Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(27)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/seccomp_macros.h

Issue 1029283003: WIP: Implement seccomp-bpf sandbox for nacl_helper_nonsfi. Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/policy_compiler.cc ('k') | sandbox/linux/bpf_dsl/verifier.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_BPF_DSL_SECCOMP_MACROS_H_ 5 #ifndef SANDBOX_LINUX_BPF_DSL_SECCOMP_MACROS_H_
6 #define SANDBOX_LINUX_BPF_DSL_SECCOMP_MACROS_H_ 6 #define SANDBOX_LINUX_BPF_DSL_SECCOMP_MACROS_H_
7 7
8 #include <asm/unistd.h> 8 #include "build/build_config.h"
9 #include <linux/filter.h>
10 9
11 #include <sys/cdefs.h>
12 // Old Bionic versions do not have sys/user.h. The if can be removed once we no 10 // Old Bionic versions do not have sys/user.h. The if can be removed once we no
13 // longer need to support these old Bionic versions. 11 // longer need to support these old Bionic versions.
14 // All x86_64 builds use a new enough bionic to have sys/user.h. 12 // All x86_64 builds use a new enough bionic to have sys/user.h.
15 #if !defined(__BIONIC__) || defined(__x86_64__) 13 #if !defined(__BIONIC__) || defined(__x86_64__)
16 #include <sys/types.h> // Fix for gcc 4.7, make sure __uint16_t is defined. 14 #include <sys/types.h> // Fix for gcc 4.7, make sure __uint16_t is defined.
15 #if !defined(OS_NACL_NONSFI)
17 #include <sys/user.h> 16 #include <sys/user.h>
17 #endif
18 #if defined(__mips__) 18 #if defined(__mips__)
19 // sys/user.h in eglibc misses size_t definition 19 // sys/user.h in eglibc misses size_t definition
20 #include <stddef.h> 20 #include <stddef.h>
21 #endif 21 #endif
22 #endif 22 #endif
23 23
24 #include "sandbox/linux/system_headers/linux_seccomp.h" // For AUDIT_ARCH_* 24 #include "sandbox/linux/system_headers/linux_seccomp.h" // For AUDIT_ARCH_*
25 25
26 // Impose some reasonable maximum BPF program size. Realistically, the 26 // Impose some reasonable maximum BPF program size. Realistically, the
27 // kernel probably has much lower limits. But by limiting to less than 27 // kernel probably has much lower limits. But by limiting to less than
(...skipping 18 matching lines...) Expand all
46 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ 46 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \
47 instruction_pointer) + 4) 47 instruction_pointer) + 4)
48 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ 48 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \
49 instruction_pointer) + 0) 49 instruction_pointer) + 0)
50 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ 50 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \
51 8*(nr) + 4) 51 8*(nr) + 4)
52 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ 52 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \
53 8*(nr) + 0) 53 8*(nr) + 0)
54 54
55 55
56 #if defined(__BIONIC__) 56 #if defined(__BIONIC__) || defined(OS_NACL_NONSFI)
57 // Old Bionic versions don't have sys/user.h, so we just define regs_struct 57 // Old Bionic versions and PNaCl toolchain for nacl_helper_nonsfi don't have
58 // directly. This can be removed once we no longer need to support these old 58 // sys/user.h, so we just define regs_struct directly. This can be removed
59 // Bionic versions. 59 // once we no longer need to support these old Bionic versions.
60 struct regs_struct { 60 struct regs_struct {
61 long int ebx; 61 long int ebx;
62 long int ecx; 62 long int ecx;
63 long int edx; 63 long int edx;
64 long int esi; 64 long int esi;
65 long int edi; 65 long int edi;
66 long int ebp; 66 long int ebp;
67 long int eax; 67 long int eax;
68 long int xds; 68 long int xds;
69 long int xes; 69 long int xes;
(...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after
287 #define SECCOMP_PT_PARM3(_regs) (_regs).regs[2] 287 #define SECCOMP_PT_PARM3(_regs) (_regs).regs[2]
288 #define SECCOMP_PT_PARM4(_regs) (_regs).regs[3] 288 #define SECCOMP_PT_PARM4(_regs) (_regs).regs[3]
289 #define SECCOMP_PT_PARM5(_regs) (_regs).regs[4] 289 #define SECCOMP_PT_PARM5(_regs) (_regs).regs[4]
290 #define SECCOMP_PT_PARM6(_regs) (_regs).regs[5] 290 #define SECCOMP_PT_PARM6(_regs) (_regs).regs[5]
291 #else 291 #else
292 #error Unsupported target platform 292 #error Unsupported target platform
293 293
294 #endif 294 #endif
295 295
296 #endif // SANDBOX_LINUX_BPF_DSL_SECCOMP_MACROS_H_ 296 #endif // SANDBOX_LINUX_BPF_DSL_SECCOMP_MACROS_H_
OLDNEW
« no previous file with comments | « sandbox/linux/bpf_dsl/policy_compiler.cc ('k') | sandbox/linux/bpf_dsl/verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698