| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ | 5 #ifndef SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ |
| 6 #define SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ | 6 #define SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ |
| 7 | 7 |
| 8 #include <sys/types.h> | 8 #include <sys/types.h> |
| 9 | 9 |
| 10 #include "sandbox/sandbox_export.h" | 10 #include "sandbox/sandbox_export.h" |
| 11 | 11 |
| 12 struct sock_fprog; | 12 struct sock_fprog; |
| 13 struct rlimit64; | 13 struct rlimit64; |
| 14 | 14 |
| 15 namespace sandbox { | 15 namespace sandbox { |
| 16 | 16 |
| 17 // Provide direct system call wrappers for a few common system calls. | 17 // Provide direct system call wrappers for a few common system calls. |
| 18 // These are guaranteed to perform a system call and do not rely on things such | 18 // These are guaranteed to perform a system call and do not rely on things such |
| 19 // as caching the current pid (c.f. getpid()). | 19 // as caching the current pid (c.f. getpid()) unless otherwise specified. |
| 20 | 20 |
| 21 SANDBOX_EXPORT pid_t sys_getpid(void); | 21 SANDBOX_EXPORT pid_t sys_getpid(void); |
| 22 | 22 |
| 23 SANDBOX_EXPORT pid_t sys_gettid(void); | 23 SANDBOX_EXPORT pid_t sys_gettid(void); |
| 24 | 24 |
| 25 SANDBOX_EXPORT long sys_clone(unsigned long flags); | 25 SANDBOX_EXPORT long sys_clone(unsigned long flags); |
| 26 | 26 |
| 27 // |regs| is not supported and must be passed as nullptr. | 27 // |regs| is not supported and must be passed as nullptr. |child_stack| must be |
| 28 // nullptr, since otherwise this function cannot safely return. As a |
| 29 // consequence, this function does not support CLONE_VM. |
| 30 // |
| 31 // This function uses the libc clone wrapper (which updates libc's pid cache) |
| 32 // internally, so callers may expect things like getpid() to work correctly |
| 33 // after in both the child and parent. |
| 28 SANDBOX_EXPORT long sys_clone(unsigned long flags, | 34 SANDBOX_EXPORT long sys_clone(unsigned long flags, |
| 29 void* child_stack, | 35 decltype(nullptr) child_stack, |
| 30 pid_t* ptid, | 36 pid_t* ptid, |
| 31 pid_t* ctid, | 37 pid_t* ctid, |
| 32 decltype(nullptr) regs); | 38 decltype(nullptr) regs); |
| 33 | 39 |
| 34 SANDBOX_EXPORT void sys_exit_group(int status); | 40 SANDBOX_EXPORT void sys_exit_group(int status); |
| 35 | 41 |
| 36 // The official system call takes |args| as void* (in order to be extensible), | 42 // The official system call takes |args| as void* (in order to be extensible), |
| 37 // but add more typing for the cases that are currently used. | 43 // but add more typing for the cases that are currently used. |
| 38 SANDBOX_EXPORT int sys_seccomp(unsigned int operation, | 44 SANDBOX_EXPORT int sys_seccomp(unsigned int operation, |
| 39 unsigned int flags, | 45 unsigned int flags, |
| 40 const struct sock_fprog* args); | 46 const struct sock_fprog* args); |
| 41 | 47 |
| 42 // Some libcs do not expose a prlimit64 wrapper. | 48 // Some libcs do not expose a prlimit64 wrapper. |
| 43 SANDBOX_EXPORT int sys_prlimit64(pid_t pid, | 49 SANDBOX_EXPORT int sys_prlimit64(pid_t pid, |
| 44 int resource, | 50 int resource, |
| 45 const struct rlimit64* new_limit, | 51 const struct rlimit64* new_limit, |
| 46 struct rlimit64* old_limit); | 52 struct rlimit64* old_limit); |
| 47 | 53 |
| 48 } // namespace sandbox | 54 } // namespace sandbox |
| 49 | 55 |
| 50 #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ | 56 #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 801033002:
Use the libc clone wrapper in sys_clone. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master