| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include "base/files/scoped_file.h" | 10 #include "base/files/scoped_file.h" |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 57 // It is possible to stack multiple sandboxes by creating separate "Sandbox" | 57 // It is possible to stack multiple sandboxes by creating separate "Sandbox" |
| 58 // objects and calling "StartSandbox()" on each of them. Please note, that | 58 // objects and calling "StartSandbox()" on each of them. Please note, that |
| 59 // this requires special care, though, as newly stacked sandboxes can never | 59 // this requires special care, though, as newly stacked sandboxes can never |
| 60 // relax restrictions imposed by earlier sandboxes. Furthermore, installing | 60 // relax restrictions imposed by earlier sandboxes. Furthermore, installing |
| 61 // a new policy requires making system calls, that might already be | 61 // a new policy requires making system calls, that might already be |
| 62 // disallowed. | 62 // disallowed. |
| 63 // Finally, stacking does add more kernel overhead than having a single | 63 // Finally, stacking does add more kernel overhead than having a single |
| 64 // combined policy. So, it should only be used if there are no alternatives. | 64 // combined policy. So, it should only be used if there are no alternatives. |
| 65 bool StartSandbox(SeccompLevel level) WARN_UNUSED_RESULT; | 65 bool StartSandbox(SeccompLevel level) WARN_UNUSED_RESULT; |
| 66 | 66 |
| 67 // The sandbox needs to be able to access files in "/proc/self/task/". If | 67 // The sandbox needs to be able to access files in "/proc/self/". If |
| 68 // this directory is not accessible when "StartSandbox()" gets called, the | 68 // this directory is not accessible when "StartSandbox()" gets called, the |
| 69 // caller must provide an already opened file descriptor by calling | 69 // caller must provide an already opened file descriptor by calling |
| 70 // "SetProcTaskFd()". | 70 // "SetProcFd()". |
| 71 // The sandbox becomes the new owner of this file descriptor and will | 71 // The sandbox becomes the new owner of this file descriptor and will |
| 72 // close it when "StartSandbox()" executes or when the sandbox object | 72 // close it when "StartSandbox()" executes or when the sandbox object |
| 73 // disappears. | 73 // disappears. |
| 74 void SetProcTaskFd(base::ScopedFD proc_task_fd); | 74 void SetProcFd(base::ScopedFD proc_fd); |
| 75 | 75 |
| 76 // Checks whether a particular system call number is valid on the current | 76 // Checks whether a particular system call number is valid on the current |
| 77 // architecture. | 77 // architecture. |
| 78 static bool IsValidSyscallNumber(int sysnum); | 78 static bool IsValidSyscallNumber(int sysnum); |
| 79 | 79 |
| 80 // UnsafeTraps require some syscalls to always be allowed. | 80 // UnsafeTraps require some syscalls to always be allowed. |
| 81 // This helper function returns true for these calls. | 81 // This helper function returns true for these calls. |
| 82 static bool IsRequiredForUnsafeTrap(int sysno); | 82 static bool IsRequiredForUnsafeTrap(int sysno); |
| 83 | 83 |
| 84 // From within an UnsafeTrap() it is often useful to be able to execute | 84 // From within an UnsafeTrap() it is often useful to be able to execute |
| (...skipping 14 matching lines...) Expand all Loading... |
| 99 // through the verifier, iff the program was built in debug mode. | 99 // through the verifier, iff the program was built in debug mode. |
| 100 // But by setting "force_verification", the caller can request that the | 100 // But by setting "force_verification", the caller can request that the |
| 101 // verifier is run unconditionally. This is useful for unittests. | 101 // verifier is run unconditionally. This is useful for unittests. |
| 102 scoped_ptr<CodeGen::Program> AssembleFilter(bool force_verification); | 102 scoped_ptr<CodeGen::Program> AssembleFilter(bool force_verification); |
| 103 | 103 |
| 104 private: | 104 private: |
| 105 // Assembles and installs a filter based on the policy that has previously | 105 // Assembles and installs a filter based on the policy that has previously |
| 106 // been configured with SetSandboxPolicy(). | 106 // been configured with SetSandboxPolicy(). |
| 107 void InstallFilter(bool must_sync_threads); | 107 void InstallFilter(bool must_sync_threads); |
| 108 | 108 |
| 109 base::ScopedFD proc_task_fd_; | 109 base::ScopedFD proc_fd_; |
| 110 bool sandbox_has_started_; | 110 bool sandbox_has_started_; |
| 111 scoped_ptr<bpf_dsl::Policy> policy_; | 111 scoped_ptr<bpf_dsl::Policy> policy_; |
| 112 | 112 |
| 113 DISALLOW_COPY_AND_ASSIGN(SandboxBPF); | 113 DISALLOW_COPY_AND_ASSIGN(SandboxBPF); |
| 114 }; | 114 }; |
| 115 | 115 |
| 116 } // namespace sandbox | 116 } // namespace sandbox |
| 117 | 117 |
| 118 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ | 118 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 938223004:
Linux sandbox: better APIs with /proc/ arguments (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master