diff options
Diffstat (limited to 'sandbox')
40 files changed, 313 insertions, 267 deletions
diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn index 64940f1..eae3d6e 100644 --- a/sandbox/linux/BUILD.gn +++ b/sandbox/linux/BUILD.gn @@ -101,11 +101,12 @@ test("sandbox_linux_unittests") { } if (use_seccomp_bpf) { sources += [ - "bpf_dsl/bpf_dsl_more_unittest.cc", "bpf_dsl/bpf_dsl_unittest.cc", "bpf_dsl/codegen_unittest.cc", "bpf_dsl/cons_unittest.cc", "bpf_dsl/syscall_set_unittest.cc", + "integration_tests/bpf_dsl_seccomp_unittest.cc", + "integration_tests/seccomp_broker_process_unittest.cc", "seccomp-bpf-helpers/baseline_policy_unittest.cc", "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc", "seccomp-bpf/bpf_tests_unittest.cc", @@ -116,11 +117,11 @@ test("sandbox_linux_unittests") { } if (compile_credentials) { sources += [ + "integration_tests/namespace_unix_domain_socket_unittest.cc", "services/credentials_unittest.cc", "services/namespace_sandbox_unittest.cc", "services/namespace_utils_unittest.cc", "services/proc_util_unittest.cc", - "services/unix_domain_socket_unittest.cc", ] } } @@ -278,16 +279,16 @@ component("sandbox_services") { source_set("sandbox_services_headers") { sources = [ - "services/android_arm_ucontext.h", - "services/android_arm64_ucontext.h", - "services/android_futex.h", - "services/android_ucontext.h", - "services/android_i386_ucontext.h", - "services/arm_linux_syscalls.h", - "services/arm64_linux_syscalls.h", - "services/linux_syscalls.h", - "services/x86_32_linux_syscalls.h", - "services/x86_64_linux_syscalls.h", + "system_headers/android_arm_ucontext.h", + "system_headers/android_arm64_ucontext.h", + "system_headers/android_futex.h", + "system_headers/android_ucontext.h", + "system_headers/android_i386_ucontext.h", + "system_headers/arm_linux_syscalls.h", + "system_headers/arm64_linux_syscalls.h", + "system_headers/linux_syscalls.h", + "system_headers/x86_32_linux_syscalls.h", + "system_headers/x86_64_linux_syscalls.h", ] } diff --git a/sandbox/linux/bpf_dsl/DEPS b/sandbox/linux/bpf_dsl/DEPS index 8333218..cd16d0d 100644 --- a/sandbox/linux/bpf_dsl/DEPS +++ b/sandbox/linux/bpf_dsl/DEPS @@ -1,6 +1,4 @@ include_rules = [ # TODO(mdempsky): Eliminate cyclic dependency on seccomp-bpf. "+sandbox/linux/seccomp-bpf", - "+sandbox/linux/services", # for bpf_dsl_more_unittest.cc - "+sandbox/linux/syscall_broker", # for bpf_dsl_more_unittest.cc ] diff --git a/sandbox/linux/integration_tests/DEPS b/sandbox/linux/integration_tests/DEPS new file mode 100644 index 0000000..d50729ce --- /dev/null +++ b/sandbox/linux/integration_tests/DEPS @@ -0,0 +1,7 @@ +include_rules = [ + "+sandbox/linux/bpf_dsl", + "+sandbox/linux/seccomp-bpf", + "+sandbox/linux/services", + "+sandbox/linux/syscall_broker", + "+sandbox/linux/system_headers", +] diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc b/sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc index 7ddf6fb..3729eb4 100644 --- a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc +++ b/sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc @@ -1,9 +1,7 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "sandbox/linux/bpf_dsl/bpf_dsl.h" - #include <errno.h> #include <fcntl.h> #include <pthread.h> @@ -33,6 +31,7 @@ #include "base/sys_info.h" #include "base/threading/thread.h" #include "build/build_config.h" +#include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/bpf_dsl/policy.h" #include "sandbox/linux/seccomp-bpf/bpf_tests.h" #include "sandbox/linux/seccomp-bpf/die.h" @@ -41,11 +40,9 @@ #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/seccomp-bpf/syscall.h" #include "sandbox/linux/seccomp-bpf/trap.h" -#include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/services/syscall_wrappers.h" #include "sandbox/linux/services/thread_helpers.h" -#include "sandbox/linux/syscall_broker/broker_file_permission.h" -#include "sandbox/linux/syscall_broker/broker_process.