres: // Could be allowed. |
| 39 case __NR_clock_nanosleep: // Could be allowed. | 39 case __NR_clock_nanosleep: // Could be allowed. |
| 40 case __NR_clock_settime: // Privileged. | 40 case __NR_clock_settime: // Privileged. |
| 41 #if defined(__i386__) | 41 #if defined(__i386__) || defined(__mips__) |
| 42 case __NR_ftime: // Obsolete. | 42 case __NR_ftime: // Obsolete. |
| 43 #endif | 43 #endif |
| 44 case __NR_settimeofday: // Privileged. | 44 case __NR_settimeofday: // Privileged. |
| 45 #if defined(__i386__) | 45 #if defined(__i386__) || defined(__mips__) |
| 46 case __NR_stime: | 46 case __NR_stime: |
| 47 #endif | 47 #endif |
| 48 default: | 48 default: |
| 49 return false; | 49 return false; |
| 50 } | 50 } |
| 51 } | 51 } |
| 52 | 52 |
| 53 bool SyscallSets::IsCurrentDirectory(int sysno) { | 53 bool SyscallSets::IsCurrentDirectory(int sysno) { |
| 54 switch (sysno) { | 54 switch (sysno) { |
| 55 case __NR_getcwd: | 55 case __NR_getcwd: |
| (...skipping 26 matching lines...) Expand all Loading... |
| 82 #if defined(__i386__) || defined(__arm__) | 82 #if defined(__i386__) || defined(__arm__) |
| 83 case __NR_chown32: | 83 case __NR_chown32: |
| 84 #endif | 84 #endif |
| 85 case __NR_creat: | 85 case __NR_creat: |
| 86 case __NR_execve: | 86 case __NR_execve: |
| 87 case __NR_faccessat: // EPERM not a valid errno. | 87 case __NR_faccessat: // EPERM not a valid errno. |
| 88 case __NR_fchmodat: | 88 case __NR_fchmodat: |
| 89 case __NR_fchownat: // Should be called chownat ? | 89 case __NR_fchownat: // Should be called chownat ? |
| 90 #if defined(__x86_64__) | 90 #if defined(__x86_64__) |
| 91 case __NR_newfstatat: // fstatat(). EPERM not a valid errno. | 91 case __NR_newfstatat: // fstatat(). EPERM not a valid errno. |
| 92 #elif defined(__i386__) || defined(__arm__) | 92 #elif defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 93 case __NR_fstatat64: | 93 case __NR_fstatat64: |
| 94 #endif | 94 #endif |
| 95 case __NR_futimesat: // Should be called utimesat ? | 95 case __NR_futimesat: // Should be called utimesat ? |
| 96 case __NR_lchown: | 96 case __NR_lchown: |
| 97 #if defined(__i386__) || defined(__arm__) | 97 #if defined(__i386__) || defined(__arm__) |
| 98 case __NR_lchown32: | 98 case __NR_lchown32: |
| 99 #endif | 99 #endif |
| 100 case __NR_link: | 100 case __NR_link: |
| 101 case __NR_linkat: | 101 case __NR_linkat: |
| 102 case __NR_lookup_dcookie: // ENOENT not a valid errno. | 102 case __NR_lookup_dcookie: // ENOENT not a valid errno. |
| 103 case __NR_lstat: // EPERM not a valid errno. | 103 case __NR_lstat: // EPERM not a valid errno. |
| 104 #if defined(__i386__) | 104 #if defined(__i386__) |
| 105 case __NR_oldlstat: | 105 case __NR_oldlstat: |
| 106 #endif | 106 #endif |
| 107 #if defined(__i386__) || defined(__arm__) | 107 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 108 case __NR_lstat64: | 108 case __NR_lstat64: |
| 109 #endif | 109 #endif |
| 110 case __NR_mkdir: | 110 case __NR_mkdir: |
| 111 case __NR_mkdirat: | 111 case __NR_mkdirat: |
| 112 case __NR_mknod: | 112 case __NR_mknod: |
| 113 case __NR_mknodat: | 113 case __NR_mknodat: |
| 114 case __NR_open: | 114 case __NR_open: |
| 115 case __NR_openat: | 115 case __NR_openat: |
| 116 case __NR_readlink: // EPERM not a valid errno. | 116 case __NR_readlink: // EPERM not a valid errno. |
| 117 case __NR_readlinkat: | 117 case __NR_readlinkat: |
| 118 case __NR_rename: | 118 case __NR_rename: |
| 119 case __NR_renameat: | 119 case __NR_renameat: |
| 120 case __NR_rmdir: | 120 case __NR_rmdir: |
| 121 case __NR_stat: // EPERM not a valid errno. | 121 case __NR_stat: // EPERM not a valid errno. |
| 122 #if defined(__i386__) | 122 #if defined(__i386__) |
| 123 case __NR_oldstat: | 123 case __NR_oldstat: |
| 124 #endif | 124 #endif |
| 125 #if defined(__i386__) || defined(__arm__) | 125 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 126 case __NR_stat64: | 126 case __NR_stat64: |
| 127 #endif | 127 #endif |
| 128 case __NR_statfs: // EPERM not a valid errno. | 128 case __NR_statfs: // EPERM not a valid errno. |
| 129 #if defined(__i386__) || defined(__arm__) | 129 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 130 case __NR_statfs64: | 130 case __NR_statfs64: |
| 131 #endif | 131 #endif |
| 132 case __NR_symlink: | 132 case __NR_symlink: |
| 133 case __NR_symlinkat: | 133 case __NR_symlinkat: |
| 134 case __NR_truncate: | 134 case __NR_truncate: |
| 135 #if defined(__i386__) || defined(__arm__) | 135 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 136 case __NR_truncate64: | 136 case __NR_truncate64: |
| 137 #endif | 137 #endif |
