Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2863)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.h

Issue 572753002: Decouple Trap from ErrorCode (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix indenting; revert volatile changes Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/errorcode.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('j') | sandbox/linux/seccomp-bpf/trap.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf/sandbox_bpf.h
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index a85c7ac84b7d36317292917a766cb6e2038df4a5..a131bd0f2ee24905a1d713f9f2e3024e6da28101 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -21,24 +21,11 @@
#include "sandbox/linux/seccomp-bpf/die.h"
#include "sandbox/linux/seccomp-bpf/errorcode.h"
#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
+#include "sandbox/linux/seccomp-bpf/trap.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
-// This must match the kernel's seccomp_data structure.
-struct arch_seccomp_data {
- int nr;
- uint32_t arch;
- uint64_t instruction_pointer;
- uint64_t args[6];
-};
-
-struct arch_sigsys {
- void* ip;
- int nr;
- unsigned int arch;
-};
-
class CodeGen;
class SandboxBPFPolicy;
class SandboxUnittestHelper;
@@ -116,7 +103,7 @@ class SANDBOX_EXPORT SandboxBPF {
// The "aux" field can carry a pointer to arbitrary data. See EvaluateSyscall
// for a description of how to pass data from SetSandboxPolicy() to a Trap()
// handler.
- ErrorCode Trap(Trap::TrapFnc fnc, const void* aux);
+ static ErrorCode Trap(Trap::TrapFnc fnc, const void* aux);
// Calls a user-space trap handler and disables all sandboxing for system
// calls made from this trap handler.
@@ -128,7 +115,7 @@ class SANDBOX_EXPORT SandboxBPF {
// very useful to diagnose code that is incompatible with the sandbox.
// If even a single system call returns "UnsafeTrap", the security of
// entire sandbox should be considered compromised.
- ErrorCode UnsafeTrap(Trap::TrapFnc fnc, const void* aux);
+ static ErrorCode UnsafeTrap(Trap::TrapFnc fnc, const void* aux);
// UnsafeTraps require some syscalls to always be allowed.
// This helper function returns true for these calls.
@@ -170,7 +157,7 @@ class SANDBOX_EXPORT SandboxBPF {
const ErrorCode& failed);
// Kill the program and print an error message.
- ErrorCode Kill(const char* msg);
+ static ErrorCode Kill(const char* msg);
// This is the main public entry point. It finds all system calls that
// need rewriting, sets up the resources needed by the sandbox, and
@@ -200,7 +187,7 @@ class SANDBOX_EXPORT SandboxBPF {
// Returns the fatal ErrorCode that is used to indicate that somebody
// attempted to pass a 64bit value in a 32bit system call argument.
// This method is primarily needed for testing purposes.
- ErrorCode Unexpected64bitArgument();
+ static ErrorCode Unexpected64bitArgument();
private:
friend class CodeGen;
« no previous file with comments | « sandbox/linux/seccomp-bpf/errorcode.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('j') | sandbox/linux/seccomp-bpf/trap.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698