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" #include "sandbox/linux/tests/scoped_temporary_file.h" #include "sandbox/linux/tests/unit_tests.h" #include "testing/gtest/include/gtest/gtest.h" @@ -734,149 +731,6 @@ BPF_TEST_C(SandboxBPF, UnsafeTrapWithErrno, RedirectAllSyscallsPolicy) { BPF_ASSERT(errno == 0); } -bool NoOpCallback() { - return true; -} - -// Test a trap handler that makes use of a broker process to open(). - -class InitializedOpenBroker { - public: - InitializedOpenBroker() : initialized_(false) { - std::vector<syscall_broker::BrokerFilePermission> permissions; - permissions.push_back( - syscall_broker::BrokerFilePermission::ReadOnly("/proc/allowed")); - permissions.push_back( - syscall_broker::BrokerFilePermission::ReadOnly("/proc/cpuinfo")); - - broker_process_.reset( - new syscall_broker::BrokerProcess(EPERM, permissions)); - BPF_ASSERT(broker_process() != NULL); - BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); - - initialized_ = true; - } - bool initialized() { return initialized_; } - class syscall_broker::BrokerProcess* broker_process() { - return broker_process_.get(); - } - - private: - bool initialized_; - scoped_ptr<class syscall_broker::BrokerProcess> broker_process_; - DISALLOW_COPY_AND_ASSIGN(InitializedOpenBroker); -}; - -intptr_t BrokerOpenTrapHandler(const struct arch_seccomp_data& args, - void* aux) { - BPF_ASSERT(aux); - syscall_broker::BrokerProcess* broker_process = - static_cast<syscall_broker::BrokerProcess*>(aux); - switch (args.nr) { - case __NR_faccessat: // access is a wrapper of faccessat in android - BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD); - return broker_process->Access(reinterpret_cast<const char*>(args.args[1]), - static_cast<int>(args.args[2])); -#if defined(__NR_access) - case __NR_access: - return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), - static_cast<int>(args.args[1])); -#endif -#if defined(__NR_open) - case __NR_open: - return broker_process->Open(reinterpret_cast<const char*>(args.args[0]), - static_cast<int>(args.args[1])); -#endif - case __NR_openat: - // We only call open() so if we arrive here, it's because glibc uses - // the openat() system call. - BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD); - return broker_process->Open(reinterpret_cast<const char*>(args.args[1]), - static_cast<int>(args.args[2])); - default: - BPF_ASSERT(false); - return -ENOSYS; - } -} - -class DenyOpenPolicy : public Policy { - public: - explicit DenyOpenPolicy(InitializedOpenBroker* iob) : iob_(iob) {} - ~DenyOpenPolicy() override {} - - ResultExpr EvaluateSyscall(int sysno) const override { - DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); - - switch (sysno) { - case __NR_faccessat: -#if defined(__NR_access) - case __NR_access: -#endif -#if defined(__NR_open) - case __NR_open: -#endif - case __NR_openat: - // We get a InitializedOpenBroker class, but our trap handler wants - // the syscall_broker::BrokerProcess object. - return Trap(BrokerOpenTrapHandler, iob_->broker_process()); - default: - return Allow(); - } - } - - private: - InitializedOpenBroker* iob_; - - DISALLOW_COPY_AND_ASSIGN(DenyOpenPolicy); -}; - -// We use a InitializedOpenBroker class, so that we can run unsandboxed -// code in its constructor, which is the only way to do so in a BPF_TEST. -BPF_TEST(SandboxBPF, - UseOpenBroker, - DenyOpenPolicy, - InitializedOpenBroker /* (*BPF_AUX) */) { - BPF_ASSERT(BPF_AUX->initialized()); - syscall_broker::BrokerProcess* broker_process = BPF_AUX->broker_process(); - BPF_ASSERT(broker_process != NULL); - - // First, use the broker "manually" - BPF_ASSERT(broker_process->Open("/proc/denied", O_RDONLY) == -EPERM); - BPF_ASSERT(broker_process->Access("/proc/denied", R_OK) == -EPERM); - BPF_ASSERT(broker_process->Open("/proc/allowed", O_RDONLY) == -ENOENT); - BPF_ASSERT(broker_process->Access("/proc/allowed", R_OK) == -ENOENT); - - // Now use glibc's open() as an external library would. - BPF_ASSERT(open("/proc/denied", O_RDONLY) == -1); - BPF_ASSERT(errno == EPERM); - - BPF_ASSERT(open("/proc/allowed", O_RDONLY) == -1); - BPF_ASSERT(errno == ENOENT); - - // Also test glibc's openat(), some versions of libc use it transparently - // instead of open(). - BPF_ASSERT(openat(AT_FDCWD, "/proc/denied", O_RDONLY) == -1); - BPF_ASSERT(errno == EPERM); - - BPF_ASSERT(openat(AT_FDCWD, "/proc/allowed", O_RDONLY) == -1); - BPF_ASSERT(errno == ENOENT); - - // And test glibc's access(). - BPF_ASSERT(access("/proc/denied", R_OK) == -1); - BPF_ASSERT(errno == EPERM); - - BPF_ASSERT(access("/proc/allowed", R_OK) == -1); - BPF_ASSERT(errno == ENOENT); - - // This is also white listed and does exist. - int cpu_info_access = access("/proc/cpuinfo", R_OK); - BPF_ASSERT(cpu_info_access == 0); - int cpu_info_fd = open("/proc/cpuinfo", O_RDONLY); - BPF_ASSERT(cpu_info_fd >= 0); - char buf[1024]; - BPF_ASSERT(read(cpu_info_fd, buf, sizeof(buf)) > 0); -} - // Simple test demonstrating how to use SandboxBPF::Cond() class SimpleCondTestPolicy : public Policy { diff --git a/sandbox/linux/services/unix_domain_socket_unittest.cc b/sandbox/linux/integration_tests/namespace_unix_domain_socket_unittest.cc index dafa91d..dafa91d 100644 --- a/sandbox/linux/services/unix_domain_socket_unittest.cc +++ b/sandbox/linux/integration_tests/namespace_unix_domain_socket_unittest.cc diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc new file mode 100644 index 0000000..3e60c18 --- /dev/null +++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc @@ -0,0 +1,180 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> + +#include <vector> + +#include "base/bind.h" +#include "base/memory/scoped_ptr.h" +#include "base/posix/eintr_wrapper.h" +#include "build/build_config.h" +#include "sandbox/linux/bpf_dsl/bpf_dsl.h" +#include "sandbox/linux/bpf_dsl/policy.h" +#include "sandbox/linux/seccomp-bpf/bpf_tests.h" +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" +#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" +#include "sandbox/linux/syscall_broker/broker_file_permission.h" +#include "sandbox/linux/syscall_broker/broker_process.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" +#include "sandbox/linux/tests/unit_tests.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace sandbox { + +namespace { + +using bpf_dsl::Allow; +using bpf_dsl::ResultExpr; +using bpf_dsl::Trap; + +bool NoOpCallback() { + return true; +} + +// Test a trap handler that makes use of a broker process to open(). + +class InitializedOpenBroker { + public: + InitializedOpenBroker() : initialized_(false) { + std::vector<syscall_broker::BrokerFilePermission> permissions; + permissions.push_back( + syscall_broker::BrokerFilePermission::ReadOnly("/proc/allowed")); + permissions.push_back( + syscall_broker::BrokerFilePermission::ReadOnly("/proc/cpuinfo")); + + broker_process_.reset( + new syscall_broker::BrokerProcess(EPERM, permissions)); + BPF_ASSERT(broker_process() != NULL); + BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); + + initialized_ = true; + } + bool initialized() { return initialized_; } + class syscall_broker::BrokerProcess* broker_process() { + return broker_process_.get(); + } + + private: + bool initialized_; + scoped_ptr<class syscall_broker::BrokerProcess> broker_process_; + DISALLOW_COPY_AND_ASSIGN(InitializedOpenBroker); +}; + +intptr_t BrokerOpenTrapHandler(const struct arch_seccomp_data& args, + void* aux) { + BPF_ASSERT(aux); + syscall_broker::BrokerProcess* broker_process = + static_cast<syscall_broker::BrokerProcess*>(aux); + switch (args.nr) { + case __NR_faccessat: // access is a wrapper of faccessat in android + BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD); + return broker_process->Access(reinterpret_cast<const char*>(args.args[1]), + static_cast<int>(args.args[2])); +#if defined(__NR_access) + case __NR_access: + return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), + static_cast<int>(args.args[1])); +#endif +#if defined(__NR_open) + case __NR_open: + return