Chromium Code Reviews Chromium Code Reviews
Issue 278583005:
Linux Sandbox: Add support for SECCOMP_RET_TRACE. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| 7 | 7 |
| 8 #include "sandbox/linux/sandbox_export.h" | 8 #include "sandbox/linux/sandbox_export.h" |
| 9 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" | 9 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" |
| 10 #include "sandbox/linux/seccomp-bpf/trap.h" | 10 #include "sandbox/linux/seccomp-bpf/trap.h" |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 23 // field. | 23 // field. |
| 24 class SANDBOX_EXPORT ErrorCode { | 24 class SANDBOX_EXPORT ErrorCode { |
| 25 public: | 25 public: |
| 26 enum { | 26 enum { |
| 27 // Allow this system call. The value of ERR_ALLOWED is pretty much | 27 // Allow this system call. The value of ERR_ALLOWED is pretty much |
| 28 // completely arbitrary. But we want to pick it so that is is unlikely | 28 // completely arbitrary. But we want to pick it so that is is unlikely |
| 29 // to be passed in accidentally, when the user intended to return an | 29 // to be passed in accidentally, when the user intended to return an |
| 30 // "errno" (see below) value instead. | 30 // "errno" (see below) value instead. |
| 31 ERR_ALLOWED = 0x04000000, | 31 ERR_ALLOWED = 0x04000000, |
| 32 | 32 |
| 33 // If the progress is being ptraced with PTRACE_O_TRACESECCOMP, then then | |
|
jln (very slow on Chromium)
2014/05/20 03:02:10
Nit: one "then"
rickyz (Google)
2014/05/20 22:34:01
Done.
| |
| 34 // the tracer will be notified of a PTRACE_EVENT_SECCOMP and allowed to | |
| 35 // change or skip the system call. The lower 16 bits of err will be | |
| 36 // available to the tracer via PTRACE_GETEVENTMSG. | |
| 37 ERR_TRACE = 0x08000000, | |
| 38 | |
| 33 // Deny the system call with a particular "errno" value. | 39 // Deny the system call with a particular "errno" value. |
| 34 // N.B.: It is also possible to return "0" here. That would normally | 40 // N.B.: It is also possible to return "0" here. That would normally |
| 35 // indicate success, but it won't actually run the system call. | 41 // indicate success, but it won't actually run the system call. |
| 36 // This is very different from return ERR_ALLOWED. | 42 // This is very different from return ERR_ALLOWED. |
| 37 ERR_MIN_ERRNO = 0, | 43 ERR_MIN_ERRNO = 0, |
| 38 // TODO(markus): Android only supports errno up to 255 | 44 // TODO(markus): Android only supports errno up to 255 |
| 39 // (crbug.com/181647). | 45 // (crbug.com/181647). |
| 40 ERR_MAX_ERRNO = 4095, | 46 ERR_MAX_ERRNO = 4095, |
| 41 }; | 47 }; |
| 42 | 48 |
| (...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 189 | 195 |
| 190 // 32bit field used for all possible types of ErrorCode values. This is | 196 // 32bit field used for all possible types of ErrorCode values. This is |
| 191 // the value that uniquely identifies any ErrorCode and it (typically) can | 197 // the value that uniquely identifies any ErrorCode and it (typically) can |
| 192 // be emitted directly into a BPF filter program. | 198 // be emitted directly into a BPF filter program. |
| 193 uint32_t err_; | 199 uint32_t err_; |
| 194 }; | 200 }; |
| 195 | 201 |
| 196 } // namespace sandbox | 202 } // namespace sandbox |
| 197 | 203 |
| 198 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 204 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| OLD | NEW |
