OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
7 | 7 |
8 // The Seccomp2 kernel ABI is not part of older versions of glibc. | 8 // The Seccomp2 kernel ABI is not part of older versions of glibc. |
9 // As we can't break compilation with these versions of the library, | 9 // As we can't break compilation with these versions of the library, |
10 // we explicitly define all missing symbols. | 10 // we explicitly define all missing symbols. |
11 // If we ever decide that we can now rely on system headers, the following | 11 // If we ever decide that we can now rely on system headers, the following |
12 // include files should be enabled: | 12 // include files should be enabled: |
13 // #include <linux/audit.h> | 13 // #include <linux/audit.h> |
14 // #include <linux/seccomp.h> | 14 // #include <linux/seccomp.h> |
15 | 15 |
16 #include <asm/unistd.h> | 16 #include <asm/unistd.h> |
17 #include <linux/filter.h> | 17 #include <linux/filter.h> |
18 | 18 |
| 19 // Old Bionic versions do not have sys/user.h. The if can be removed once we no |
| 20 // longer need to support these old Bionic versions. |
| 21 #include <sys/cdefs.h> |
| 22 #if !defined(__BIONIC__) |
| 23 #include <sys/user.h> |
| 24 #endif |
| 25 |
19 // For audit.h | 26 // For audit.h |
20 #ifndef EM_ARM | 27 #ifndef EM_ARM |
21 #define EM_ARM 40 | 28 #define EM_ARM 40 |
22 #endif | 29 #endif |
23 #ifndef EM_386 | 30 #ifndef EM_386 |
24 #define EM_386 3 | 31 #define EM_386 3 |
25 #endif | 32 #endif |
26 #ifndef EM_X86_64 | 33 #ifndef EM_X86_64 |
27 #define EM_X86_64 62 | 34 #define EM_X86_64 62 |
28 #endif | 35 #endif |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
117 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) | 124 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) |
118 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ | 125 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ |
119 instruction_pointer) + 4) | 126 instruction_pointer) + 4) |
120 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ | 127 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ |
121 instruction_pointer) + 0) | 128 instruction_pointer) + 0) |
122 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 129 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
123 8*(nr) + 4) | 130 8*(nr) + 4) |
124 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 131 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
125 8*(nr) + 0) | 132 8*(nr) + 0) |
126 | 133 |
| 134 typedef user_regs_struct regs_struct; |
| 135 #define SECCOMP_PT_RESULT(_regs) (_regs).eax |
| 136 #define SECCOMP_PT_SYSCALL(_regs) (_regs).orig_eax |
| 137 #define SECCOMP_PT_IP(_regs) (_regs).eip |
| 138 #define SECCOMP_PT_PARM1(_regs) (_regs).ebx |
| 139 #define SECCOMP_PT_PARM2(_regs) (_regs).ecx |
| 140 #define SECCOMP_PT_PARM3(_regs) (_regs).edx |
| 141 #define SECCOMP_PT_PARM4(_regs) (_regs).esi |
| 142 #define SECCOMP_PT_PARM5(_regs) (_regs).edi |
| 143 #define SECCOMP_PT_PARM6(_regs) (_regs).ebp |
| 144 |
127 #elif defined(__x86_64__) | 145 #elif defined(__x86_64__) |
128 #define MIN_SYSCALL 0u | 146 #define MIN_SYSCALL 0u |
129 #define MAX_PUBLIC_SYSCALL 1024u | 147 #define MAX_PUBLIC_SYSCALL 1024u |
130 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL | 148 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL |
131 #define SECCOMP_ARCH AUDIT_ARCH_X86_64 | 149 #define SECCOMP_ARCH AUDIT_ARCH_X86_64 |
132 | 150 |
133 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)]) | 151 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)]) |
134 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, REG_RAX) | 152 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, REG_RAX) |
135 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, REG_RAX) | 153 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, REG_RAX) |
136 #define SECCOMP_IP(_ctx) SECCOMP_REG(_ctx, REG_RIP) | 154 #define SECCOMP_IP(_ctx) SECCOMP_REG(_ctx, REG_RIP) |
137 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, REG_RDI) | 155 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, REG_RDI) |
138 #define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, REG_RSI) | 156 #define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, REG_RSI) |
139 #define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, REG_RDX) | 157 #define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, REG_RDX) |
140 #define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, REG_R10) | 158 #define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, REG_R10) |
141 #define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, REG_R8) | 159 #define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, REG_R8) |
142 #define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, REG_R9) | 160 #define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, REG_R9) |
143 #define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr)) | 161 #define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr)) |
144 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) | 162 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) |
