Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(25)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/trap.h

Issue 817653003: Update from https://crrev.com/309717 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/syscall_unittest.cc ('k') | sandbox/linux/services/syscall_wrappers.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__
6 #define SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ 6 #define SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__
7 7
8 #include <signal.h> 8 #include <signal.h>
9 #include <stdint.h> 9 #include <stdint.h>
10 10
11 #include <map> 11 #include <map>
12 12
13 #include "base/macros.h" 13 #include "base/macros.h"
14 #include "sandbox/linux/bpf_dsl/trap_registry.h" 14 #include "sandbox/linux/bpf_dsl/trap_registry.h"
15 #include "sandbox/sandbox_export.h" 15 #include "sandbox/sandbox_export.h"
16 16
17 namespace sandbox { 17 namespace sandbox {
18 18
19 // The Trap class allows a BPF filter program to branch out to user space by 19 // The Trap class allows a BPF filter program to branch out to user space by
20 // raising a SIGSYS signal. 20 // raising a SIGSYS signal.
21 // N.B.: This class does not perform any synchronization operations. If 21 // N.B.: This class does not perform any synchronization operations. If
22 // modifications are made to any of the traps, it is the caller's 22 // modifications are made to any of the traps, it is the caller's
23 // responsibility to ensure that this happens in a thread-safe fashion. 23 // responsibility to ensure that this happens in a thread-safe fashion.
24 // Preferably, that means that no other threads should be running at that 24 // Preferably, that means that no other threads should be running at that
25 // time. For the purposes of our sandbox, this assertion should always be 25 // time. For the purposes of our sandbox, this assertion should always be
26 // true. Threads are incompatible with the seccomp sandbox anyway. 26 // true. Threads are incompatible with the seccomp sandbox anyway.
27 class SANDBOX_EXPORT Trap : public bpf_dsl::TrapRegistry { 27 class SANDBOX_EXPORT Trap : public bpf_dsl::TrapRegistry {
28 public: 28 public:
29 virtual uint16_t Add(TrapFnc fnc, const void* aux, bool safe) override; 29 uint16_t Add(TrapFnc fnc, const void* aux, bool safe) override;
30 30
31 virtual bool EnableUnsafeTraps() override; 31 bool EnableUnsafeTraps() override;
32 32
33 // Registry returns the trap registry used by Trap's SIGSYS handler, 33 // Registry returns the trap registry used by Trap's SIGSYS handler,
34 // creating it if necessary. 34 // creating it if necessary.
35 static bpf_dsl::TrapRegistry* Registry(); 35 static bpf_dsl::TrapRegistry* Registry();
36 36
37 // Registers a new trap handler and sets up the appropriate SIGSYS handler 37 // Registers a new trap handler and sets up the appropriate SIGSYS handler
38 // as needed. 38 // as needed.
39 // N.B.: This makes a permanent state change. Traps cannot be unregistered, 39 // N.B.: This makes a permanent state change. Traps cannot be unregistered,
40 // as that would break existing BPF filters that are still active. 40 // as that would break existing BPF filters that are still active.
41 // TODO(mdempsky): Deprecated; remove. 41 // TODO(mdempsky): Deprecated; remove.
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
92 bool has_unsafe_traps_; // Whether unsafe traps have been enabled 92 bool has_unsafe_traps_; // Whether unsafe traps have been enabled
93 93
94 // Copying and assigning is unimplemented. It doesn't make sense for a 94 // Copying and assigning is unimplemented. It doesn't make sense for a
95 // singleton. 95 // singleton.
96 DISALLOW_COPY_AND_ASSIGN(Trap); 96 DISALLOW_COPY_AND_ASSIGN(Trap);
97 }; 97 };
98 98
99 } // namespace sandbox 99 } // namespace sandbox
100 100
101 #endif // SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ 101 #endif // SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/syscall_unittest.cc ('k') | sandbox/linux/services/syscall_wrappers.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698