| 138 case __NR_unlink: | 138 case __NR_unlink: |
| 139 case __NR_unlinkat: | 139 case __NR_unlinkat: |
| 140 case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno. | 140 case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno. |
| 141 case __NR_ustat: // Same as above. Deprecated. | 141 case __NR_ustat: // Same as above. Deprecated. |
| 142 #if defined(__i386__) || defined(__x86_64__) | 142 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 143 case __NR_utime: | 143 case __NR_utime: |
| 144 #endif | 144 #endif |
| 145 case __NR_utimensat: // New. | 145 case __NR_utimensat: // New. |
| 146 case __NR_utimes: | 146 case __NR_utimes: |
| 147 return true; | 147 return true; |
| 148 default: | 148 default: |
| 149 return false; | 149 return false; |
| 150 } | 150 } |
| 151 } | 151 } |
| 152 | 152 |
| 153 bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) { | 153 bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) { |
| 154 switch (sysno) { | 154 switch (sysno) { |
| 155 case __NR_fstat: | 155 case __NR_fstat: |
| 156 #if defined(__i386__) || defined(__arm__) | 156 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 157 case __NR_fstat64: | 157 case __NR_fstat64: |
| 158 #endif | 158 #endif |
| 159 return true; | 159 return true; |
| 160 // TODO(jln): these should be denied gracefully as well (moved below). | 160 // TODO(jln): these should be denied gracefully as well (moved below). |
| 161 #if defined(__i386__) || defined(__x86_64__) | 161 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 162 case __NR_fadvise64: // EPERM not a valid errno. | 162 case __NR_fadvise64: // EPERM not a valid errno. |
| 163 #endif | 163 #endif |
| 164 #if defined(__i386__) | 164 #if defined(__i386__) |
| 165 case __NR_fadvise64_64: | 165 case __NR_fadvise64_64: |
| 166 #endif | 166 #endif |
| 167 #if defined(__arm__) | 167 #if defined(__arm__) |
| 168 case __NR_arm_fadvise64_64: | 168 case __NR_arm_fadvise64_64: |
| 169 #endif | 169 #endif |
| 170 case __NR_fdatasync: // EPERM not a valid errno. | 170 case __NR_fdatasync: // EPERM not a valid errno. |
| 171 case __NR_flock: // EPERM not a valid errno. | 171 case __NR_flock: // EPERM not a valid errno. |
| 172 case __NR_fstatfs: // Give information about the whole filesystem. | 172 case __NR_fstatfs: // Give information about the whole filesystem. |
| 173 #if defined(__i386__) || defined(__arm__) | 173 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 174 case __NR_fstatfs64: | 174 case __NR_fstatfs64: |
| 175 #endif | 175 #endif |
| 176 case __NR_fsync: // EPERM not a valid errno. | 176 case __NR_fsync: // EPERM not a valid errno. |
| 177 #if defined(__i386__) | 177 #if defined(__i386__) |
| 178 case __NR_oldfstat: | 178 case __NR_oldfstat: |
| 179 #endif | 179 #endif |
| 180 #if defined(__i386__) || defined(__x86_64__) | 180 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 181 case __NR_sync_file_range: // EPERM not a valid errno. | 181 case __NR_sync_file_range: // EPERM not a valid errno. |
| 182 #elif defined(__arm__) | 182 #elif defined(__arm__) |
| 183 case __NR_arm_sync_file_range: // EPERM not a valid errno. | 183 case __NR_arm_sync_file_range: // EPERM not a valid errno. |
| 184 #endif | 184 #endif |
| 185 default: | 185 default: |
| 186 return false; | 186 return false; |
| 187 } | 187 } |
| 188 } | 188 } |
| 189 | 189 |
| 190 // EPERM is a good errno for any of these. | 190 // EPERM is a good errno for any of these. |
| 191 bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) { | 191 bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) { |
| 192 switch (sysno) { | 192 switch (sysno) { |
| 193 case __NR_fallocate: | 193 case __NR_fallocate: |
| 194 case __NR_fchmod: | 194 case __NR_fchmod: |
| 195 case __NR_fchown: | 195 case __NR_fchown: |
| 196 case __NR_ftruncate: | 196 case __NR_ftruncate: |
| 197 #if defined(__i386__) || defined(__arm__) | 197 #if defined(__i386__) || defined(__arm__) |
| 198 case __NR_fchown32: | 198 case __NR_fchown32: |
| 199 #endif |
| 200 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 199 case __NR_ftruncate64: | 201 case __NR_ftruncate64: |
| 200 #endif | 202 #endif |
| 201 case __NR_getdents: // EPERM not a valid errno. | 203 case __NR_getdents: // EPERM not a valid errno. |
| 202 case __NR_getdents64: // EPERM not a valid errno. | 204 case __NR_getdents64: // EPERM not a valid errno. |
| 203 #if defined(__i386__) | 205 #if defined(__i386__) || defined(__mips__) |
| 204 case __NR_readdir: | 206 case __NR_readdir: |
| 205 #endif | 207 #endif |
| 206 return true; | 208 return true; |
| 207 default: | 209 default: |
