| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ |
| 7 | 7 |
| 8 #include <signal.h> | 8 #include <signal.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 57 // Enables support for unsafe traps in the SIGSYS signal handler. This is a | 57 // Enables support for unsafe traps in the SIGSYS signal handler. This is a |
| 58 // one-way fuse. It works in conjunction with the BPF compiler emitting code | 58 // one-way fuse. It works in conjunction with the BPF compiler emitting code |
| 59 // that unconditionally allows system calls, if they have a magic return | 59 // that unconditionally allows system calls, if they have a magic return |
| 60 // address (i.e. SandboxSyscall(-1)). | 60 // address (i.e. SandboxSyscall(-1)). |
| 61 // Once unsafe traps are enabled, the sandbox is essentially compromised. | 61 // Once unsafe traps are enabled, the sandbox is essentially compromised. |
| 62 // But this is still a very useful feature for debugging purposes. Use with | 62 // But this is still a very useful feature for debugging purposes. Use with |
| 63 // care. This feature is availably only if enabled by the user (see above). | 63 // care. This feature is availably only if enabled by the user (see above). |
| 64 // Returns "true", if unsafe traps were turned on. | 64 // Returns "true", if unsafe traps were turned on. |
| 65 static bool EnableUnsafeTrapsInSigSysHandler(); | 65 static bool EnableUnsafeTrapsInSigSysHandler(); |
| 66 | 66 |
| 67 // Returns true if a safe trap handler is associated with a | |
| 68 // particular trap ID. | |
| 69 static bool IsSafeTrapId(uint16_t id); | |
| 70 | |
| 71 private: | 67 private: |
| 72 struct TrapKey { | 68 struct TrapKey { |
| 73 TrapKey() : fnc(NULL), aux(NULL), safe(false) {} | 69 TrapKey() : fnc(NULL), aux(NULL), safe(false) {} |
| 74 TrapKey(TrapFnc f, const void* a, bool s) : fnc(f), aux(a), safe(s) {} | 70 TrapKey(TrapFnc f, const void* a, bool s) : fnc(f), aux(a), safe(s) {} |
| 75 TrapFnc fnc; | 71 TrapFnc fnc; |
| 76 const void* aux; | 72 const void* aux; |
| 77 bool safe; | 73 bool safe; |
| 78 bool operator<(const TrapKey&) const; | 74 bool operator<(const TrapKey&) const; |
| 79 }; | 75 }; |
| 80 typedef std::map<TrapKey, uint16_t> TrapIds; | 76 typedef std::map<TrapKey, uint16_t> TrapIds; |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 117 bool has_unsafe_traps_; // Whether unsafe traps have been enabled | 113 bool has_unsafe_traps_; // Whether unsafe traps have been enabled |
| 118 | 114 |
| 119 // Copying and assigning is unimplemented. It doesn't make sense for a | 115 // Copying and assigning is unimplemented. It doesn't make sense for a |
| 120 // singleton. | 116 // singleton. |
| 121 DISALLOW_COPY_AND_ASSIGN(Trap); | 117 DISALLOW_COPY_AND_ASSIGN(Trap); |
| 122 }; | 118 }; |
| 123 | 119 |
| 124 } // namespace sandbox | 120 } // namespace sandbox |
| 125 | 121 |
| 126 #endif // SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ | 122 #endif // SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 628823003:
sandbox_bpf: rework how unsafe traps are compiled/verified (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@policies