OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "build/build_config.h" | 9 #include "build/build_config.h" |
10 #include "sandbox/linux/sandbox_export.h" | 10 #include "sandbox/linux/sandbox_export.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 static bool IsDeniedFileSystemAccessViaFd(int sysno); | 30 static bool IsDeniedFileSystemAccessViaFd(int sysno); |
31 static bool IsGetSimpleId(int sysno); | 31 static bool IsGetSimpleId(int sysno); |
32 static bool IsProcessPrivilegeChange(int sysno); | 32 static bool IsProcessPrivilegeChange(int sysno); |
33 static bool IsProcessGroupOrSession(int sysno); | 33 static bool IsProcessGroupOrSession(int sysno); |
34 static bool IsAllowedSignalHandling(int sysno); | 34 static bool IsAllowedSignalHandling(int sysno); |
35 static bool IsAllowedOperationOnFd(int sysno); | 35 static bool IsAllowedOperationOnFd(int sysno); |
36 static bool IsKernelInternalApi(int sysno); | 36 static bool IsKernelInternalApi(int sysno); |
37 // This should be thought through in conjunction with IsFutex(). | 37 // This should be thought through in conjunction with IsFutex(). |
38 static bool IsAllowedProcessStartOrDeath(int sysno); | 38 static bool IsAllowedProcessStartOrDeath(int sysno); |
39 // It's difficult to restrict those, but there is attack surface here. | 39 // It's difficult to restrict those, but there is attack surface here. |
40 static bool IsFutex(int sysno); | 40 static bool IsAllowedFutex(int sysno); |
41 static bool IsAllowedEpoll(int sysno); | 41 static bool IsAllowedEpoll(int sysno); |
42 static bool IsAllowedGetOrModifySocket(int sysno); | 42 static bool IsAllowedGetOrModifySocket(int sysno); |
43 static bool IsDeniedGetOrModifySocket(int sysno); | 43 static bool IsDeniedGetOrModifySocket(int sysno); |
44 | 44 |
45 #if defined(__i386__) | 45 #if defined(__i386__) |
46 // Big multiplexing system call for sockets. | 46 // Big multiplexing system call for sockets. |
47 static bool IsSocketCall(int sysno); | 47 static bool IsSocketCall(int sysno); |
48 #endif | 48 #endif |
49 | 49 |
50 #if defined(__x86_64__) || defined(__arm__) | 50 #if defined(__x86_64__) || defined(__arm__) |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
97 static bool IsArmPciConfig(int sysno); | 97 static bool IsArmPciConfig(int sysno); |
98 static bool IsArmPrivate(int sysno); | 98 static bool IsArmPrivate(int sysno); |
99 #endif // defined(__arm__) | 99 #endif // defined(__arm__) |
100 private: | 100 private: |
101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); | 101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); |
102 }; | 102 }; |
103 | 103 |
104 } // namespace sandbox. | 104 } // namespace sandbox. |
105 | 105 |
106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
OLD | NEW |