| 208 return false; | 210 return false; |
| 209 } | 211 } |
| 210 } | 212 } |
| 211 | 213 |
| 212 bool SyscallSets::IsGetSimpleId(int sysno) { | 214 bool SyscallSets::IsGetSimpleId(int sysno) { |
| 213 switch (sysno) { | 215 switch (sysno) { |
| (...skipping 20 matching lines...) Expand all Loading... |
| 234 #endif | 236 #endif |
| 235 return true; | 237 return true; |
| 236 default: | 238 default: |
| 237 return false; | 239 return false; |
| 238 } | 240 } |
| 239 } | 241 } |
| 240 | 242 |
| 241 bool SyscallSets::IsProcessPrivilegeChange(int sysno) { | 243 bool SyscallSets::IsProcessPrivilegeChange(int sysno) { |
| 242 switch (sysno) { | 244 switch (sysno) { |
| 243 case __NR_capset: | 245 case __NR_capset: |
| 244 #if defined(__i386__) || defined(__x86_64__) | 246 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 245 case __NR_ioperm: // Intel privilege. | 247 case __NR_ioperm: // Intel privilege. |
| 246 case __NR_iopl: // Intel privilege. | 248 case __NR_iopl: // Intel privilege. |
| 247 #endif | 249 #endif |
| 248 case __NR_setfsgid: | 250 case __NR_setfsgid: |
| 249 case __NR_setfsuid: | 251 case __NR_setfsuid: |
| 250 case __NR_setgid: | 252 case __NR_setgid: |
| 251 case __NR_setgroups: | 253 case __NR_setgroups: |
| 252 case __NR_setregid: | 254 case __NR_setregid: |
| 253 case __NR_setresgid: | 255 case __NR_setresgid: |
| 254 case __NR_setresuid: | 256 case __NR_setresuid: |
| (...skipping 26 matching lines...) Expand all Loading... |
| 281 default: | 283 default: |
| 282 return false; | 284 return false; |
| 283 } | 285 } |
| 284 } | 286 } |
| 285 | 287 |
| 286 bool SyscallSets::IsAllowedSignalHandling(int sysno) { | 288 bool SyscallSets::IsAllowedSignalHandling(int sysno) { |
| 287 switch (sysno) { | 289 switch (sysno) { |
| 288 case __NR_rt_sigaction: | 290 case __NR_rt_sigaction: |
| 289 case __NR_rt_sigprocmask: | 291 case __NR_rt_sigprocmask: |
| 290 case __NR_rt_sigreturn: | 292 case __NR_rt_sigreturn: |
| 291 #if defined(__i386__) || defined(__arm__) | 293 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 292 case __NR_sigaction: | 294 case __NR_sigaction: |
| 293 case __NR_sigprocmask: | 295 case __NR_sigprocmask: |
| 294 case __NR_sigreturn: | 296 case __NR_sigreturn: |
| 295 #endif | 297 #endif |
| 296 return true; | 298 return true; |
| 297 case __NR_rt_sigpending: | 299 case __NR_rt_sigpending: |
| 298 case __NR_rt_sigqueueinfo: | 300 case __NR_rt_sigqueueinfo: |
| 299 case __NR_rt_sigsuspend: | 301 case __NR_rt_sigsuspend: |
| 300 case __NR_rt_sigtimedwait: | 302 case __NR_rt_sigtimedwait: |
| 301 case __NR_rt_tgsigqueueinfo: | 303 case __NR_rt_tgsigqueueinfo: |
| 302 case __NR_signalfd: | 304 case __NR_signalfd: |
| 303 case __NR_signalfd4: | 305 case __NR_signalfd4: |
| 304 #if defined(__i386__) || defined(__arm__) | 306 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 305 case __NR_sigpending: | 307 case __NR_sigpending: |
| 306 case __NR_sigsuspend: | 308 case __NR_sigsuspend: |
| 307 #endif | 309 #endif |
| 308 #if defined(__i386__) | 310 #if defined(__i386__) || defined(__mips__) |
| 309 case __NR_signal: | 311 case __NR_signal: |
| 310 case __NR_sgetmask: // Obsolete. | 312 case __NR_sgetmask: // Obsolete. |
| 311 case __NR_ssetmask: | 313 case __NR_ssetmask: |
| 312 #endif | 314 #endif |
| 313 default: | 315 default: |
| 314 return false; | 316 return false; |
| 315 } | 317 } |
| 316 } | 318 } |
| 317 | 319 |
| 318 bool SyscallSets::IsAllowedOperationOnFd(int sysno) { | 320 bool SyscallSets::IsAllowedOperationOnFd(int sysno) { |
| 319 switch (sysno) { | 321 switch (sysno) { |
| 320 case __NR_close: | 322 case __NR_close: |
| 321 case __NR_dup: | 323 case __NR_dup: |
| 322 case __NR_dup2: | 324 case __NR_dup2: |
| 323 case __NR_dup3: | 325 case __NR_dup3: |
| 324 #if defined(__x86_64__) || defined(__arm__) | 326 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 325 case __NR_shutdown: | 327 case __NR_shutdown: |
| 326 #endif | 328 #endif |
| 327 return true; | 329 return true; |
| 328 case __NR_fcntl: | 330 case __NR_fcntl: |
| 329 #if defined(__i386__) || defined(__arm__) | 331 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 330 case __NR_fcntl64: | 332 case __NR_fcntl64: |
| 331 #endif | 333 #endif |
| 332 default: | 334 default: |
| 333 return false; | 335 return false; |
| 334 } | 336 } |
| 335 } | 337 } |
| 336 | 338 |
| 337 bool SyscallSets::IsKernelInternalApi(int sysno) { | 339 bool SyscallSets::IsKernelInternalApi(int sysno) { |
| 338 switch (sysno) { | 340 switch (sysno) { |
| 339 case __NR_restart_syscall: | 341 case __NR_restart_syscall: |
| (...skipping 15 matching lines...) Expand all Loading... |
