Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/linux_seccomp.h

Issue 278583005: Linux Sandbox: Add support for SECCOMP_RET_TRACE. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix LOG(FATAL) behavior on Android. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/errorcode_unittest.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
7 7
8 // The Seccomp2 kernel ABI is not part of older versions of glibc. 8 // The Seccomp2 kernel ABI is not part of older versions of glibc.
9 // As we can't break compilation with these versions of the library, 9 // As we can't break compilation with these versions of the library,
10 // we explicitly define all missing symbols. 10 // we explicitly define all missing symbols.
11 // If we ever decide that we can now rely on system headers, the following 11 // If we ever decide that we can now rely on system headers, the following
12 // include files should be enabled: 12 // include files should be enabled:
13 // #include <linux/audit.h> 13 // #include <linux/audit.h>
14 // #include <linux/seccomp.h> 14 // #include <linux/seccomp.h>
15 15
16 #include <asm/unistd.h> 16 #include <asm/unistd.h>
17 #include <linux/filter.h> 17 #include <linux/filter.h>
18 18
19 // Old Bionic versions do not have sys/user.h. The if can be removed once we no
20 // longer need to support these old Bionic versions.
21 #include <sys/cdefs.h>
22 #if !defined(__BIONIC__)
23 #include <sys/user.h>
24 #endif
25
19 // For audit.h 26 // For audit.h
20 #ifndef EM_ARM 27 #ifndef EM_ARM
21 #define EM_ARM 40 28 #define EM_ARM 40
22 #endif 29 #endif
23 #ifndef EM_386 30 #ifndef EM_386
24 #define EM_386 3 31 #define EM_386 3
25 #endif 32 #endif
26 #ifndef EM_X86_64 33 #ifndef EM_X86_64
27 #define EM_X86_64 62 34 #define EM_X86_64 62
28 #endif 35 #endif
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
117 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) 124 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch))
118 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ 125 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \
119 instruction_pointer) + 4) 126 instruction_pointer) + 4)
120 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ 127 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \
121 instruction_pointer) + 0) 128 instruction_pointer) + 0)
122 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ 129 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \
123 8*(nr) + 4) 130 8*(nr) + 4)
124 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ 131 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \
125 8*(nr) + 0) 132 8*(nr) + 0)
126 133
134 typedef user_regs_struct regs_struct;
135 #define SECCOMP_PT_RESULT(_regs) (_regs).eax
136 #define SECCOMP_PT_SYSCALL(_regs) (_regs).orig_eax
137 #define SECCOMP_PT_IP(_regs) (_regs).eip
138 #define SECCOMP_PT_PARM1(_regs) (_regs).ebx
139 #define SECCOMP_PT_PARM2(_regs) (_regs).ecx
140 #define SECCOMP_PT_PARM3(_regs) (_regs).edx
141 #define SECCOMP_PT_PARM4(_regs) (_regs).esi
142 #define SECCOMP_PT_PARM5(_regs) (_regs).edi
143 #define SECCOMP_PT_PARM6(_regs) (_regs).ebp
144
127 #elif defined(__x86_64__) 145 #elif defined(__x86_64__)
128 #define MIN_SYSCALL 0u 146 #define MIN_SYSCALL 0u
129 #define MAX_PUBLIC_SYSCALL 1024u 147 #define MAX_PUBLIC_SYSCALL 1024u
130 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL 148 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL
131 #define SECCOMP_ARCH AUDIT_ARCH_X86_64 149 #define SECCOMP_ARCH AUDIT_ARCH_X86_64
132 150
133 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)]) 151 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
134 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, REG_RAX) 152 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, REG_RAX)
135 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, REG_RAX) 153 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, REG_RAX)
136 #define SECCOMP_IP(_ctx) SECCOMP_REG(_ctx, REG_RIP) 154 #define SECCOMP_IP(_ctx) SECCOMP_REG(_ctx, REG_RIP)
137 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, REG_RDI) 155 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, REG_RDI)
138 #define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, REG_RSI) 156 #define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, REG_RSI)
139 #define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, REG_RDX) 157 #define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, REG_RDX)
140 #define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, REG_R10) 158 #define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, REG_R10)
141 #define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, REG_R8) 159 #define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, REG_R8)
142 #define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, REG_R9) 160 #define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, REG_R9)
143 #define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr)) 161 #define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr))
