| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <asm/unistd.h> | |
| 6 #include "sandbox_impl.h" | |
| 7 #include "syscall_table.h" | |
| 8 | |
| 9 #if defined(__x86_64__) | |
| 10 #ifndef __NR_set_robust_list | |
| 11 #define __NR_set_robust_list 273 | |
| 12 #endif | |
| 13 #ifndef __NR_accept4 | |
| 14 #define __NR_accept4 288 | |
| 15 #endif | |
| 16 #elif defined(__i386__) | |
| 17 #ifndef __NR_set_robust_list | |
| 18 #define __NR_set_robust_list 311 | |
| 19 #endif | |
| 20 #else | |
| 21 #error Unsupported target platform | |
| 22 #endif | |
| 23 | |
| 24 // TODO(markus): This is an incredibly dirty hack to make the syscallTable | |
| 25 // live in r/o memory. | |
| 26 // Unfortunately, gcc doesn't give us a clean option to do | |
| 27 // this. Ultimately, we should probably write some code that | |
| 28 // parses /usr/include/asm/unistd*.h and generates a *.S file. | |
| 29 // But we then need to figure out how to integrate this code | |
| 30 // with our build system. | |
| 31 | |
| 32 const struct SyscallTable syscallTable[] __attribute__(( | |
| 33 section(".rodata, \"a\", @progbits\n#"))) ={ | |
| 34 | |
| 35 #if defined(__NR_accept) | |
| 36 [ __NR_accept ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 37 [ __NR_accept4 ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 38 #endif | |
| 39 [ __NR_access ] = { (void*)&sandbox_access, process_access }, | |
| 40 [ __NR_brk ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 41 [ __NR_clock_gettime ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 42 [ __NR_clone ] = { (void*)&sandbox_clone, process_clone }, | |
| 43 [ __NR_close ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 44 [ __NR_dup ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 45 [ __NR_dup2 ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 46 [ __NR_epoll_create ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 47 [ __NR_epoll_ctl ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 48 [ __NR_epoll_wait ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 49 [ __NR_exit ] = { (void*)&sandbox_exit, process_exit }, | |
| 50 [ __NR_exit_group ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 51 [ __NR_fcntl ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 52 #if defined(__NR_fcntl64) | |
| 53 [ __NR_fcntl64 ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 54 #endif | |
| 55 [ __NR_fstat ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 56 #if defined(__NR_fstat64) | |
| 57 [ __NR_fstat64 ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 58 #endif | |
| 59 [ __NR_futex ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 60 [ __NR_getdents ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 61 [ __NR_getdents64 ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 62 #if defined(__NR_getpeername) | |
| 63 [ __NR_getpeername ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 64 #endif | |
| 65 [ __NR_getpid ] = { (void*)&sandbox_getpid, 0 }, | |
| 66 #if defined(__NR_getsockname) | |
| 67 [ __NR_getsockname ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 68 [ __NR_getsockopt ] = { (void*)&sandbox_getsockopt,process_getsockopt }, | |
| 69 #endif | |
| 70 [ __NR_gettid ] = { (void*)&sandbox_gettid, 0 }, | |
| 71 [ __NR_gettimeofday ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 72 [ __NR_ioctl ] = { (void*)&sandbox_ioctl, process_ioctl }, | |
| 73 #if defined(__NR_ipc) | |
| 74 [ __NR_ipc ] = { (void*)&sandbox_ipc, process_ipc }, | |
| 75 #endif | |
| 76 #if defined(__NR__llseek) | |
| 77 [ __NR__llseek ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 78 #endif | |
| 79 [ __NR_lseek ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 80 [ __NR_lstat ] = { (void*)&sandbox_lstat, process_stat }, | |