| 355 case __NR_wait4: | 357 case __NR_wait4: |
| 356 case __NR_waitid: | 358 case __NR_waitid: |
| 357 #if defined(__i386__) | 359 #if defined(__i386__) |
| 358 case __NR_waitpid: | 360 case __NR_waitpid: |
| 359 #endif | 361 #endif |
| 360 return true; | 362 return true; |
| 361 case __NR_setns: // Privileged. | 363 case __NR_setns: // Privileged. |
| 362 case __NR_fork: | 364 case __NR_fork: |
| 363 #if defined(__i386__) || defined(__x86_64__) | 365 #if defined(__i386__) || defined(__x86_64__) |
| 364 case __NR_get_thread_area: | 366 case __NR_get_thread_area: |
| 367 #endif |
| 368 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 365 case __NR_set_thread_area: | 369 case __NR_set_thread_area: |
| 366 #endif | 370 #endif |
| 367 case __NR_set_tid_address: | 371 case __NR_set_tid_address: |
| 368 case __NR_unshare: | 372 case __NR_unshare: |
| 373 #if !defined(__mips__) |
| 369 case __NR_vfork: | 374 case __NR_vfork: |
| 375 #endif |
| 370 default: | 376 default: |
| 371 return false; | 377 return false; |
| 372 } | 378 } |
| 373 } | 379 } |
| 374 | 380 |
| 375 // It's difficult to restrict those, but there is attack surface here. | 381 // It's difficult to restrict those, but there is attack surface here. |
| 376 bool SyscallSets::IsFutex(int sysno) { | 382 bool SyscallSets::IsFutex(int sysno) { |
| 377 switch (sysno) { | 383 switch (sysno) { |
| 378 case __NR_futex: | 384 case __NR_futex: |
| 379 case __NR_get_robust_list: | 385 case __NR_get_robust_list: |
| (...skipping 22 matching lines...) Expand all Loading... |
| 402 return false; | 408 return false; |
| 403 } | 409 } |
| 404 } | 410 } |
| 405 | 411 |
| 406 bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) { | 412 bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) { |
| 407 switch (sysno) { | 413 switch (sysno) { |
| 408 case __NR_pipe: | 414 case __NR_pipe: |
| 409 case __NR_pipe2: | 415 case __NR_pipe2: |
| 410 return true; | 416 return true; |
| 411 default: | 417 default: |
| 412 #if defined(__x86_64__) || defined(__arm__) | 418 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 413 case __NR_socketpair: // We will want to inspect its argument. | 419 case __NR_socketpair: // We will want to inspect its argument. |
| 414 #endif | 420 #endif |
| 415 return false; | 421 return false; |
| 416 } | 422 } |
| 417 } | 423 } |
| 418 | 424 |
| 419 bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) { | 425 bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) { |
| 420 switch (sysno) { | 426 switch (sysno) { |
| 421 #if defined(__x86_64__) || defined(__arm__) | 427 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 422 case __NR_accept: | 428 case __NR_accept: |
| 423 case __NR_accept4: | 429 case __NR_accept4: |
| 424 case __NR_bind: | 430 case __NR_bind: |
| 425 case __NR_connect: | 431 case __NR_connect: |
| 426 case __NR_socket: | 432 case __NR_socket: |
| 427 case __NR_listen: | 433 case __NR_listen: |
| 428 return true; | 434 return true; |
| 429 #endif | 435 #endif |
| 430 default: | 436 default: |
| 431 return false; | 437 return false; |
| 432 } | 438 } |
| 433 } | 439 } |
| 434 | 440 |
| 435 #if defined(__i386__) | 441 #if defined(__i386__) || defined(__mips__) |
| 436 // Big multiplexing system call for sockets. | 442 // Big multiplexing system call for sockets. |
| 437 bool SyscallSets::IsSocketCall(int sysno) { | 443 bool SyscallSets::IsSocketCall(int sysno) { |
| 438 switch (sysno) { | 444 switch (sysno) { |
| 439 case __NR_socketcall: | 445 case __NR_socketcall: |
| 440 return true; | 446 return true; |
| 441 default: | 447 default: |
| 442 return false; | 448 return false; |
| 443 } | 449 } |
| 444 } | 450 } |
| 445 #endif | 451 #endif |
| 446 | 452 |
| 447 #if defined(__x86_64__) || defined(__arm__) | 453 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 448 bool SyscallSets::IsNetworkSocketInformation(int sysno) { | 454 bool SyscallSets::IsNetworkSocketInformation(int sysno) { |
| 449 switch (sysno) { | 455 switch (sysno) { |
| 450 case __NR_getpeername: | 456 case __NR_getpeername: |
| 451 case __NR_getsockname: | 457 case __NR_getsockname: |
| 452 case __NR_getsockopt: | 458 case __NR_getsockopt: |
| 453 case __NR_setsockopt: | 459 case __NR_setsockopt: |
| 454 return true; | 460 return true; |
| 455 default: | 461 default: |
| 456 return false; | 462 return false; |
| 457 } | 463 } |
| 458 } | 464 } |
| 459 #endif | 465 #endif |
| 460 | 466 |
| 461 bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { | 467 bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { |
| 462 switch (sysno) { | 468 switch (sysno) { |
