OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
7 | 7 |
8 // The Seccomp2 kernel ABI is not part of older versions of glibc. | 8 // The Seccomp2 kernel ABI is not part of older versions of glibc. |
9 // As we can't break compilation with these versions of the library, | 9 // As we can't break compilation with these versions of the library, |
10 // we explicitly define all missing symbols. | 10 // we explicitly define all missing symbols. |
11 // If we ever decide that we can now rely on system headers, the following | 11 // If we ever decide that we can now rely on system headers, the following |
12 // include files should be enabled: | 12 // include files should be enabled: |
13 // #include <linux/audit.h> | 13 // #include <linux/audit.h> |
14 // #include <linux/seccomp.h> | 14 // #include <linux/seccomp.h> |
15 | 15 |
16 #include <asm/unistd.h> | 16 #include <asm/unistd.h> |
17 #include <linux/filter.h> | 17 #include <linux/filter.h> |
18 | 18 |
19 // For audit.h | 19 // For audit.h |
20 #ifndef EM_ARM | 20 #ifndef EM_ARM |
21 #define EM_ARM 40 | 21 #define EM_ARM 40 |
22 #endif | 22 #endif |
23 #ifndef EM_386 | 23 #ifndef EM_386 |
24 #define EM_386 3 | 24 #define EM_386 3 |
25 #endif | 25 #endif |
26 #ifndef EM_X86_64 | 26 #ifndef EM_X86_64 |
27 #define EM_X86_64 62 | 27 #define EM_X86_64 62 |
28 #endif | 28 #endif |
29 #ifndef EM_MIPS | |
30 #define EM_MIPS 8 | |
31 #endif | |
29 | 32 |
30 #ifndef __AUDIT_ARCH_64BIT | 33 #ifndef __AUDIT_ARCH_64BIT |
31 #define __AUDIT_ARCH_64BIT 0x80000000 | 34 #define __AUDIT_ARCH_64BIT 0x80000000 |
32 #endif | 35 #endif |
33 #ifndef __AUDIT_ARCH_LE | 36 #ifndef __AUDIT_ARCH_LE |
34 #define __AUDIT_ARCH_LE 0x40000000 | 37 #define __AUDIT_ARCH_LE 0x40000000 |
35 #endif | 38 #endif |
36 #ifndef AUDIT_ARCH_ARM | 39 #ifndef AUDIT_ARCH_ARM |
37 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) | 40 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) |
38 #endif | 41 #endif |
39 #ifndef AUDIT_ARCH_I386 | 42 #ifndef AUDIT_ARCH_I386 |
40 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) | 43 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) |
41 #endif | 44 #endif |
42 #ifndef AUDIT_ARCH_X86_64 | 45 #ifndef AUDIT_ARCH_X86_64 |
43 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) | 46 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) |
44 #endif | 47 #endif |
48 #ifndef AUDIT_ARCH_MIPSEL | |
49 #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) | |
50 #endif | |
45 | 51 |
46 // For prctl.h | 52 // For prctl.h |
47 #ifndef PR_SET_SECCOMP | 53 #ifndef PR_SET_SECCOMP |
48 #define PR_SET_SECCOMP 22 | 54 #define PR_SET_SECCOMP 22 |
49 #define PR_GET_SECCOMP 21 | 55 #define PR_GET_SECCOMP 21 |
50 #endif | 56 #endif |
51 #ifndef PR_SET_NO_NEW_PRIVS | 57 #ifndef PR_SET_NO_NEW_PRIVS |
52 #define PR_SET_NO_NEW_PRIVS 38 | 58 #define PR_SET_NO_NEW_PRIVS 38 |
53 #define PR_GET_NO_NEW_PRIVS 39 | 59 #define PR_GET_NO_NEW_PRIVS 39 |
54 #endif | 60 #endif |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
182 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) | 188 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) |
183 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ | 189 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ |
184 instruction_pointer) + 4) | 190 instruction_pointer) + 4) |
185 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ | 191 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ |
186 instruction_pointer) + 0) | 192 instruction_pointer) + 0) |
187 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 193 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
188 8*(nr) + 4) | 194 8*(nr) + 4) |
189 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 195 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
190 8*(nr) + 0) | 196 8*(nr) + 0) |
191 | 197 |
198 #elif defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32) | |
199 #define MIN_SYSCALL __NR_O32_Linux | |
200 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + __NR_Linux_syscalls) | |
201 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL | |
202 #define SECCOMP_ARCH AUDIT_ARCH_MIPSEL | |
203 | |
204 // MIPS sigcontext_t is different from i386/x86_64 and ARM. | |
205 // See </arch/mips/include/uapi/asm/sigcontext.h> in the Linux kernel. | |
206 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[_reg]) | |
207 // Based on MIPS o32 ABI syscall convention. | |
208 // On MIPS, when indirect syscall is being made (syscall(__NR_foo)), | |
209 // real identificator (__NR_foo) is not in v0, but in a0 | |
210 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, 2) | |
211 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, 2) | |
212 #define SECCOMP_IP(_ctx) (_ctx)->uc_mcontext.pc | |
213 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, 4) | |
214 #define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, 5) | |
215 #define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, 6) | |
216 #define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, 7) | |
217 // Only the first 4 arguments of syscall are in registers. | |
218 // The rest are on the stack. | |
219 #define SECCOMP_PARM5(_ctx) (long int)(*((intptr_t*)SECCOMP_REG(_ctx, 29)+4) ) | |
jln (very slow on Chromium)
2014/05/02 20:42:04
Nit: wrap
nedeljko
2014/05/07 15:40:05
Done.
| |
220 #define SECCOMP_PARM6(_ctx) (long int)(*((intptr_t*)SECCOMP_REG(_ctx, 29)+5) ) | |
jln (very slow on Chromium)
2014/05/02 20:42:04
Nit: wrap
nedeljko
2014/05/07 15:40:05
Done.
| |
221 #define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr)) | |
222 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) | |
223 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ | |
224 instruction_pointer) + 4) | |
225 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ | |
226 instruction_pointer) + 0) | |
227 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | |
228 8*(nr) + 4) | |
229 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | |
230 8*(nr) + 0) | |
231 | |
192 #else | 232 #else |
193 #error Unsupported target platform | 233 #error Unsupported target platform |
194 | 234 |
195 #endif | 235 #endif |
196 | 236 |
197 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 237 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
OLD | NEW |