144 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) 162 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch))
145 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ 163 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \
146 instruction_pointer) + 4) 164 instruction_pointer) + 4)
147 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ 165 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \
148 instruction_pointer) + 0) 166 instruction_pointer) + 0)
149 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ 167 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \
150 8*(nr) + 4) 168 8*(nr) + 4)
151 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ 169 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \
152 8*(nr) + 0) 170 8*(nr) + 0)
153 171
172 typedef user_regs_struct regs_struct;
173 #define SECCOMP_PT_RESULT(_regs) (_regs).rax
174 #define SECCOMP_PT_SYSCALL(_regs) (_regs).orig_rax
175 #define SECCOMP_PT_IP(_regs) (_regs).rip
176 #define SECCOMP_PT_PARM1(_regs) (_regs).rdi
177 #define SECCOMP_PT_PARM2(_regs) (_regs).rsi
178 #define SECCOMP_PT_PARM3(_regs) (_regs).rdx
179 #define SECCOMP_PT_PARM4(_regs) (_regs).r10
180 #define SECCOMP_PT_PARM5(_regs) (_regs).r8
181 #define SECCOMP_PT_PARM6(_regs) (_regs).r9
182
154 #elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__)) 183 #elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
155 // ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|, 184 // ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|,
156 // and a "ghost syscall private to the kernel", cmpxchg, 185 // and a "ghost syscall private to the kernel", cmpxchg,
157 // at |__ARM_NR_BASE+0x00fff0|. 186 // at |__ARM_NR_BASE+0x00fff0|.
158 // See </arch/arm/include/asm/unistd.h> in the Linux kernel. 187 // See </arch/arm/include/asm/unistd.h> in the Linux kernel.
159 #define MIN_SYSCALL ((unsigned int)__NR_SYSCALL_BASE) 188 #define MIN_SYSCALL ((unsigned int)__NR_SYSCALL_BASE)
160 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + 1024u) 189 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + 1024u)
161 #define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE) 190 #define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE)
162 #define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u) 191 #define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u)
163 #define MIN_GHOST_SYSCALL ((unsigned int)__ARM_NR_BASE + 0xfff0u) 192 #define MIN_GHOST_SYSCALL ((unsigned int)__ARM_NR_BASE + 0xfff0u)
(...skipping 18 matching lines...) Expand all
182 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) 211 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch))
183 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ 212 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \
184 instruction_pointer) + 4) 213 instruction_pointer) + 4)
185 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ 214 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \
186 instruction_pointer) + 0) 215 instruction_pointer) + 0)
187 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ 216 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \
188 8*(nr) + 4) 217 8*(nr) + 4)
189 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ 218 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \
190 8*(nr) + 0) 219 8*(nr) + 0)
191 220
221 #if defined(__BIONIC__)
222 // Old Bionic versions don't have sys/user.h, so we just define regs_struct
223 // directly. This can be removed once we no longer need to support these old
224 // Bionic versions.
225 struct regs_struct {
226 unsigned long uregs[18];
227 };
228 #else
229 typedef user_regs regs_struct;
230 #endif
231
232 #define REG_cpsr uregs[16]
233 #define REG_pc uregs[15]
234 #define REG_lr uregs[14]
235 #define REG_sp uregs[13]
236 #define REG_ip uregs[12]
237 #define REG_fp uregs[11]
238 #define REG_r10 uregs[10]
239 #define REG_r9 uregs[9]
240 #define REG_r8 uregs[8]
241 #define REG_r7 uregs[7]
242 #define REG_r6 uregs[6]
243 #define REG_r5 uregs[5]
244 #define REG_r4 uregs[4]
245 #define REG_r3 uregs[3]
246 #define REG_r2 uregs[2]
247 #define REG_r1 uregs[1]
248 #define REG_r0 uregs[0]
249 #define REG_ORIG_r0 uregs[17]
250
251 #define SECCOMP_PT_RESULT(_regs) (_regs).REG_r0
252 #define SECCOMP_PT_SYSCALL(_regs) (_regs).REG_r7
253 #define SECCOMP_PT_IP(_regs) (_regs).REG_pc
254 #define SECCOMP_PT_PARM1(_regs) (_regs).REG_r0
255 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_r1
256 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_r2
257 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_r3
258 #define SECCOMP_PT_PARM5(_regs) (_regs).REG_r4
259 #define SECCOMP_PT_PARM6(_regs) (_regs).REG_r5
260
192 #else 261 #else
193 #error Unsupported target platform 262 #error Unsupported target platform
194 263
195 #endif 264 #endif
196 265
197 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ 266 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/errorcode_unittest.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698