| 463 case __NR_brk: | 469 case __NR_brk: |
| 464 case __NR_mlock: | 470 case __NR_mlock: |
| 465 case __NR_munlock: | 471 case __NR_munlock: |
| 466 case __NR_munmap: | 472 case __NR_munmap: |
| 467 return true; | 473 return true; |
| 468 case __NR_madvise: | 474 case __NR_madvise: |
| 469 case __NR_mincore: | 475 case __NR_mincore: |
| 470 case __NR_mlockall: | 476 case __NR_mlockall: |
| 471 #if defined(__i386__) || defined(__x86_64__) | 477 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 472 case __NR_mmap: | 478 case __NR_mmap: |
| 473 #endif | 479 #endif |
| 474 #if defined(__i386__) || defined(__arm__) | 480 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 475 case __NR_mmap2: | 481 case __NR_mmap2: |
| 476 #endif | 482 #endif |
| 477 #if defined(__i386__) || defined(__x86_64__) | 483 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 478 case __NR_modify_ldt: | 484 case __NR_modify_ldt: |
| 479 #endif | 485 #endif |
| 480 case __NR_mprotect: | 486 case __NR_mprotect: |
| 481 case __NR_mremap: | 487 case __NR_mremap: |
| 482 case __NR_msync: | 488 case __NR_msync: |
| 483 case __NR_munlockall: | 489 case __NR_munlockall: |
| 484 case __NR_readahead: | 490 case __NR_readahead: |
| 485 case __NR_remap_file_pages: | 491 case __NR_remap_file_pages: |
| 492 #if defined(__i386__) || defined(__mips__) |
| 493 case __NR_vm86: |
| 494 #endif |
| 486 #if defined(__i386__) | 495 #if defined(__i386__) |
| 487 case __NR_vm86: | |
| 488 case __NR_vm86old: | 496 case __NR_vm86old: |
| 489 #endif | 497 #endif |
| 490 default: | 498 default: |
| 491 return false; | 499 return false; |
| 492 } | 500 } |
| 493 } | 501 } |
| 494 | 502 |
| 495 bool SyscallSets::IsAllowedGeneralIo(int sysno) { | 503 bool SyscallSets::IsAllowedGeneralIo(int sysno) { |
| 496 switch (sysno) { | 504 switch (sysno) { |
| 497 case __NR_lseek: | 505 case __NR_lseek: |
| 498 #if defined(__i386__) || defined(__arm__) | 506 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 499 case __NR__llseek: | 507 case __NR__llseek: |
| 500 #endif | 508 #endif |
| 501 case __NR_poll: | 509 case __NR_poll: |
| 502 case __NR_ppoll: | 510 case __NR_ppoll: |
| 503 case __NR_pselect6: | 511 case __NR_pselect6: |
| 504 case __NR_read: | 512 case __NR_read: |
| 505 case __NR_readv: | 513 case __NR_readv: |
| 506 #if defined(__arm__) | 514 #if defined(__arm__) || defined(__mips__) |
| 507 case __NR_recv: | 515 case __NR_recv: |
| 508 #endif | 516 #endif |
| 509 #if defined(__x86_64__) || defined(__arm__) | 517 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 510 case __NR_recvfrom: // Could specify source. | 518 case __NR_recvfrom: // Could specify source. |
| 511 case __NR_recvmsg: // Could specify source. | 519 case __NR_recvmsg: // Could specify source. |
| 512 #endif | 520 #endif |
| 513 #if defined(__i386__) || defined(__x86_64__) | 521 #if defined(__i386__) || defined(__x86_64__) |
| 514 case __NR_select: | 522 case __NR_select: |
| 515 #endif | 523 #endif |
| 516 #if defined(__i386__) || defined(__arm__) | 524 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 517 case __NR__newselect: | 525 case __NR__newselect: |
| 518 #endif | 526 #endif |
| 519 #if defined(__arm__) | 527 #if defined(__arm__) |
| 520 case __NR_send: | 528 case __NR_send: |
| 521 #endif | 529 #endif |
| 522 #if defined(__x86_64__) || defined(__arm__) | 530 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 523 case __NR_sendmsg: // Could specify destination. | 531 case __NR_sendmsg: // Could specify destination. |
| 524 case __NR_sendto: // Could specify destination. | 532 case __NR_sendto: // Could specify destination. |
| 525 #endif | 533 #endif |
| 526 case __NR_write: | 534 case __NR_write: |
| 527 case __NR_writev: | 535 case __NR_writev: |
| 528 return true; | 536 return true; |
| 529 case __NR_ioctl: // Can be very powerful. | 537 case __NR_ioctl: // Can be very powerful. |
| 530 case __NR_pread64: | 538 case __NR_pread64: |
| 531 case __NR_preadv: | 539 case __NR_preadv: |
| 532 case __NR_pwrite64: | 540 case __NR_pwrite64: |
| 533 case __NR_pwritev: | 541 case __NR_pwritev: |
| 534 case __NR_recvmmsg: // Could specify source. | 542 case __NR_recvmmsg: // Could specify source. |
| 535 case __NR_sendfile: | 543 case __NR_sendfile: |
| 536 #if defined(__i386__) || defined(__arm__) | 544 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 537 case __NR_sendfile64: | 545 case __NR_sendfile64: |
| 538 #endif | 546 #endif |
| 539 case __NR_sendmmsg: // Could specify destination. | 547 case __NR_sendmmsg: // Could specify destination. |
| 540 case __NR_splice: | 548 case __NR_splice: |
| 541 case __NR_tee: | 549 case __NR_tee: |
