sandbox/linux/seccomp-bpf-helpers/syscall_sets.h - Issue 226083005: Linux sandbox: componentize almost everything.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_sets.h

Issue 226083005: Linux sandbox: componentize almost everything. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Update dependencies. Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

7	7

8 #include "base/basictypes.h"	8 #include "base/basictypes.h"

9 #include "build/build_config.h"	9 #include "build/build_config.h"

	10 #include "sandbox/linux/sandbox_export.h"

10	11

11 // These are helpers to build seccomp-bpf policies, i.e. policies for a	12 // These are helpers to build seccomp-bpf policies, i.e. policies for a

12 // sandbox that reduces the Linux kernel's attack surface. Given their	13 // sandbox that reduces the Linux kernel's attack surface. Given their

13 // nature, they don't have any clear semantics and are completely	14 // nature, they don't have any clear semantics and are completely

14 // "implementation-defined".	15 // "implementation-defined".

15	16

16 namespace sandbox {	17 namespace sandbox {

17	18

18 class SyscallSets {	19 class SANDBOX_EXPORT SyscallSets {

19 public:	20 public:

20 static bool IsKill(int sysno);	21 static bool IsKill(int sysno);

21 static bool IsAllowedGettime(int sysno);	22 static bool IsAllowedGettime(int sysno);

22 static bool IsCurrentDirectory(int sysno);	23 static bool IsCurrentDirectory(int sysno);

23 static bool IsUmask(int sysno);	24 static bool IsUmask(int sysno);

24 // System calls that directly access the file system. They might acquire	25 // System calls that directly access the file system. They might acquire

25 // a new file descriptor or otherwise perform an operation directly	26 // a new file descriptor or otherwise perform an operation directly

26 // via a path.	27 // via a path.

27 static bool IsFileSystem(int sysno);	28 static bool IsFileSystem(int sysno);

28 static bool IsAllowedFileSystemAccessViaFd(int sysno);	29 static bool IsAllowedFileSystemAccessViaFd(int sysno);

(...skipping 67 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
96 static bool IsArmPciConfig(int sysno);	97 static bool IsArmPciConfig(int sysno);

97 static bool IsArmPrivate(int sysno);	98 static bool IsArmPrivate(int sysno);

98 #endif // defined(__arm__)	99 #endif // defined(__arm__)

99 private:	100 private:

100 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);	101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);

101 };	102 };

102	103

103 } // namespace sandbox.	104 } // namespace sandbox.

104	105

105 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

OLD	NEW

« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h ('k') | sandbox/linux/services/broker_process.h » ('j') | no next file with comments »