diff options
| author | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-08 02:01:44 +0000 |
|---|---|---|
| committer | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-08 02:01:44 +0000 |
| commit | 3e559a879200bfc10af1fbd182de31cb271e15e1 (patch) | |
| tree | bc1846ad2beef113770c99b99901e1ef4ba0ff93 /sandbox/linux/seccomp-bpf/sandbox_bpf.h | |
| parent | 6e15e3086c88c2011cf3bccd8a084f6b32815cee (diff) | |
| download | chromium_src-3e559a879200bfc10af1fbd182de31cb271e15e1.zip chromium_src-3e559a879200bfc10af1fbd182de31cb271e15e1.tar.gz chromium_src-3e559a879200bfc10af1fbd182de31cb271e15e1.tar.bz2 | |
Explicitly test bit 30 in the system call number to distinguish between the new x32 API and older Intel APIs.
Also, extend the system call range from 0..512 to 0..1024. This covers the extra system calls added with x32.
As x32 isn't widely available yet, we don't add any other code to support it (e.g. we don't build a version of
demo.cc that runs in x32). But by explicitly blocking it for i386 and x86-64 we ensure that a "default allow"
policy is going to do the right thing.
TEST=make && demo32 && demo64
BUG=130662
Review URL: https://chromiumcodereview.appspot.com/10542028
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141155 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux/seccomp-bpf/sandbox_bpf.h')
| -rw-r--r-- | sandbox/linux/seccomp-bpf/sandbox_bpf.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h index c3f504a..3501e62 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h @@ -72,7 +72,7 @@ #if defined(__i386__) #define MIN_SYSCALL 0 -#define MAX_SYSCALL 512 +#define MAX_SYSCALL 1024 #define SECCOMP_ARCH AUDIT_ARCH_I386 #define REG_RESULT REG_EAX #define REG_SYSCALL REG_EAX @@ -84,7 +84,7 @@ #define REG_PARM6 REG_EBP #elif defined(__x86_64__) #define MIN_SYSCALL 0 -#define MAX_SYSCALL 512 +#define MAX_SYSCALL 1024 #define SECCOMP_ARCH AUDIT_ARCH_X86_64 #define REG_RESULT REG_RAX #define REG_SYSCALL REG_RAX |