diff options
Diffstat (limited to 'sandbox/linux/seccomp-bpf/trap.h')
| -rw-r--r-- | sandbox/linux/seccomp-bpf/trap.h | 86 |
1 files changed, 0 insertions, 86 deletions
diff --git a/sandbox/linux/seccomp-bpf/trap.h b/sandbox/linux/seccomp-bpf/trap.h deleted file mode 100644 index a73d2064b4..0000000000 --- a/sandbox/linux/seccomp-bpf/trap.h +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ -#define SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ - -#include <stddef.h> -#include <stdint.h> - -#include <map> - -#include "base/macros.h" -#include "sandbox/linux/bpf_dsl/trap_registry.h" -#include "sandbox/linux/system_headers/linux_signal.h" -#include "sandbox/sandbox_export.h" - -namespace sandbox { - -// The Trap class allows a BPF filter program to branch out to user space by -// raising a SIGSYS signal. -// N.B.: This class does not perform any synchronization operations. If -// modifications are made to any of the traps, it is the caller's -// responsibility to ensure that this happens in a thread-safe fashion. -// Preferably, that means that no other threads should be running at that -// time. For the purposes of our sandbox, this assertion should always be -// true. Threads are incompatible with the seccomp sandbox anyway. -class SANDBOX_EXPORT Trap : public bpf_dsl::TrapRegistry { - public: - uint16_t Add(TrapFnc fnc, const void* aux, bool safe) override; - - bool EnableUnsafeTraps() override; - - // Registry returns the trap registry used by Trap's SIGSYS handler, - // creating it if necessary. - static bpf_dsl::TrapRegistry* Registry(); - - // SandboxDebuggingAllowedByUser returns whether the - // "CHROME_SANDBOX_DEBUGGING" environment variable is set. - static bool SandboxDebuggingAllowedByUser(); - - private: - struct TrapKey { - TrapKey() : fnc(NULL), aux(NULL), safe(false) {} - TrapKey(TrapFnc f, const void* a, bool s) : fnc(f), aux(a), safe(s) {} - TrapFnc fnc; - const void* aux; - bool safe; - bool operator<(const TrapKey&) const; - }; - typedef std::map<TrapKey, uint16_t> TrapIds; - - // Our constructor is private. A shared global instance is created - // automatically as needed. - Trap(); - - // The destructor is unimplemented as destroying this object would - // break subsequent system calls that trigger a SIGSYS. - ~Trap() = delete; - - static void SigSysAction(int nr, LinuxSigInfo* info, void* void_context); - - // Make sure that SigSys is not inlined in order to get slightly better crash - // dumps. - void SigSys(int nr, LinuxSigInfo* info, ucontext_t* ctx) - __attribute__((noinline)); - // We have a global singleton that handles all of our SIGSYS traps. This - // variable must never be deallocated after it has been set up initially, as - // there is no way to reset in-kernel BPF filters that generate SIGSYS - // events. - static Trap* global_trap_; - - TrapIds trap_ids_; // Maps from TrapKeys to numeric ids - TrapKey* trap_array_; // Array of TrapKeys indexed by ids - size_t trap_array_size_; // Currently used size of array - size_t trap_array_capacity_; // Currently allocated capacity of array - bool has_unsafe_traps_; // Whether unsafe traps have been enabled - - // Copying and assigning is unimplemented. It doesn't make sense for a - // singleton. - DISALLOW_COPY_AND_ASSIGN(Trap); -}; - -} // namespace sandbox - -#endif // SANDBOX_LINUX_SECCOMP_BPF_TRAP_H__ |