| 542 case __NR_vmsplice: | 550 case __NR_vmsplice: |
| 543 default: | 551 default: |
| 544 return false; | 552 return false; |
| 545 } | 553 } |
| 546 } | 554 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 557 } | 565 } |
| 558 } | 566 } |
| 559 | 567 |
| 560 bool SyscallSets::IsAllowedBasicScheduler(int sysno) { | 568 bool SyscallSets::IsAllowedBasicScheduler(int sysno) { |
| 561 switch (sysno) { | 569 switch (sysno) { |
| 562 case __NR_sched_yield: | 570 case __NR_sched_yield: |
| 563 case __NR_pause: | 571 case __NR_pause: |
| 564 case __NR_nanosleep: | 572 case __NR_nanosleep: |
| 565 return true; | 573 return true; |
| 566 case __NR_getpriority: | 574 case __NR_getpriority: |
| 567 #if defined(__i386__) || defined(__arm__) | 575 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 568 case __NR_nice: | 576 case __NR_nice: |
| 569 #endif | 577 #endif |
| 570 case __NR_setpriority: | 578 case __NR_setpriority: |
| 571 default: | 579 default: |
| 572 return false; | 580 return false; |
| 573 } | 581 } |
| 574 } | 582 } |
| 575 | 583 |
| 576 bool SyscallSets::IsAdminOperation(int sysno) { | 584 bool SyscallSets::IsAdminOperation(int sysno) { |
| 577 switch (sysno) { | 585 switch (sysno) { |
| 578 #if defined(__i386__) || defined(__arm__) | 586 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 579 case __NR_bdflush: | 587 case __NR_bdflush: |
| 580 #endif | 588 #endif |
| 581 case __NR_kexec_load: | 589 case __NR_kexec_load: |
| 582 case __NR_reboot: | 590 case __NR_reboot: |
| 583 case __NR_setdomainname: | 591 case __NR_setdomainname: |
| 584 case __NR_sethostname: | 592 case __NR_sethostname: |
| 585 case __NR_syslog: | 593 case __NR_syslog: |
| 586 return true; | 594 return true; |
| 587 default: | 595 default: |
| 588 return false; | 596 return false; |
| 589 } | 597 } |
| 590 } | 598 } |
| 591 | 599 |
| 592 bool SyscallSets::IsKernelModule(int sysno) { | 600 bool SyscallSets::IsKernelModule(int sysno) { |
| 593 switch (sysno) { | 601 switch (sysno) { |
| 594 #if defined(__i386__) || defined(__x86_64__) | 602 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 595 case __NR_create_module: | 603 case __NR_create_module: |
| 596 case __NR_get_kernel_syms: // Should ENOSYS. | 604 case __NR_get_kernel_syms: // Should ENOSYS. |
| 597 case __NR_query_module: | 605 case __NR_query_module: |
| 598 #endif | 606 #endif |
| 599 case __NR_delete_module: | 607 case __NR_delete_module: |
| 600 case __NR_init_module: | 608 case __NR_init_module: |
| 601 return true; | 609 return true; |
| 602 default: | 610 default: |
| 603 return false; | 611 return false; |
| 604 } | 612 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 615 } | 623 } |
| 616 } | 624 } |
| 617 | 625 |
| 618 bool SyscallSets::IsFsControl(int sysno) { | 626 bool SyscallSets::IsFsControl(int sysno) { |
| 619 switch (sysno) { | 627 switch (sysno) { |
| 620 case __NR_mount: | 628 case __NR_mount: |
| 621 case __NR_nfsservctl: | 629 case __NR_nfsservctl: |
| 622 case __NR_quotactl: | 630 case __NR_quotactl: |
| 623 case __NR_swapoff: | 631 case __NR_swapoff: |
| 624 case __NR_swapon: | 632 case __NR_swapon: |
| 625 #if defined(__i386__) | 633 #if defined(__i386__) || defined(__mips__) |
| 626 case __NR_umount: | 634 case __NR_umount: |
| 627 #endif | 635 #endif |
| 628 case __NR_umount2: | 636 case __NR_umount2: |
| 629 return true; | 637 return true; |
| 630 default: | 638 default: |
| 631 return false; | 639 return false; |
| 632 } | 640 } |
| 633 } | 641 } |
| 634 | 642 |
| 635 bool SyscallSets::IsNuma(int sysno) { | 643 bool SyscallSets::IsNuma(int sysno) { |
| 636 switch (sysno) { | 644 switch (sysno) { |
| 637 case __NR_get_mempolicy: | 645 case __NR_get_mempolicy: |
| 638 case __NR_getcpu: | 646 case __NR_getcpu: |
| 639 case __NR_mbind: | 647 case __NR_mbind: |
| 640 #if defined(__i386__) || defined(__x86_64__) | 648 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 641 case __NR_migrate_pages: | 649 case __NR_migrate_pages: |
| 642 #endif | 650 #endif |
| 643 case __NR_move_pages: | 651 case __NR_move_pages: |
| 644 case __NR_set_mempolicy: | 652 case __NR_set_mempolicy: |
| 645 return true; | 653 return true; |
| 646 default: | 654 default: |
| 647 return false; | 655 return false; |
| 648 } | 656 } |
| 649 } | 657 } |
| 650 | 658 |
| 651 bool SyscallSets::IsMessageQueue(int sysno) { | 659 bool SyscallSets::IsMessageQueue(int sysno) { |
| 652 switch (sysno) { | 660 switch (sysno) { |
| 653 case __NR_mq_getsetattr: | 661 case __NR_mq_getsetattr: |
| 654 case __NR_mq_notify: | 662 case __NR_mq_notify: |
| 655 case __NR_mq_open: | 663 case __NR_mq_open: |