| 81 #if defined(__NR_lstat64) | |
| 82 [ __NR_lstat64 ] = { (void*)&sandbox_lstat64, process_stat }, | |
| 83 #endif | |
| 84 [ __NR_madvise ] = { (void*)&sandbox_madvise, process_madvise }, | |
| 85 #if defined(__NR_mmap2) | |
| 86 [ __NR_mmap2 ] = | |
| 87 #else | |
| 88 [ __NR_mmap ] = | |
| 89 #endif | |
| 90 { (void*)&sandbox_mmap, process_mmap }, | |
| 91 [ __NR_mprotect ] = { (void*)&sandbox_mprotect, process_mprotect }, | |
| 92 [ __NR_munmap ] = { (void*)&sandbox_munmap, process_munmap }, | |
| 93 [ __NR_open ] = { (void*)&sandbox_open, process_open }, | |
| 94 [ __NR_pipe ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 95 [ __NR_poll ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 96 #if defined(__NR_recvfrom) | |
| 97 [ __NR_recvfrom ] = { (void*)&sandbox_recvfrom, process_recvfrom }, | |
| 98 [ __NR_recvmsg ] = { (void*)&sandbox_recvmsg, process_recvmsg }, | |
| 99 #endif | |
| 100 #if defined(__NR_rt_sigaction) | |
| 101 [ __NR_rt_sigaction ] = { (void*)&sandbox_rt_sigaction,process_sigaction}, | |
| 102 #endif | |
| 103 #if defined(__NR_rt_sigprocmask) | |
| 104 [ __NR_rt_sigprocmask ] = { (void*)&sandbox_rt_sigprocmask, 0 }, | |
| 105 #endif | |
| 106 #if defined(__NR_sendmsg) | |
| 107 [ __NR_sendmsg ] = { (void*)&sandbox_sendmsg, process_sendmsg }, | |
| 108 [ __NR_sendto ] = { (void*)&sandbox_sendto, process_sendto }, | |
| 109 #endif | |
| 110 [ __NR_set_robust_list ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 111 #if defined(__NR_setsockopt) | |
| 112 [ __NR_setsockopt ] = { (void*)&sandbox_setsockopt,process_setsockopt }, | |
| 113 #endif | |
| 114 #if defined(__NR_shmat) | |
| 115 [ __NR_shmat ] = { (void*)&sandbox_shmat, process_shmat }, | |
| 116 [ __NR_shmctl ] = { (void*)&sandbox_shmctl, process_shmctl }, | |
| 117 [ __NR_shmdt ] = { (void*)&sandbox_shmdt, process_shmdt }, | |
| 118 [ __NR_shmget ] = { (void*)&sandbox_shmget, process_shmget }, | |
| 119 #endif | |
| 120 #if defined(__NR_shutdown) | |
| 121 [ __NR_shutdown ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 122 #endif | |
| 123 #if defined(__NR_sigaction) | |
| 124 [ __NR_sigaction ] = { (void*)&sandbox_sigaction,process_sigaction }, | |
| 125 #endif | |
| 126 #if defined(__NR_signal) | |
| 127 [ __NR_signal ] = { (void*)&sandbox_signal, process_sigaction }, | |
| 128 #endif | |
| 129 #if defined(__NR_sigprocmask) | |
| 130 [ __NR_sigprocmask ] = { (void*)&sandbox_sigprocmask, 0 }, | |
| 131 #endif | |
| 132 #if defined(__NR_socketpair) | |
| 133 [ __NR_socketpair ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 134 #endif | |
| 135 #if defined(__NR_socketcall) | |
| 136 [ __NR_socketcall ] = { (void*)&sandbox_socketcall,process_socketcall }, | |
| 137 #endif | |
| 138 [ __NR_stat ] = { (void*)&sandbox_stat, process_stat }, | |
| 139 #if defined(__NR_stat64) | |
| 140 [ __NR_stat64 ] = { (void*)&sandbox_stat64, process_stat }, | |
| 141 #endif | |
| 142 [ __NR_time ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 143 [ __NR_uname ] = { UNRESTRICTED_SYSCALL, 0 }, | |
| 144 }; | |
| 145 const unsigned maxSyscall __attribute__((section(".rodata"))) = | |
| 146 sizeof(syscallTable)/sizeof(struct SyscallTable); | |
| 147 | |
| 148 const int syscall_mutex_[4096/sizeof(int)] asm("playground$syscall_mutex") | |
| 149 __attribute__((section(".rodata"),aligned(4096) | |
| 150 #if defined(__x86_64__) | |
| 151 ,visibility("internal") | |
| 152 #endif | |
| 153 )) = { 0x80000000 }; | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3225010:
Pull seccomp-sandbox in via DEPS rather than using an in-tree copy... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/