// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_ #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_ #include <stdint.h> #include <sys/ioctl.h> #include "build/build_config.h" // The Seccomp2 kernel ABI is not part of older versions of glibc. // As we can't break compilation with these versions of the library, // we explicitly define all missing symbols. // If we ever decide that we can now rely on system headers, the following // include files should be enabled: // #include <linux/audit.h> // #include <linux/seccomp.h> // For audit.h #ifndef EM_ARM #define EM_ARM … #endif #ifndef EM_386 #define EM_386 … #endif #ifndef EM_X86_64 #define EM_X86_64 … #endif #ifndef EM_MIPS #define EM_MIPS … #endif #ifndef EM_AARCH64 #define EM_AARCH64 … #endif #ifndef __AUDIT_ARCH_64BIT #define __AUDIT_ARCH_64BIT … #endif #ifndef __AUDIT_ARCH_LE #define __AUDIT_ARCH_LE … #endif #ifndef AUDIT_ARCH_ARM #define AUDIT_ARCH_ARM … #endif #ifndef AUDIT_ARCH_I386 #define AUDIT_ARCH_I386 … #endif #ifndef AUDIT_ARCH_X86_64 #define AUDIT_ARCH_X86_64 … #endif #ifndef AUDIT_ARCH_MIPSEL #define AUDIT_ARCH_MIPSEL … #endif #ifndef AUDIT_ARCH_MIPSEL64 #define AUDIT_ARCH_MIPSEL64 … #endif #ifndef AUDIT_ARCH_AARCH64 #define AUDIT_ARCH_AARCH64 … #endif // For prctl.h #ifndef PR_SET_SECCOMP #define PR_SET_SECCOMP … #define PR_GET_SECCOMP … #endif #ifndef PR_SET_NO_NEW_PRIVS #define PR_SET_NO_NEW_PRIVS … #define PR_GET_NO_NEW_PRIVS … #endif #ifndef IPC_64 #define IPC_64 … #endif #ifndef PR_SET_SPECULATION_CTRL #define PR_SET_SPECULATION_CTRL … #define PR_GET_SPECULATION_CTRL … #endif #ifndef PR_SPEC_INDIRECT_BRANCH #define PR_SPEC_INDIRECT_BRANCH … #endif #ifndef PR_SPEC_PRCTL #define PR_SPEC_PRCTL … #endif #ifndef PR_SPEC_FORCE_DISABLE #define PR_SPEC_FORCE_DISABLE … #endif // In order to build will older tool chains, we currently have to avoid // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on // our own definitions of the seccomp kernel ABI. #ifndef SECCOMP_MODE_FILTER #define SECCOMP_MODE_DISABLED … #define SECCOMP_MODE_STRICT … #define SECCOMP_MODE_FILTER … #endif #ifndef SECCOMP_SET_MODE_STRICT #define SECCOMP_SET_MODE_STRICT … #endif #ifndef SECCOMP_SET_MODE_FILTER #define SECCOMP_SET_MODE_FILTER … #endif #ifndef SECCOMP_GET_NOTIF_SIZES #define SECCOMP_GET_NOTIF_SIZES … #endif #ifndef SECCOMP_FILTER_FLAG_TSYNC #define SECCOMP_FILTER_FLAG_TSYNC … #endif #ifndef SECCOMP_FILTER_FLAG_SPEC_ALLOW #define SECCOMP_FILTER_FLAG_SPEC_ALLOW … #endif #ifndef SECCOMP_FILTER_FLAG_NEW_LISTENER #define SECCOMP_FILTER_FLAG_NEW_LISTENER … #endif #ifndef SECCOMP_FILTER_FLAG_TSYNC_ESRCH #define SECCOMP_FILTER_FLAG_TSYNC_ESRCH … #endif #ifndef SECCOMP_ADDFD_FLAG_SETFD #define SECCOMP_ADDFD_FLAG_SETFD … #endif // In the future, if we add fields to these structs and then access them, they // might be out-of-bounds on an older kernel. So before adding to these structs, // make sure to annotate them with a comment that it may be unsafe to access // those fields on older kernels. struct arch_seccomp_data { … }; struct seccomp_notif_sizes { … }; struct seccomp_notif { … }; struct seccomp_notif_resp { … }; struct seccomp_notif_addfd { … }; #define SECCOMP_IOC_MAGIC … #define SECCOMP_IO(nr) … #define SECCOMP_IOR(nr, type) … #define SECCOMP_IOW(nr, type) … #define SECCOMP_IOWR(nr, type) … // Flags for seccomp notification fd ioctl. #define SECCOMP_IOCTL_NOTIF_RECV … #define SECCOMP_IOCTL_NOTIF_SEND … // Note: SECCOMP_IOCTL_NOTIF_ID_VALID is now defined with SECCOMP_IOW, but // kernels are expected to support the (now incorrect) ioctl number for the // foreseeable future. #define SECCOMP_IOCTL_NOTIF_ID_VALID … // On success, the return value is the remote process's added fd number #define SECCOMP_IOCTL_NOTIF_ADDFD … #ifndef SECCOMP_RET_KILL // Return values supported for BPF filter programs. Please note that the // "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only // ever be used internally, and would result in the kernel killing our process. #define SECCOMP_RET_KILL … #define SECCOMP_RET_INVALID … #define SECCOMP_RET_TRAP … #define SECCOMP_RET_ERRNO … #define SECCOMP_RET_USER_NOTIF … #define SECCOMP_RET_TRACE … #define SECCOMP_RET_ALLOW … #define SECCOMP_RET_ACTION … #define SECCOMP_RET_DATA … #else #define SECCOMP_RET_INVALID … #endif #ifndef SYS_SECCOMP #define SYS_SECCOMP … #endif #endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_
Codebase Browser
chromium