1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SIGSYS_HANDLERS_H_ 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SIGSYS_HANDLERS_H_ 7 8 #include <stdint.h> 9 10 #include "build/build_config.h" 11 #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h" 12 #include "sandbox/sandbox_export.h" 13 14 // The handlers are suitable for use in Trap() error codes. They are 15 // guaranteed to be async-signal safe. 16 // See sandbox/linux/seccomp-bpf/trap.h to see how they work. 17 18 namespace sandbox { 19 20 struct arch_seccomp_data; 21 22 // This handler will crash the currently running process. The crashing address 23 // will be the number of the current system call, extracted from |args|. 24 // This handler will also print to stderr the number of the crashing syscall. 25 SANDBOX_EXPORT intptr_t 26 CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux); 27 28 // The following three handlers are suitable to report failures with the 29 // clone(), prctl() and ioctl() system calls respectively. 30 31 // The crashing address will be (clone_flags & 0xFFFFFF), where clone_flags is 32 // the clone(2) argument, extracted from |args|. 33 SANDBOX_EXPORT intptr_t 34 SIGSYSCloneFailure(const struct arch_seccomp_data& args, void* aux); 35 // The crashing address will be (option & 0xFFF), where option is the prctl(2) 36 // argument. 37 SANDBOX_EXPORT intptr_t 38 SIGSYSPrctlFailure(const struct arch_seccomp_data& args, void* aux); 39 // The crashing address will be request & 0xFFFF, where request is the ioctl(2) 40 // argument. 41 SANDBOX_EXPORT intptr_t 42 SIGSYSIoctlFailure(const struct arch_seccomp_data& args, void* aux); 43 // The crashing address will be (pid & 0xFFF), where pid is the first 44 // argument (and can be a tid). 45 SANDBOX_EXPORT intptr_t 46 SIGSYSKillFailure(const struct arch_seccomp_data& args, void* aux); 47 // The crashing address will be (op & 0xFFF), where op is the second 48 // argument. 49 SANDBOX_EXPORT intptr_t 50 SIGSYSFutexFailure(const struct arch_seccomp_data& args, void* aux); 51 // If the syscall is not being called on the current tid, crashes in the same 52 // way as CrashSIGSYS_Handler. Otherwise, returns the result of calling the 53 // syscall with the pid argument set to 0 (which for these calls means the 54 // current thread). The following syscalls are supported: 55 // 56 // sched_getaffinity(), sched_getattr(), sched_getparam(), sched_getscheduler(), 57 // sched_rr_get_interval(), sched_setaffinity(), sched_setattr(), 58 // sched_setparam(), sched_setscheduler() 59 SANDBOX_EXPORT intptr_t 60 SIGSYSSchedHandler(const struct arch_seccomp_data& args, void* aux); 61 62 // Variants of the above functions for use with bpf_dsl. 63 SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS(); 64 SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSClone(); 65 SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPrctl(); 66 SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSIoctl(); 67 SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill(); 68 SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex(); 69 SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS(); 70 71 // Following four functions return substrings of error messages used 72 // in the above four functions. They are useful in death tests. 73 SANDBOX_EXPORT const char* GetErrorMessageContentForTests(); 74 SANDBOX_EXPORT const char* GetCloneErrorMessageContentForTests(); 75 SANDBOX_EXPORT const char* GetPrctlErrorMessageContentForTests(); 76 SANDBOX_EXPORT const char* GetIoctlErrorMessageContentForTests(); 77 SANDBOX_EXPORT const char* GetKillErrorMessageContentForTests(); 78 SANDBOX_EXPORT const char* GetFutexErrorMessageContentForTests(); 79 80 } // namespace sandbox. 81 82 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SIGSYS_HANDLERS_H_ 83
