OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
7 | 7 |
8 // The Seccomp2 kernel ABI is not part of older versions of glibc. | 8 // The Seccomp2 kernel ABI is not part of older versions of glibc. |
9 // As we can't break compilation with these versions of the library, | 9 // As we can't break compilation with these versions of the library, |
10 // we explicitly define all missing symbols. | 10 // we explicitly define all missing symbols. |
(...skipping 24 matching lines...) Expand all Loading... |
35 #endif | 35 #endif |
36 #ifndef EM_386 | 36 #ifndef EM_386 |
37 #define EM_386 3 | 37 #define EM_386 3 |
38 #endif | 38 #endif |
39 #ifndef EM_X86_64 | 39 #ifndef EM_X86_64 |
40 #define EM_X86_64 62 | 40 #define EM_X86_64 62 |
41 #endif | 41 #endif |
42 #ifndef EM_MIPS | 42 #ifndef EM_MIPS |
43 #define EM_MIPS 8 | 43 #define EM_MIPS 8 |
44 #endif | 44 #endif |
| 45 #ifndef EM_AARCH64 |
| 46 #define EM_AARCH64 183 |
| 47 #endif |
45 | 48 |
46 #ifndef __AUDIT_ARCH_64BIT | 49 #ifndef __AUDIT_ARCH_64BIT |
47 #define __AUDIT_ARCH_64BIT 0x80000000 | 50 #define __AUDIT_ARCH_64BIT 0x80000000 |
48 #endif | 51 #endif |
49 #ifndef __AUDIT_ARCH_LE | 52 #ifndef __AUDIT_ARCH_LE |
50 #define __AUDIT_ARCH_LE 0x40000000 | 53 #define __AUDIT_ARCH_LE 0x40000000 |
51 #endif | 54 #endif |
52 #ifndef AUDIT_ARCH_ARM | 55 #ifndef AUDIT_ARCH_ARM |
53 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) | 56 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) |
54 #endif | 57 #endif |
55 #ifndef AUDIT_ARCH_I386 | 58 #ifndef AUDIT_ARCH_I386 |
56 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) | 59 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) |
57 #endif | 60 #endif |
58 #ifndef AUDIT_ARCH_X86_64 | 61 #ifndef AUDIT_ARCH_X86_64 |
59 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) | 62 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) |
60 #endif | 63 #endif |
61 #ifndef AUDIT_ARCH_MIPSEL | 64 #ifndef AUDIT_ARCH_MIPSEL |
62 #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) | 65 #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) |
63 #endif | 66 #endif |
| 67 #ifndef AUDIT_ARCH_AARCH64 |
| 68 #define AUDIT_ARCH_AARCH64 (EM_AARCH64 | __AUDIT_ARCH_64BIT | __AUDIT_ARCH_LE) |
| 69 #endif |
64 | 70 |
65 // For prctl.h | 71 // For prctl.h |
66 #ifndef PR_SET_SECCOMP | 72 #ifndef PR_SET_SECCOMP |
67 #define PR_SET_SECCOMP 22 | 73 #define PR_SET_SECCOMP 22 |
68 #define PR_GET_SECCOMP 21 | 74 #define PR_GET_SECCOMP 21 |
69 #endif | 75 #endif |
70 #ifndef PR_SET_NO_NEW_PRIVS | 76 #ifndef PR_SET_NO_NEW_PRIVS |
71 #define PR_SET_NO_NEW_PRIVS 38 | 77 #define PR_SET_NO_NEW_PRIVS 38 |
72 #define PR_GET_NO_NEW_PRIVS 39 | 78 #define PR_GET_NO_NEW_PRIVS 39 |
73 #endif | 79 #endif |
(...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
347 #define REG_v1 regs[3] | 353 #define REG_v1 regs[3] |
348 #define REG_v0 regs[2] | 354 #define REG_v0 regs[2] |
349 | 355 |
350 #define SECCOMP_PT_RESULT(_regs) (_regs).REG_v0 | 356 #define SECCOMP_PT_RESULT(_regs) (_regs).REG_v0 |
351 #define SECCOMP_PT_SYSCALL(_regs) (_regs).REG_v0 | 357 #define SECCOMP_PT_SYSCALL(_regs) (_regs).REG_v0 |
352 #define SECCOMP_PT_PARM1(_regs) (_regs).REG_a0 | 358 #define SECCOMP_PT_PARM1(_regs) (_regs).REG_a0 |
353 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_a1 | 359 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_a1 |
354 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_a2 | 360 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_a2 |
355 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_a3 | 361 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_a3 |
356 | 362 |
| 363 #elif defined(__aarch64__) |
| 364 struct regs_struct { |
| 365 unsigned long long regs[31]; |
| 366 unsigned long long sp; |
| 367 unsigned long long pc; |
| 368 unsigned long long pstate; |
| 369 }; |
| 370 |
| 371 #define MIN_SYSCALL 0u |
| 372 #define MAX_PUBLIC_SYSCALL 279u |
| 373 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL |
| 374 #define SECCOMP_ARCH AUDIT_ARCH_AARCH64 |
| 375 |
| 376 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.regs[_reg]) |
| 377 |
| 378 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, 0) |
| 379 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, 8) |
| 380 #define SECCOMP_IP(_ctx) (_ctx)->uc_mcontext.pc |
| 381 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, 0) |
| 382 #define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, 1) |
| 383 #define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, 2) |
| 384 #define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, 3) |
| 385 #define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, 4) |
| 386 #define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, 5) |
| 387 |
| 388 #define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr)) |
| 389 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) |
| 390 #define SECCOMP_IP_MSB_IDX \ |
| 391 (offsetof(struct arch_seccomp_data, instruction_pointer) + 4) |
| 392 #define SECCOMP_IP_LSB_IDX \ |
| 393 (offsetof(struct arch_seccomp_data, instruction_pointer) + 0) |
| 394 #define SECCOMP_ARG_MSB_IDX(nr) \ |
| 395 (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 4) |
| 396 #define SECCOMP_ARG_LSB_IDX(nr) \ |
| 397 (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 0) |
| 398 |
| 399 #define SECCOMP_PT_RESULT(_regs) (_regs).regs[0] |
| 400 #define SECCOMP_PT_SYSCALL(_regs) (_regs).regs[8] |
| 401 #define SECCOMP_PT_IP(_regs) (_regs).pc |
| 402 #define SECCOMP_PT_PARM1(_regs) (_regs).regs[0] |
| 403 #define SECCOMP_PT_PARM2(_regs) (_regs).regs[1] |
| 404 #define SECCOMP_PT_PARM3(_regs) (_regs).regs[2] |
| 405 #define SECCOMP_PT_PARM4(_regs) (_regs).regs[3] |
| 406 #define SECCOMP_PT_PARM5(_regs) (_regs).regs[4] |
| 407 #define SECCOMP_PT_PARM6(_regs) (_regs).regs[5] |
357 #else | 408 #else |
358 #error Unsupported target platform | 409 #error Unsupported target platform |
359 | 410 |
360 #endif | 411 #endif |
361 | 412 |
362 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 413 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
OLD | NEW |