| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "build/build_config.h" | 9 #include "build/build_config.h" |
| 10 #include "sandbox/sandbox_export.h" | 10 #include "sandbox/sandbox_export.h" |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 static bool IsAllowedFutex(int sysno); | 40 static bool IsAllowedFutex(int sysno); |
| 41 static bool IsAllowedEpoll(int sysno); | 41 static bool IsAllowedEpoll(int sysno); |
| 42 static bool IsAllowedGetOrModifySocket(int sysno); | 42 static bool IsAllowedGetOrModifySocket(int sysno); |
| 43 static bool IsDeniedGetOrModifySocket(int sysno); | 43 static bool IsDeniedGetOrModifySocket(int sysno); |
| 44 | 44 |
| 45 #if defined(__i386__) || defined(__mips__) | 45 #if defined(__i386__) || defined(__mips__) |
| 46 // Big multiplexing system call for sockets. | 46 // Big multiplexing system call for sockets. |
| 47 static bool IsSocketCall(int sysno); | 47 static bool IsSocketCall(int sysno); |
| 48 #endif | 48 #endif |
| 49 | 49 |
| 50 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) | 50 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ |
| 51 defined(__aarch64__) |
| 51 static bool IsNetworkSocketInformation(int sysno); | 52 static bool IsNetworkSocketInformation(int sysno); |
| 52 #endif | 53 #endif |
| 53 | 54 |
| 54 static bool IsAllowedAddressSpaceAccess(int sysno); | 55 static bool IsAllowedAddressSpaceAccess(int sysno); |
| 55 static bool IsAllowedGeneralIo(int sysno); | 56 static bool IsAllowedGeneralIo(int sysno); |
| 56 static bool IsPrctl(int sysno); | 57 static bool IsPrctl(int sysno); |
| 57 static bool IsSeccomp(int sysno); | 58 static bool IsSeccomp(int sysno); |
| 58 static bool IsAllowedBasicScheduler(int sysno); | 59 static bool IsAllowedBasicScheduler(int sysno); |
| 59 static bool IsAdminOperation(int sysno); | 60 static bool IsAdminOperation(int sysno); |
| 60 static bool IsKernelModule(int sysno); | 61 static bool IsKernelModule(int sysno); |
| 61 static bool IsGlobalFSViewChange(int sysno); | 62 static bool IsGlobalFSViewChange(int sysno); |
| 62 static bool IsFsControl(int sysno); | 63 static bool IsFsControl(int sysno); |
| 63 static bool IsNuma(int sysno); | 64 static bool IsNuma(int sysno); |
| 64 static bool IsMessageQueue(int sysno); | 65 static bool IsMessageQueue(int sysno); |
| 65 static bool IsGlobalProcessEnvironment(int sysno); | 66 static bool IsGlobalProcessEnvironment(int sysno); |
| 66 static bool IsDebug(int sysno); | 67 static bool IsDebug(int sysno); |
| 67 static bool IsGlobalSystemStatus(int sysno); | 68 static bool IsGlobalSystemStatus(int sysno); |
| 68 static bool IsEventFd(int sysno); | 69 static bool IsEventFd(int sysno); |
| 69 // Asynchronous I/O API. | 70 // Asynchronous I/O API. |
| 70 static bool IsAsyncIo(int sysno); | 71 static bool IsAsyncIo(int sysno); |
| 71 static bool IsKeyManagement(int sysno); | 72 static bool IsKeyManagement(int sysno); |
| 72 #if defined(__x86_64__) || defined(__arm__) | 73 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) |
| 73 static bool IsSystemVSemaphores(int sysno); | 74 static bool IsSystemVSemaphores(int sysno); |
| 74 #endif | 75 #endif |
| 75 #if defined(__x86_64__) || defined(__arm__) | 76 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) |
| 76 // These give a lot of ambient authority and bypass the setuid sandbox. | 77 // These give a lot of ambient authority and bypass the setuid sandbox. |
| 77 static bool IsSystemVSharedMemory(int sysno); | 78 static bool IsSystemVSharedMemory(int sysno); |
| 78 #endif | 79 #endif |
| 79 | 80 |
| 80 #if defined(__x86_64__) || defined(__arm__) | 81 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) |
| 81 static bool IsSystemVMessageQueue(int sysno); | 82 static bool IsSystemVMessageQueue(int sysno); |
| 82 #endif | 83 #endif |
| 83 | 84 |
| 84 #if defined(__i386__) || defined(__mips__) | 85 #if defined(__i386__) || defined(__mips__) |
| 85 // Big system V multiplexing system call. | 86 // Big system V multiplexing system call. |
| 86 static bool IsSystemVIpc(int sysno); | 87 static bool IsSystemVIpc(int sysno); |
| 87 #endif | 88 #endif |
| 88 | 89 |
| 89 static bool IsAnySystemV(int sysno); | 90 static bool IsAnySystemV(int sysno); |
| 90 static bool IsAdvancedScheduler(int sysno); | 91 static bool IsAdvancedScheduler(int sysno); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 102 static bool IsMipsPrivate(int sysno); | 103 static bool IsMipsPrivate(int sysno); |
| 103 static bool IsMipsMisc(int sysno); | 104 static bool IsMipsMisc(int sysno); |
| 104 #endif // defined(__mips__) | 105 #endif // defined(__mips__) |
| 105 private: | 106 private: |
| 106 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); | 107 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); |
| 107 }; | 108 }; |
| 108 | 109 |
| 109 } // namespace sandbox. | 110 } // namespace sandbox. |
| 110 | 111 |
| 111 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ | 112 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 487143003:
sandbox: Add Arm64 support for seccomp-BPF (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src