// Copyright 2013 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" #include <errno.h> #include <sys/mman.h> #include <sys/socket.h> #include <sys/syscall.h> #include <sys/types.h> #include <unistd.h> #include "base/check_op.h" #include "base/clang_profiling_buildflags.h" #include "build/build_config.h" #include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/services/syscall_wrappers.h" #include "sandbox/linux/system_headers/linux_stat.h" #include "sandbox/linux/system_headers/linux_syscalls.h" #if !defined(SO_PEEK_OFF) #define SO_PEEK_OFF … #endif // Changing this implementation will have an effect on *all* policies. // Currently this means: Renderer/Worker, GPU, Flash and NaCl. Allow; Arg; Error; If; ResultExpr; namespace sandbox { namespace { bool IsBaselinePolicyAllowed(int sysno) { … } // System calls that will trigger the crashing SIGSYS handler. bool IsBaselinePolicyWatched(int sysno) { … } // |fs_denied_errno| is the errno return for denied filesystem access. ResultExpr EvaluateSyscallImpl(int fs_denied_errno, pid_t current_pid, int sysno) { … } } // namespace. BaselinePolicy::BaselinePolicy() : … { … } BaselinePolicy::BaselinePolicy(int fs_denied_errno) : … { … } BaselinePolicy::~BaselinePolicy() { … } ResultExpr BaselinePolicy::EvaluateSyscall(int sysno) const { … } ResultExpr BaselinePolicy::InvalidSyscall() const { … } } // namespace sandbox.
Codebase Browser
chromium