OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "build/build_config.h" | 9 #include "build/build_config.h" |
10 #include "sandbox/sandbox_export.h" | 10 #include "sandbox/sandbox_export.h" |
(...skipping 24 matching lines...) Expand all Loading... |
35 static bool IsAllowedOperationOnFd(int sysno); | 35 static bool IsAllowedOperationOnFd(int sysno); |
36 static bool IsKernelInternalApi(int sysno); | 36 static bool IsKernelInternalApi(int sysno); |
37 // This should be thought through in conjunction with IsFutex(). | 37 // This should be thought through in conjunction with IsFutex(). |
38 static bool IsAllowedProcessStartOrDeath(int sysno); | 38 static bool IsAllowedProcessStartOrDeath(int sysno); |
39 // It's difficult to restrict those, but there is attack surface here. | 39 // It's difficult to restrict those, but there is attack surface here. |
40 static bool IsFutex(int sysno); | 40 static bool IsFutex(int sysno); |
41 static bool IsAllowedEpoll(int sysno); | 41 static bool IsAllowedEpoll(int sysno); |
42 static bool IsAllowedGetOrModifySocket(int sysno); | 42 static bool IsAllowedGetOrModifySocket(int sysno); |
43 static bool IsDeniedGetOrModifySocket(int sysno); | 43 static bool IsDeniedGetOrModifySocket(int sysno); |
44 | 44 |
45 #if defined(__i386__) | 45 #if defined(__i386__) || defined(__mips__) |
46 // Big multiplexing system call for sockets. | 46 // Big multiplexing system call for sockets. |
47 static bool IsSocketCall(int sysno); | 47 static bool IsSocketCall(int sysno); |
48 #endif | 48 #endif |
49 | 49 |
50 #if defined(__x86_64__) || defined(__arm__) | 50 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
51 static bool IsNetworkSocketInformation(int sysno); | 51 static bool IsNetworkSocketInformation(int sysno); |
52 #endif | 52 #endif |
53 | 53 |
54 static bool IsAllowedAddressSpaceAccess(int sysno); | 54 static bool IsAllowedAddressSpaceAccess(int sysno); |
55 static bool IsAllowedGeneralIo(int sysno); | 55 static bool IsAllowedGeneralIo(int sysno); |
56 static bool IsAllowedPrctl(int sysno); | 56 static bool IsAllowedPrctl(int sysno); |
57 static bool IsAllowedBasicScheduler(int sysno); | 57 static bool IsAllowedBasicScheduler(int sysno); |
58 static bool IsAdminOperation(int sysno); | 58 static bool IsAdminOperation(int sysno); |
59 static bool IsKernelModule(int sysno); | 59 static bool IsKernelModule(int sysno); |
60 static bool IsGlobalFSViewChange(int sysno); | 60 static bool IsGlobalFSViewChange(int sysno); |
(...skipping 12 matching lines...) Expand all Loading... |
73 #endif | 73 #endif |
74 #if defined(__x86_64__) || defined(__arm__) | 74 #if defined(__x86_64__) || defined(__arm__) |
75 // These give a lot of ambient authority and bypass the setuid sandbox. | 75 // These give a lot of ambient authority and bypass the setuid sandbox. |
76 static bool IsSystemVSharedMemory(int sysno); | 76 static bool IsSystemVSharedMemory(int sysno); |
77 #endif | 77 #endif |
78 | 78 |
79 #if defined(__x86_64__) || defined(__arm__) | 79 #if defined(__x86_64__) || defined(__arm__) |
80 static bool IsSystemVMessageQueue(int sysno); | 80 static bool IsSystemVMessageQueue(int sysno); |
81 #endif | 81 #endif |
82 | 82 |
83 #if defined(__i386__) | 83 #if defined(__i386__) || defined(__mips__) |
84 // Big system V multiplexing system call. | 84 // Big system V multiplexing system call. |
85 static bool IsSystemVIpc(int sysno); | 85 static bool IsSystemVIpc(int sysno); |
86 #endif | 86 #endif |
87 | 87 |
88 static bool IsAnySystemV(int sysno); | 88 static bool IsAnySystemV(int sysno); |
89 static bool IsAdvancedScheduler(int sysno); | 89 static bool IsAdvancedScheduler(int sysno); |
90 static bool IsInotify(int sysno); | 90 static bool IsInotify(int sysno); |
91 static bool IsFaNotify(int sysno); | 91 static bool IsFaNotify(int sysno); |
92 static bool IsTimer(int sysno); | 92 static bool IsTimer(int sysno); |
93 static bool IsAdvancedTimer(int sysno); | 93 static bool IsAdvancedTimer(int sysno); |
94 static bool IsExtendedAttributes(int sysno); | 94 static bool IsExtendedAttributes(int sysno); |
95 static bool IsMisc(int sysno); | 95 static bool IsMisc(int sysno); |
96 #if defined(__arm__) | 96 #if defined(__arm__) |
97 static bool IsArmPciConfig(int sysno); | 97 static bool IsArmPciConfig(int sysno); |
98 static bool IsArmPrivate(int sysno); | 98 static bool IsArmPrivate(int sysno); |
99 #endif // defined(__arm__) | 99 #endif // defined(__arm__) |
| 100 #if defined(__mips__) |
| 101 static bool IsMipsPrivate(int sysno); |
| 102 static bool IsMipsMisc(int sysno); |
| 103 #endif // defined(__mips__) |
100 private: | 104 private: |
101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); | 105 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); |
102 }; | 106 }; |
103 | 107 |
104 } // namespace sandbox. | 108 } // namespace sandbox. |
105 | 109 |
106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 110 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
OLD | NEW |