| 656 case __NR_mq_timedreceive: | 664 case __NR_mq_timedreceive: |
| 657 case __NR_mq_timedsend: | 665 case __NR_mq_timedsend: |
| 658 case __NR_mq_unlink: | 666 case __NR_mq_unlink: |
| 659 return true; | 667 return true; |
| 660 default: | 668 default: |
| 661 return false; | 669 return false; |
| 662 } | 670 } |
| 663 } | 671 } |
| 664 | 672 |
| 665 bool SyscallSets::IsGlobalProcessEnvironment(int sysno) { | 673 bool SyscallSets::IsGlobalProcessEnvironment(int sysno) { |
| 666 switch (sysno) { | 674 switch (sysno) { |
| 667 case __NR_acct: // Privileged. | 675 case __NR_acct: // Privileged. |
| 668 #if defined(__i386__) || defined(__x86_64__) | 676 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 669 case __NR_getrlimit: | 677 case __NR_getrlimit: |
| 670 #endif | 678 #endif |
| 671 #if defined(__i386__) || defined(__arm__) | 679 #if defined(__i386__) || defined(__arm__) |
| 672 case __NR_ugetrlimit: | 680 case __NR_ugetrlimit: |
| 673 #endif | 681 #endif |
| 674 #if defined(__i386__) | 682 #if defined(__i386__) || defined(__mips__) |
| 675 case __NR_ulimit: | 683 case __NR_ulimit: |
| 676 #endif | 684 #endif |
| 677 case __NR_getrusage: | 685 case __NR_getrusage: |
| 678 case __NR_personality: // Can change its personality as well. | 686 case __NR_personality: // Can change its personality as well. |
| 679 case __NR_prlimit64: // Like setrlimit / getrlimit. | 687 case __NR_prlimit64: // Like setrlimit / getrlimit. |
| 680 case __NR_setrlimit: | 688 case __NR_setrlimit: |
| 681 case __NR_times: | 689 case __NR_times: |
| 682 return true; | 690 return true; |
| 683 default: | 691 default: |
| 684 return false; | 692 return false; |
| 685 } | 693 } |
| 686 } | 694 } |
| 687 | 695 |
| 688 bool SyscallSets::IsDebug(int sysno) { | 696 bool SyscallSets::IsDebug(int sysno) { |
| 689 switch (sysno) { | 697 switch (sysno) { |
| 690 case __NR_ptrace: | 698 case __NR_ptrace: |
| 691 case __NR_process_vm_readv: | 699 case __NR_process_vm_readv: |
| 692 case __NR_process_vm_writev: | 700 case __NR_process_vm_writev: |
| 693 #if defined(__i386__) || defined(__x86_64__) | 701 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 694 case __NR_kcmp: | 702 case __NR_kcmp: |
| 695 #endif | 703 #endif |
| 696 return true; | 704 return true; |
| 697 default: | 705 default: |
| 698 return false; | 706 return false; |
| 699 } | 707 } |
| 700 } | 708 } |
| 701 | 709 |
| 702 bool SyscallSets::IsGlobalSystemStatus(int sysno) { | 710 bool SyscallSets::IsGlobalSystemStatus(int sysno) { |
| 703 switch (sysno) { | 711 switch (sysno) { |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 786 case __NR_msgget: | 794 case __NR_msgget: |
| 787 case __NR_msgrcv: | 795 case __NR_msgrcv: |
| 788 case __NR_msgsnd: | 796 case __NR_msgsnd: |
| 789 return true; | 797 return true; |
| 790 default: | 798 default: |
| 791 return false; | 799 return false; |
| 792 } | 800 } |
| 793 } | 801 } |
| 794 #endif | 802 #endif |
| 795 | 803 |
| 796 #if defined(__i386__) | 804 #if defined(__i386__) || defined(__mips__) |
| 797 // Big system V multiplexing system call. | 805 // Big system V multiplexing system call. |
| 798 bool SyscallSets::IsSystemVIpc(int sysno) { | 806 bool SyscallSets::IsSystemVIpc(int sysno) { |
| 799 switch (sysno) { | 807 switch (sysno) { |
| 800 case __NR_ipc: | 808 case __NR_ipc: |
| 801 return true; | 809 return true; |
| 802 default: | 810 default: |
| 803 return false; | 811 return false; |
| 804 } | 812 } |
| 805 } | 813 } |
| 806 #endif | 814 #endif |
| 807 | 815 |
| 808 bool SyscallSets::IsAnySystemV(int sysno) { | 816 bool SyscallSets::IsAnySystemV(int sysno) { |
| 809 #if defined(__x86_64__) || defined(__arm__) | 817 #if defined(__x86_64__) || defined(__arm__) |
| 810 return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) || | 818 return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) || |
| 811 IsSystemVSharedMemory(sysno); | 819 IsSystemVSharedMemory(sysno); |
| 812 #elif defined(__i386__) | 820 #elif defined(__i386__) || defined(__mips__) |
| 813 return IsSystemVIpc(sysno); | 821 return IsSystemVIpc(sysno); |
| 814 #endif | 822 #endif |
| 815 } | 823 } |
| 816 | 824 |
| 817 bool SyscallSets::IsAdvancedScheduler(int sysno) { | 825 bool SyscallSets::IsAdvancedScheduler(int sysno) { |
| 818 switch (sysno) { | 826 switch (sysno) { |
| 819 case __NR_ioprio_get: // IO scheduler. | 827 case __NR_ioprio_get: // IO scheduler. |
| 820 case __NR_ioprio_set: | 828 case __NR_ioprio_set: |
| 821 case __NR_sched_get_priority_max: | 829 case __NR_sched_get_priority_max: |
| 822 case __NR_sched_get_priority_min: | 830 case __NR_sched_get_priority_min: |
