sandbox/linux/seccomp/sandbox.cc - Issue 164373: Fix seccomp sandbox for gcc44

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/linux/seccomp/sandbox.cc

Issue 164373: Fix seccomp sandbox for gcc44 (Closed)

Patch Set: Created 11 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 #include "library.h"	1 #include "library.h"

2 #include "sandbox_impl.h"	2 #include "sandbox_impl.h"

3 #include "syscall_table.h"	3 #include "syscall_table.h"

4	4

5 namespace playground {	5 namespace playground {

6	6

7 // Global variables	7 // Global variables

8 int Sandbox::pid_;	8 int Sandbox::pid_;

9 int Sandbox::processFdPub_;	9 int Sandbox::processFdPub_;

10 int Sandbox::cloneFdPub_;	10 int Sandbox::cloneFdPub_;

(...skipping 378 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
389 library->patchSystemCalls();	389 library->patchSystemCalls();

390 library->makeWritable(false);	390 library->makeWritable(false);

391 break;	391 break;

392 }	392 }

393 }	393 }

394	394

395 // Intercept system calls in libraries that are known to have them.	395 // Intercept system calls in libraries that are known to have them.

396 for (Maps::const_iterator iter = maps.begin(); iter != maps.end(); ++iter){	396 for (Maps::const_iterator iter = maps.begin(); iter != maps.end(); ++iter){

397 Library* library = *iter;	397 Library* library = *iter;

398 for (const char *ptr = libs; ptr; ptr++) {	398 for (const char *ptr = libs; ptr; ptr++) {

399 char name = strstr(iter.name().c_str(), ptr);	399 const char name = strstr(iter.name().c_str(), ptr);

400 if (name) {	400 if (name) {

401 char ch = name[strlen(*ptr)];	401 char ch = name[strlen(*ptr)];

402 if (ch < 'A' \|\| (ch > 'Z' && ch < 'a') \|\| ch > 'z') {	402 if (ch < 'A' \|\| (ch > 'Z' && ch < 'a') \|\| ch > 'z') {

403 library->makeWritable(true);	403 library->makeWritable(true);

404 library->patchSystemCalls();	404 library->patchSystemCalls();

405 library->makeWritable(false);	405 library->makeWritable(false);

406 break;	406 break;

407 }	407 }

408 }	408 }

409 }	409 }

410 }	410 }

411 }	411 }

412	412

413 // Take a snapshot of the current memory mappings. These mappings will be	413 // Take a snapshot of the current memory mappings. These mappings will be

414 // off-limits to all future mmap(), munmap(), mremap(), and mprotect() calls.	414 // off-limits to all future mmap(), munmap(), mremap(), and mprotect() calls.

415 snapshotMemoryMappings(processFdPub_);	415 snapshotMemoryMappings(processFdPub_);

416	416

417 // Creating the trusted thread enables sandboxing	417 // Creating the trusted thread enables sandboxing

418 createTrustedThread(processFdPub_, cloneFdPub_, secureMem);	418 createTrustedThread(processFdPub_, cloneFdPub_, secureMem);

419 }	419 }

420	420

421 } // namespace	421 } // namespace

OLD	NEW

« no previous file with comments | « sandbox/linux/seccomp/debug.cc ('k') | no next file » | no next file with comments »