OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ | 5 #ifndef SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ |
6 #define SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ | 6 #define SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ |
7 | 7 |
8 #include <sys/types.h> | 8 #include <sys/types.h> |
9 | 9 |
10 #include "sandbox/sandbox_export.h" | 10 #include "sandbox/sandbox_export.h" |
11 | 11 |
12 struct sock_fprog; | 12 struct sock_fprog; |
13 struct rlimit64; | 13 struct rlimit64; |
14 | 14 |
15 namespace sandbox { | 15 namespace sandbox { |
16 | 16 |
17 // Provide direct system call wrappers for a few common system calls. | 17 // Provide direct system call wrappers for a few common system calls. |
18 // These are guaranteed to perform a system call and do not rely on things such | 18 // These are guaranteed to perform a system call and do not rely on things such |
19 // as caching the current pid (c.f. getpid()). | 19 // as caching the current pid (c.f. getpid()) unless otherwise specified. |
20 | 20 |
21 SANDBOX_EXPORT pid_t sys_getpid(void); | 21 SANDBOX_EXPORT pid_t sys_getpid(void); |
22 | 22 |
23 SANDBOX_EXPORT pid_t sys_gettid(void); | 23 SANDBOX_EXPORT pid_t sys_gettid(void); |
24 | 24 |
25 SANDBOX_EXPORT long sys_clone(unsigned long flags); | 25 SANDBOX_EXPORT long sys_clone(unsigned long flags); |
26 | 26 |
27 // |regs| is not supported and must be passed as nullptr. | 27 // |regs| is not supported and must be passed as nullptr. |child_stack| must be |
28 // nullptr, since otherwise this function cannot safely return. As a | |
29 // consequence, this function does not support CLONE_VM. | |
28 SANDBOX_EXPORT long sys_clone(unsigned long flags, | 30 SANDBOX_EXPORT long sys_clone(unsigned long flags, |
29 void* child_stack, | 31 decltype(nullptr) child_stack, |
30 pid_t* ptid, | 32 pid_t* ptid, |
31 pid_t* ctid, | 33 pid_t* ctid, |
32 decltype(nullptr) regs); | 34 decltype(nullptr) regs); |
33 | 35 |
36 // A wrapper for clone with fork-like behavior, meaning that it returns the | |
37 // child's pid in the parent and 0 in the child. |flags| is as in the clone | |
38 // system call (CLONE_VM is not supported). | |
39 // | |
40 // This function uses the libc clone wrapper (which updates libc's pid cache) | |
41 // internally, so callers may expect things like getpid() to work correctly | |
42 // after in both the child and parent. An exception is when this code is run | |
43 // under Valgrind. Valgrind does not support the libc clone wrapper, so the libc | |
44 // pid cache may be incorrect after this function is called under Valgrind. | |
jln (very slow on Chromium)
2014/12/17 02:23:42
Nit: document ptid / ctid.
rickyz (no longer on Chrome)
2014/12/17 02:31:34
Done (just folded it into the prev sentence).
| |
45 SANDBOX_EXPORT pid_t | |
46 ForkWithFlags(unsigned long flags, pid_t* ptid, pid_t* ctid); | |
47 | |
34 SANDBOX_EXPORT void sys_exit_group(int status); | 48 SANDBOX_EXPORT void sys_exit_group(int status); |
35 | 49 |
36 // The official system call takes |args| as void* (in order to be extensible), | 50 // The official system call takes |args| as void* (in order to be extensible), |
37 // but add more typing for the cases that are currently used. | 51 // but add more typing for the cases that are currently used. |
38 SANDBOX_EXPORT int sys_seccomp(unsigned int operation, | 52 SANDBOX_EXPORT int sys_seccomp(unsigned int operation, |
39 unsigned int flags, | 53 unsigned int flags, |
40 const struct sock_fprog* args); | 54 const struct sock_fprog* args); |
41 | 55 |
42 // Some libcs do not expose a prlimit64 wrapper. | 56 // Some libcs do not expose a prlimit64 wrapper. |
43 SANDBOX_EXPORT int sys_prlimit64(pid_t pid, | 57 SANDBOX_EXPORT int sys_prlimit64(pid_t pid, |
44 int resource, | 58 int resource, |
45 const struct rlimit64* new_limit, | 59 const struct rlimit64* new_limit, |
46 struct rlimit64* old_limit); | 60 struct rlimit64* old_limit); |
47 | 61 |
48 } // namespace sandbox | 62 } // namespace sandbox |
49 | 63 |
50 #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ | 64 #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ |
OLD | NEW |