| (...skipping 28 matching lines...) Expand all Loading... |
| 851 case __NR_fanotify_mark: | 859 case __NR_fanotify_mark: |
| 852 return true; | 860 return true; |
| 853 default: | 861 default: |
| 854 return false; | 862 return false; |
| 855 } | 863 } |
| 856 } | 864 } |
| 857 | 865 |
| 858 bool SyscallSets::IsTimer(int sysno) { | 866 bool SyscallSets::IsTimer(int sysno) { |
| 859 switch (sysno) { | 867 switch (sysno) { |
| 860 case __NR_getitimer: | 868 case __NR_getitimer: |
| 861 #if defined(__i386__) || defined(__x86_64__) | 869 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 862 case __NR_alarm: | 870 case __NR_alarm: |
| 863 #endif | 871 #endif |
| 864 case __NR_setitimer: | 872 case __NR_setitimer: |
| 865 return true; | 873 return true; |
| 866 default: | 874 default: |
| 867 return false; | 875 return false; |
| 868 } | 876 } |
| 869 } | 877 } |
| 870 | 878 |
| 871 bool SyscallSets::IsAdvancedTimer(int sysno) { | 879 bool SyscallSets::IsAdvancedTimer(int sysno) { |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 907 // Various system calls that need to be researched. | 915 // Various system calls that need to be researched. |
| 908 // TODO(jln): classify this better. | 916 // TODO(jln): classify this better. |
| 909 bool SyscallSets::IsMisc(int sysno) { | 917 bool SyscallSets::IsMisc(int sysno) { |
| 910 switch (sysno) { | 918 switch (sysno) { |
| 911 case __NR_name_to_handle_at: | 919 case __NR_name_to_handle_at: |
| 912 case __NR_open_by_handle_at: | 920 case __NR_open_by_handle_at: |
| 913 case __NR_perf_event_open: | 921 case __NR_perf_event_open: |
| 914 case __NR_syncfs: | 922 case __NR_syncfs: |
| 915 case __NR_vhangup: | 923 case __NR_vhangup: |
| 916 // The system calls below are not implemented. | 924 // The system calls below are not implemented. |
| 917 #if defined(__i386__) || defined(__x86_64__) | 925 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 918 case __NR_afs_syscall: | 926 case __NR_afs_syscall: |
| 919 #endif | 927 #endif |
| 920 #if defined(__i386__) | 928 #if defined(__i386__) || defined(__mips__) |
| 921 case __NR_break: | 929 case __NR_break: |
| 922 #endif | 930 #endif |
| 923 #if defined(__i386__) || defined(__x86_64__) | 931 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 924 case __NR_getpmsg: | 932 case __NR_getpmsg: |
| 925 #endif | 933 #endif |
| 926 #if defined(__i386__) | 934 #if defined(__i386__) || defined(__mips__) |
| 927 case __NR_gtty: | 935 case __NR_gtty: |
| 928 case __NR_idle: | 936 case __NR_idle: |
| 929 case __NR_lock: | 937 case __NR_lock: |
| 930 case __NR_mpx: | 938 case __NR_mpx: |
| 931 case __NR_prof: | 939 case __NR_prof: |
| 932 case __NR_profil: | 940 case __NR_profil: |
| 933 #endif | 941 #endif |
| 934 #if defined(__i386__) || defined(__x86_64__) | 942 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 935 case __NR_putpmsg: | 943 case __NR_putpmsg: |
| 936 #endif | 944 #endif |
| 937 #if defined(__x86_64__) | 945 #if defined(__x86_64__) |
| 938 case __NR_security: | 946 case __NR_security: |
| 939 #endif | 947 #endif |
| 940 #if defined(__i386__) | 948 #if defined(__i386__) || defined(__mips__) |
| 941 case __NR_stty: | 949 case __NR_stty: |
| 942 #endif | 950 #endif |
| 943 #if defined(__x86_64__) | 951 #if defined(__x86_64__) |
| 944 case __NR_tuxcall: | 952 case __NR_tuxcall: |
| 945 #endif | 953 #endif |
| 946 case __NR_vserver: | 954 case __NR_vserver: |
| 947 return true; | 955 return true; |
| 948 default: | 956 default: |
| 949 return false; | 957 return false; |
| 950 } | 958 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 969 case __ARM_NR_set_tls: | 977 case __ARM_NR_set_tls: |
| 970 case __ARM_NR_usr26: | 978 case __ARM_NR_usr26: |
| 971 case __ARM_NR_usr32: | 979 case __ARM_NR_usr32: |
| 972 return true; | 980 return true; |
| 973 default: | 981 default: |
| 974 return false; | 982 return false; |
| 975 } | 983 } |
| 976 } | 984 } |
| 977 #endif // defined(__arm__) | 985 #endif // defined(__arm__) |
| 978 | 986 |
| 987 #if defined(__mips__) |
| 988 bool SyscallSets::IsMipsSpecific(int sysno) { |
| 989 switch (sysno) { |
| 990 case __NR_cacheflush: |
| 991 case __NR_cachectl: |
| 992 return true; |
| 993 default: |
| 994 return false; |
| 995 } |
| 996 } |
| 997 |
| 998 bool SyscallSets::IsMipsMisc(int sysno) { |
| 999 switch (sysno) { |
| 1000 case __NR_sysmips: |
| 1001 case __NR_unused150: |
| 1002 return true; |
| 1003 default: |
| 1004 return false; |
| 1005 } |
| 1006 } |
| 1007 #endif // defined(__mips__) |
| 979 } // namespace sandbox. | 1008 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master