sandbox/linux/seccomp-bpf/sandbox_bpf.h - Issue 293993006: Revert of Remove SandboxBPF's dependency on CompatibilityPolicy

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.h

Issue 293993006: Revert of Remove SandboxBPF's dependency on CompatibilityPolicy (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/seccomp-bpf/sandbox_bpf.h

diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h

index 9bb414a61e6a98913973bfb1b3d4a8f4fb5558e4..923a9f3b1752535d45e966cdb9515cca0e394c2a 100644

--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h

+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h

@@ -65,6 +65,14 @@

PROCESS_MULTI_THREADED, // The program may be multi-threaded.

};

+ // When calling setSandboxPolicy(), the caller can provide an arbitrary

+ // pointer in |aux|. This pointer will then be forwarded to the sandbox

+ // policy each time a call is made through an EvaluateSyscall function

+ // pointer. One common use case would be to pass the "aux" pointer as an

+ // argument to Trap() functions.

+ typedef ErrorCode (*EvaluateSyscall)(SandboxBPF* sandbox_compiler,

+ int system_call_number,

+ void* aux);

// A vector of BPF instructions that need to be installed as a filter

// program in the kernel.

typedef std::vector<struct sock_filter> Program;

@@ -100,6 +108,20 @@

// The sandbox becomes the new owner of this file descriptor and will

// eventually close it when "StartSandbox()" executes.

void set_proc_fd(int proc_fd);

+ // The system call evaluator function is called with the system

+ // call number. It can decide to allow the system call unconditionally

+ // by returning ERR_ALLOWED; it can deny the system call unconditionally by

+ // returning an appropriate "errno" value; or it can request inspection

+ // of system call argument(s) by returning a suitable ErrorCode.

+ // The "aux" parameter can be used to pass optional data to the system call

+ // evaluator. There are different possible uses for this data, but one of the

+ // use cases would be for the policy to then forward this pointer to a Trap()

+ // handler. In this case, of course, the data that is pointed to must remain

+ // valid for the entire time that Trap() handlers can be called; typically,

+ // this would be the lifetime of the program.

+ // DEPRECATED: use the policy interface below.

+ void SetSandboxPolicyDeprecated(EvaluateSyscall syscallEvaluator, void* aux);

// Set the BPF policy as |policy|. Ownership of |policy| is transfered here

// to the sandbox object.

@@ -207,7 +229,8 @@

// policy. The caller has to make sure that "this" has not yet been

// initialized with any other policies.

bool RunFunctionInPolicy(void (*code_in_sandbox)(),

- scoped_ptr<SandboxBPFPolicy> policy);

+ EvaluateSyscall syscall_evaluator,

+ void* aux);

// Performs a couple of sanity checks to verify that the kernel supports the

// features that we need for successful sandboxing.

« no previous file with comments | « sandbox/linux/seccomp-bpf/demo.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('j') | no next file with comments »