sandbox/linux/seccomp-bpf-helpers/syscall_sets.h - Issue 317373003: Merge 274934 "Linux sandbox: restrict futex operations."

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_sets.h

Issue 317373003: Merge 274934 "Linux sandbox: restrict futex operations." (Closed) Base URL: svn://svn.chromium.org/chrome/branches/1985/src/

Patch Set: Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

7	7

8 #include "base/basictypes.h"	8 #include "base/basictypes.h"

9 #include "build/build_config.h"	9 #include "build/build_config.h"

10 #include "sandbox/linux/sandbox_export.h"	10 #include "sandbox/linux/sandbox_export.h"

(...skipping 19 matching lines...) Expand all Loading...
30 static bool IsDeniedFileSystemAccessViaFd(int sysno);	30 static bool IsDeniedFileSystemAccessViaFd(int sysno);

31 static bool IsGetSimpleId(int sysno);	31 static bool IsGetSimpleId(int sysno);

32 static bool IsProcessPrivilegeChange(int sysno);	32 static bool IsProcessPrivilegeChange(int sysno);

33 static bool IsProcessGroupOrSession(int sysno);	33 static bool IsProcessGroupOrSession(int sysno);

34 static bool IsAllowedSignalHandling(int sysno);	34 static bool IsAllowedSignalHandling(int sysno);

35 static bool IsAllowedOperationOnFd(int sysno);	35 static bool IsAllowedOperationOnFd(int sysno);

36 static bool IsKernelInternalApi(int sysno);	36 static bool IsKernelInternalApi(int sysno);

37 // This should be thought through in conjunction with IsFutex().	37 // This should be thought through in conjunction with IsFutex().

38 static bool IsAllowedProcessStartOrDeath(int sysno);	38 static bool IsAllowedProcessStartOrDeath(int sysno);

39 // It's difficult to restrict those, but there is attack surface here.	39 // It's difficult to restrict those, but there is attack surface here.

40 static bool IsFutex(int sysno);	40 static bool IsAllowedFutex(int sysno);

41 static bool IsAllowedEpoll(int sysno);	41 static bool IsAllowedEpoll(int sysno);

42 static bool IsAllowedGetOrModifySocket(int sysno);	42 static bool IsAllowedGetOrModifySocket(int sysno);

43 static bool IsDeniedGetOrModifySocket(int sysno);	43 static bool IsDeniedGetOrModifySocket(int sysno);

44	44

45 #if defined(__i386__)	45 #if defined(__i386__)

46 // Big multiplexing system call for sockets.	46 // Big multiplexing system call for sockets.

47 static bool IsSocketCall(int sysno);	47 static bool IsSocketCall(int sysno);

48 #endif	48 #endif

49	49

50 #if defined(__x86_64__) \|\| defined(__arm__)	50 #if defined(__x86_64__) \|\| defined(__arm__)

(...skipping 46 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
97 static bool IsArmPciConfig(int sysno);	97 static bool IsArmPciConfig(int sysno);

98 static bool IsArmPrivate(int sysno);	98 static bool IsArmPrivate(int sysno);

99 #endif // defined(__arm__)	99 #endif // defined(__arm__)

100 private:	100 private:

101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);	101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);

102 };	102 };

103	103

104 } // namespace sandbox.	104 } // namespace sandbox.

105	105

106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_	106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

OLD	NEW