diff options
| author | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-18 20:54:46 +0000 |
|---|---|---|
| committer | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-18 20:54:46 +0000 |
| commit | 8a93e3822b23897bde15cf0e2a7cdee5973fd5a2 (patch) | |
| tree | 554c22cd6c5a41b159a82edceb853d405e806ab7 /sandbox/linux/seccomp/sandbox_impl.h | |
| parent | 5f74571613bed65f1bc527289ddfd8fbaee2bc89 (diff) | |
| download | chromium_src-8a93e3822b23897bde15cf0e2a7cdee5973fd5a2.zip chromium_src-8a93e3822b23897bde15cf0e2a7cdee5973fd5a2.tar.gz chromium_src-8a93e3822b23897bde15cf0e2a7cdee5973fd5a2.tar.bz2 | |
Add support for calling {rt_,}sigaction(), and for invoking signal handlers
from within the sandbox.
Added tests for the new functionality and merged the tests for sigreturn()
that had previously been committed to the standalone version of the sandbox
(on Google Code)
TEST=run "make test"
BUG=37728
Review URL: http://codereview.chromium.org/2074003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47561 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux/seccomp/sandbox_impl.h')
| -rw-r--r-- | sandbox/linux/seccomp/sandbox_impl.h | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/sandbox/linux/seccomp/sandbox_impl.h b/sandbox/linux/seccomp/sandbox_impl.h index 9c49ffc..ce2291c 100644 --- a/sandbox/linux/seccomp/sandbox_impl.h +++ b/sandbox/linux/seccomp/sandbox_impl.h @@ -139,6 +139,10 @@ class Sandbox { STATIC ssize_t sandbox_recvmsg(int, struct msghdr*, int) asm("playground$sandbox_recvmsg"); #endif + #if defined(__NR_rt_sigaction) + STATIC long sandbox_rt_sigaction(int, const void*, void*, size_t) + asm("playground$sandbox_rt_sigaction"); + #endif #if defined(__NR_rt_sigprocmask) STATIC long sandbox_rt_sigprocmask(int how, const void*, void*, size_t) asm("playground$sandbox_rt_sigprocmask"); @@ -162,6 +166,14 @@ class Sandbox { STATIC long sandbox_setsockopt(int, int, int, const void*, socklen_t) asm("playground$sandbox_setsockopt"); #endif + #if defined(__NR_sigaction) + STATIC long sandbox_sigaction(int, const void*, void*) + asm("playground$sandbox_sigaction"); + #endif + #if defined(__NR_signal) + STATIC void* sandbox_signal(int, const void*) + asm("playground$sandbox_signal"); + #endif #if defined(__NR_sigprocmask) STATIC long sandbox_sigprocmask(int how, const void*, void*) asm("playground$sandbox_sigprocmask"); @@ -226,6 +238,8 @@ class Sandbox { STATIC bool process_shmget(int, int, int, int, SecureMemArgs*) asm("playground$process_shmget"); #endif + STATIC bool process_sigaction(int, int, int, int, SecureMemArgs*) + asm("playground$process_sigaction"); #if defined(__NR_socketcall) STATIC bool process_socketcall(int, int, int, int, SecureMemArgs*) asm("playground$process_socketcall"); @@ -542,6 +556,14 @@ class Sandbox { int how; } __attribute__((packed)); + struct SigAction { + int sysnum; + int signum; + const SysCalls::kernel_sigaction* action; + const SysCalls::kernel_sigaction* old_action; + size_t sigsetsize; + } __attribute__((packed)); + struct Socket { int domain; int type; @@ -657,6 +679,10 @@ class Sandbox { static const struct SocketCallArgInfo socketCallArgInfo[]; #endif + // We always have to intercept SIGSEGV. If the application wants to set its + // own SEGV handler, we forward to it whenever necessary. + static SysCalls::kernel_sigaction sa_segv_ asm("playground$sa_segv"); + // The syscall_mutex_ can only be directly accessed by the trusted process. // It can be accessed by the trusted thread after fork()ing and calling // mprotect(PROT_READ|PROT_WRITE). The mutex is used for system calls that |