sandbox/linux/seccomp-bpf-helpers/syscall_sets.h - Issue 315383003: Linux sandbox: restrict prctl in the baseline.

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_sets.h

Issue 315383003: Linux sandbox: restrict prctl in the baseline. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Android header workaround. Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc » ('j') | no next file with comments »

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

7	7

8 #include "base/basictypes.h"	8 #include "base/basictypes.h"

9 #include "build/build_config.h"	9 #include "build/build_config.h"

10 #include "sandbox/sandbox_export.h"	10 #include "sandbox/sandbox_export.h"

(...skipping 35 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
46 // Big multiplexing system call for sockets.	46 // Big multiplexing system call for sockets.

47 static bool IsSocketCall(int sysno);	47 static bool IsSocketCall(int sysno);

48 #endif	48 #endif

49	49

50 #if defined(__x86_64__) \|\| defined(__arm__)	50 #if defined(__x86_64__) \|\| defined(__arm__)

51 static bool IsNetworkSocketInformation(int sysno);	51 static bool IsNetworkSocketInformation(int sysno);

52 #endif	52 #endif

53	53

54 static bool IsAllowedAddressSpaceAccess(int sysno);	54 static bool IsAllowedAddressSpaceAccess(int sysno);

55 static bool IsAllowedGeneralIo(int sysno);	55 static bool IsAllowedGeneralIo(int sysno);

56 static bool IsAllowedPrctl(int sysno);	56 static bool IsPrctl(int sysno);

57 static bool IsAllowedBasicScheduler(int sysno);	57 static bool IsAllowedBasicScheduler(int sysno);

58 static bool IsAdminOperation(int sysno);	58 static bool IsAdminOperation(int sysno);

59 static bool IsKernelModule(int sysno);	59 static bool IsKernelModule(int sysno);

60 static bool IsGlobalFSViewChange(int sysno);	60 static bool IsGlobalFSViewChange(int sysno);

61 static bool IsFsControl(int sysno);	61 static bool IsFsControl(int sysno);

62 static bool IsNuma(int sysno);	62 static bool IsNuma(int sysno);

63 static bool IsMessageQueue(int sysno);	63 static bool IsMessageQueue(int sysno);

64 static bool IsGlobalProcessEnvironment(int sysno);	64 static bool IsGlobalProcessEnvironment(int sysno);

65 static bool IsDebug(int sysno);	65 static bool IsDebug(int sysno);

66 static bool IsGlobalSystemStatus(int sysno);	66 static bool IsGlobalSystemStatus(int sysno);

(...skipping 30 matching lines...) Expand all Loading...
97 static bool IsArmPciConfig(int sysno);	97 static bool IsArmPciConfig(int sysno);

98 static bool IsArmPrivate(int sysno);	98 static bool IsArmPrivate(int sysno);

99 #endif // defined(__arm__)	99 #endif // defined(__arm__)

100 private:	100 private:

101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);	101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);

102 };	102 };

103	103

104 } // namespace sandbox.	104 } // namespace sandbox.

105	105

106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

OLD	NEW