| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "build/build_config.h" | 9 #include "build/build_config.h" |
| 10 #include "sandbox/sandbox_export.h" | 10 #include "sandbox/sandbox_export.h" |
| (...skipping 24 matching lines...) Expand all Loading... |
| 35 static bool IsAllowedOperationOnFd(int sysno); | 35 static bool IsAllowedOperationOnFd(int sysno); |
| 36 static bool IsKernelInternalApi(int sysno); | 36 static bool IsKernelInternalApi(int sysno); |
| 37 // This should be thought through in conjunction with IsFutex(). | 37 // This should be thought through in conjunction with IsFutex(). |
| 38 static bool IsAllowedProcessStartOrDeath(int sysno); | 38 static bool IsAllowedProcessStartOrDeath(int sysno); |
| 39 // It's difficult to restrict those, but there is attack surface here. | 39 // It's difficult to restrict those, but there is attack surface here. |
| 40 static bool IsAllowedFutex(int sysno); | 40 static bool IsAllowedFutex(int sysno); |
| 41 static bool IsAllowedEpoll(int sysno); | 41 static bool IsAllowedEpoll(int sysno); |
| 42 static bool IsAllowedGetOrModifySocket(int sysno); | 42 static bool IsAllowedGetOrModifySocket(int sysno); |
| 43 static bool IsDeniedGetOrModifySocket(int sysno); | 43 static bool IsDeniedGetOrModifySocket(int sysno); |
| 44 | 44 |
| 45 #if defined(__i386__) | 45 #if defined(__i386__) || defined(__mips__) |
| 46 // Big multiplexing system call for sockets. | 46 // Big multiplexing system call for sockets. |
| 47 static bool IsSocketCall(int sysno); | 47 static bool IsSocketCall(int sysno); |
| 48 #endif | 48 #endif |
| 49 | 49 |
| 50 #if defined(__x86_64__) || defined(__arm__) | 50 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 51 static bool IsNetworkSocketInformation(int sysno); | 51 static bool IsNetworkSocketInformation(int sysno); |
| 52 #endif | 52 #endif |
| 53 | 53 |
| 54 static bool IsAllowedAddressSpaceAccess(int sysno); | 54 static bool IsAllowedAddressSpaceAccess(int sysno); |
| 55 static bool IsAllowedGeneralIo(int sysno); | 55 static bool IsAllowedGeneralIo(int sysno); |
| 56 static bool IsPrctl(int sysno); | 56 static bool IsPrctl(int sysno); |
| 57 static bool IsAllowedBasicScheduler(int sysno); | 57 static bool IsAllowedBasicScheduler(int sysno); |
| 58 static bool IsAdminOperation(int sysno); | 58 static bool IsAdminOperation(int sysno); |
| 59 static bool IsKernelModule(int sysno); | 59 static bool IsKernelModule(int sysno); |
| 60 static bool IsGlobalFSViewChange(int sysno); | 60 static bool IsGlobalFSViewChange(int sysno); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 73 #endif | 73 #endif |
| 74 #if defined(__x86_64__) || defined(__arm__) | 74 #if defined(__x86_64__) || defined(__arm__) |
| 75 // These give a lot of ambient authority and bypass the setuid sandbox. | 75 // These give a lot of ambient authority and bypass the setuid sandbox. |
| 76 static bool IsSystemVSharedMemory(int sysno); | 76 static bool IsSystemVSharedMemory(int sysno); |
| 77 #endif | 77 #endif |
| 78 | 78 |
| 79 #if defined(__x86_64__) || defined(__arm__) | 79 #if defined(__x86_64__) || defined(__arm__) |
| 80 static bool IsSystemVMessageQueue(int sysno); | 80 static bool IsSystemVMessageQueue(int sysno); |
| 81 #endif | 81 #endif |
| 82 | 82 |
| 83 #if defined(__i386__) | 83 #if defined(__i386__) || defined(__mips__) |
| 84 // Big system V multiplexing system call. | 84 // Big system V multiplexing system call. |
| 85 static bool IsSystemVIpc(int sysno); | 85 static bool IsSystemVIpc(int sysno); |
| 86 #endif | 86 #endif |
| 87 | 87 |
| 88 static bool IsAnySystemV(int sysno); | 88 static bool IsAnySystemV(int sysno); |
| 89 static bool IsAdvancedScheduler(int sysno); | 89 static bool IsAdvancedScheduler(int sysno); |
| 90 static bool IsInotify(int sysno); | 90 static bool IsInotify(int sysno); |
| 91 static bool IsFaNotify(int sysno); | 91 static bool IsFaNotify(int sysno); |
| 92 static bool IsTimer(int sysno); | 92 static bool IsTimer(int sysno); |
| 93 static bool IsAdvancedTimer(int sysno); | 93 static bool IsAdvancedTimer(int sysno); |
| 94 static bool IsExtendedAttributes(int sysno); | 94 static bool IsExtendedAttributes(int sysno); |
| 95 static bool IsMisc(int sysno); | 95 static bool IsMisc(int sysno); |
| 96 #if defined(__arm__) | 96 #if defined(__arm__) |
| 97 static bool IsArmPciConfig(int sysno); | 97 static bool IsArmPciConfig(int sysno); |
| 98 static bool IsArmPrivate(int sysno); | 98 static bool IsArmPrivate(int sysno); |
| 99 #endif // defined(__arm__) | 99 #endif // defined(__arm__) |
| 100 #if defined(__mips__) |
| 101 static bool IsMipsPrivate(int sysno); |
| 102 static bool IsMipsMisc(int sysno); |
| 103 #endif // defined(__mips__) |
| 100 private: | 104 private: |
| 101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); | 105 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); |
| 102 }; | 106 }; |
| 103 | 107 |
| 104 } // namespace sandbox. | 108 } // namespace sandbox. |
| 105 | 109 |
| 106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 110 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master