diff options
Diffstat (limited to 'security/sandbox/chromium/sandbox/linux/bpf_dsl/trap_registry.h')
| -rw-r--r-- | security/sandbox/chromium/sandbox/linux/bpf_dsl/trap_registry.h | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/security/sandbox/chromium/sandbox/linux/bpf_dsl/trap_registry.h b/security/sandbox/chromium/sandbox/linux/bpf_dsl/trap_registry.h new file mode 100644 index 0000000000..0a5d2f14cc --- /dev/null +++ b/security/sandbox/chromium/sandbox/linux/bpf_dsl/trap_registry.h @@ -0,0 +1,73 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_ +#define SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_ + +#include <stdint.h> + +#include "base/macros.h" +#include "sandbox/sandbox_export.h" + +namespace sandbox { + +// This must match the kernel's seccomp_data structure. +struct arch_seccomp_data { + int nr; + uint32_t arch; + uint64_t instruction_pointer; + uint64_t args[6]; +}; + +namespace bpf_dsl { + +// TrapRegistry provides an interface for registering "trap handlers" +// by associating them with non-zero 16-bit trap IDs. Trap IDs should +// remain valid for the lifetime of the trap registry. +class SANDBOX_EXPORT TrapRegistry { + public: + // TrapFnc is a pointer to a function that fulfills the trap handler + // function signature. + // + // Trap handlers follow the calling convention of native system + // calls; e.g., to report an error, they return an exit code in the + // range -1..-4096 instead of directly modifying errno. However, + // modifying errno is harmless, as the original value will be + // restored afterwards. + // + // Trap handlers are executed from signal context and possibly an + // async-signal context, so they must be async-signal safe: + // http://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html + typedef intptr_t (*TrapFnc)(const struct arch_seccomp_data& args, void* aux); + + // Add registers the specified trap handler tuple and returns a + // non-zero trap ID that uniquely identifies the tuple for the life + // time of the trap registry. If the same tuple is registered + // multiple times, the same value will be returned each time. + virtual uint16_t Add(TrapFnc fnc, const void* aux, bool safe) = 0; + + // EnableUnsafeTraps tries to enable unsafe traps and returns + // whether it was successful. This is a one-way operation. + // + // CAUTION: Enabling unsafe traps effectively defeats the security + // guarantees provided by the sandbox policy. TrapRegistry + // implementations should ensure unsafe traps are only enabled + // during testing. + virtual bool EnableUnsafeTraps() = 0; + + protected: + TrapRegistry() {} + + // TrapRegistry's destructor is intentionally non-virtual so that + // implementations can omit their destructor. Instead we protect against + // misuse by marking it protected. + ~TrapRegistry() {} + + DISALLOW_COPY_AND_ASSIGN(TrapRegistry); +}; + +} // namespace bpf_dsl +} // namespace sandbox + +#endif // SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_ |