145 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ | 163 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ |
146 instruction_pointer) + 4) | 164 instruction_pointer) + 4) |
147 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ | 165 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ |
148 instruction_pointer) + 0) | 166 instruction_pointer) + 0) |
149 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 167 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
150 8*(nr) + 4) | 168 8*(nr) + 4) |
151 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 169 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
152 8*(nr) + 0) | 170 8*(nr) + 0) |
153 | 171 |
| 172 typedef user_regs_struct regs_struct; |
| 173 #define SECCOMP_PT_RESULT(_regs) (_regs).rax |
| 174 #define SECCOMP_PT_SYSCALL(_regs) (_regs).orig_rax |
| 175 #define SECCOMP_PT_IP(_regs) (_regs).rip |
| 176 #define SECCOMP_PT_PARM1(_regs) (_regs).rdi |
| 177 #define SECCOMP_PT_PARM2(_regs) (_regs).rsi |
| 178 #define SECCOMP_PT_PARM3(_regs) (_regs).rdx |
| 179 #define SECCOMP_PT_PARM4(_regs) (_regs).r10 |
| 180 #define SECCOMP_PT_PARM5(_regs) (_regs).r8 |
| 181 #define SECCOMP_PT_PARM6(_regs) (_regs).r9 |
| 182 |
154 #elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__)) | 183 #elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__)) |
155 // ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|, | 184 // ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|, |
156 // and a "ghost syscall private to the kernel", cmpxchg, | 185 // and a "ghost syscall private to the kernel", cmpxchg, |
157 // at |__ARM_NR_BASE+0x00fff0|. | 186 // at |__ARM_NR_BASE+0x00fff0|. |
158 // See </arch/arm/include/asm/unistd.h> in the Linux kernel. | 187 // See </arch/arm/include/asm/unistd.h> in the Linux kernel. |
159 #define MIN_SYSCALL ((unsigned int)__NR_SYSCALL_BASE) | 188 #define MIN_SYSCALL ((unsigned int)__NR_SYSCALL_BASE) |
160 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + 1024u) | 189 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + 1024u) |
161 #define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE) | 190 #define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE) |
162 #define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u) | 191 #define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u) |
163 #define MIN_GHOST_SYSCALL ((unsigned int)__ARM_NR_BASE + 0xfff0u) | 192 #define MIN_GHOST_SYSCALL ((unsigned int)__ARM_NR_BASE + 0xfff0u) |
(...skipping 18 matching lines...) Expand all Loading... |
182 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) | 211 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) |
183 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ | 212 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ |
184 instruction_pointer) + 4) | 213 instruction_pointer) + 4) |
185 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ | 214 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ |
186 instruction_pointer) + 0) | 215 instruction_pointer) + 0) |
187 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 216 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
188 8*(nr) + 4) | 217 8*(nr) + 4) |
189 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 218 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
190 8*(nr) + 0) | 219 8*(nr) + 0) |
191 | 220 |
| 221 #if defined(__BIONIC__) |
| 222 // Old Bionic versions don't have sys/user.h, so we just define regs_struct |
| 223 // directly. This can be removed once we no longer need to support these old |
| 224 // Bionic versions. |
| 225 struct regs_struct { |
| 226 unsigned long uregs[18]; |
| 227 }; |
| 228 #else |
| 229 typedef user_regs regs_struct; |
| 230 #endif |
| 231 |
| 232 #define REG_cpsr uregs[16] |
| 233 #define REG_pc uregs[15] |
| 234 #define REG_lr uregs[14] |
| 235 #define REG_sp uregs[13] |
| 236 #define REG_ip uregs[12] |
| 237 #define REG_fp uregs[11] |
| 238 #define REG_r10 uregs[10] |
| 239 #define REG_r9 uregs[9] |
| 240 #define REG_r8 uregs[8] |
| 241 #define REG_r7 uregs[7] |
| 242 #define REG_r6 uregs[6] |
| 243 #define REG_r5 uregs[5] |
| 244 #define REG_r4 uregs[4] |
| 245 #define REG_r3 uregs[3] |
| 246 #define REG_r2 uregs[2] |
| 247 #define REG_r1 uregs[1] |
| 248 #define REG_r0 uregs[0] |
| 249 #define REG_ORIG_r0 uregs[17] |
| 250 |
| 251 #define SECCOMP_PT_RESULT(_regs) (_regs).REG_r0 |
| 252 #define SECCOMP_PT_SYSCALL(_regs) (_regs).REG_r7 |
| 253 #define SECCOMP_PT_IP(_regs) (_regs).REG_pc |
| 254 #define SECCOMP_PT_PARM1(_regs) (_regs).REG_r0 |
| 255 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_r1 |
| 256 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_r2 |
| 257 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_r3 |
| 258 #define SECCOMP_PT_PARM5(_regs) (_regs).REG_r4 |
| 259 #define SECCOMP_PT_PARM6(_regs) (_regs).REG_r5 |
| 260 |
192 #else | 261 #else |
193 #error Unsupported target platform | 262 #error Unsupported target platform |
194 | 263 |
195 #endif | 264 #endif |
196 | 265 |
197 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 266 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
OLD | NEW |