broker_process->Open(reinterpret_cast<const char*>(args.args[0]), + static_cast<int>(args.args[1])); +#endif + case __NR_openat: + // We only call open() so if we arrive here, it's because glibc uses + // the openat() system call. + BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD); + return broker_process->Open(reinterpret_cast<const char*>(args.args[1]), + static_cast<int>(args.args[2])); + default: + BPF_ASSERT(false); + return -ENOSYS; + } +} + +class DenyOpenPolicy : public bpf_dsl::Policy { + public: + explicit DenyOpenPolicy(InitializedOpenBroker* iob) : iob_(iob) {} + ~DenyOpenPolicy() override {} + + ResultExpr EvaluateSyscall(int sysno) const override { + DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); + + switch (sysno) { + case __NR_faccessat: +#if defined(__NR_access) + case __NR_access: +#endif +#if defined(__NR_open) + case __NR_open: +#endif + case __NR_openat: + // We get a InitializedOpenBroker class, but our trap handler wants + // the syscall_broker::BrokerProcess object. + return Trap(BrokerOpenTrapHandler, iob_->broker_process()); + default: + return Allow(); + } + } + + private: + InitializedOpenBroker* iob_; + + DISALLOW_COPY_AND_ASSIGN(DenyOpenPolicy); +}; + +// We use a InitializedOpenBroker class, so that we can run unsandboxed +// code in its constructor, which is the only way to do so in a BPF_TEST. +BPF_TEST(SandboxBPF, + UseOpenBroker, + DenyOpenPolicy, + InitializedOpenBroker /* (*BPF_AUX) */) { + BPF_ASSERT(BPF_AUX->initialized()); + syscall_broker::BrokerProcess* broker_process = BPF_AUX->broker_process(); + BPF_ASSERT(broker_process != NULL); + + // First, use the broker "manually" + BPF_ASSERT(broker_process->Open("/proc/denied", O_RDONLY) == -EPERM); + BPF_ASSERT(broker_process->Access("/proc/denied", R_OK) == -EPERM); + BPF_ASSERT(broker_process->Open("/proc/allowed", O_RDONLY) == -ENOENT); + BPF_ASSERT(broker_process->Access("/proc/allowed", R_OK) == -ENOENT); + + // Now use glibc's open() as an external library would. + BPF_ASSERT(open("/proc/denied", O_RDONLY) == -1); + BPF_ASSERT(errno == EPERM); + + BPF_ASSERT(open("/proc/allowed", O_RDONLY) == -1); + BPF_ASSERT(errno == ENOENT); + + // Also test glibc's openat(), some versions of libc use it transparently + // instead of open(). + BPF_ASSERT(openat(AT_FDCWD, "/proc/denied", O_RDONLY) == -1); + BPF_ASSERT(errno == EPERM); + + BPF_ASSERT(openat(AT_FDCWD, "/proc/allowed", O_RDONLY) == -1); + BPF_ASSERT(errno == ENOENT); + + // And test glibc's access(). + BPF_ASSERT(access("/proc/denied", R_OK) == -1); + BPF_ASSERT(errno == EPERM); + + BPF_ASSERT(access("/proc/allowed", R_OK) == -1); + BPF_ASSERT(errno == ENOENT); + + // This is also white listed and does exist. + int cpu_info_access = access("/proc/cpuinfo", R_OK); + BPF_ASSERT(cpu_info_access == 0); + int cpu_info_fd = open("/proc/cpuinfo", O_RDONLY); + BPF_ASSERT(cpu_info_fd >= 0); + char buf[1024]; + BPF_ASSERT(read(cpu_info_fd, buf, sizeof(buf)) > 0); +} + +} // namespace + +} // namespace sandbox diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi index c03b024..2a01820 100644 --- a/sandbox/linux/sandbox_linux.gypi +++ b/sandbox/linux/sandbox_linux.gypi @@ -274,18 +274,18 @@ { 'target_name': 'sandbox_services_headers', 'type': 'none', 'sources': [ - 'services/android_arm_ucontext.h', - 'services/android_arm64_ucontext.h', - 'services/android_futex.h', - 'services/android_ucontext.h', - 'services/android_i386_ucontext.h', - 'services/android_mips_ucontext.h', - 'services/arm_linux_syscalls.h', - 'services/arm64_linux_syscalls.h', - 'services/mips_linux_syscalls.h', - 'services/linux_syscalls.h', - 'services/x86_32_linux_syscalls.h', - 'services/x86_64_linux_syscalls.h', + 'system_headers/android_arm_ucontext.h', + 'system_headers/android_arm64_ucontext.h', + 'system_headers/android_futex.h', + 'system_headers/android_ucontext.h', + 'system_headers/android_i386_ucontext.h', + 'system_headers/android_mips_ucontext.h', + 'system_headers/arm_linux_syscalls.h', + 'system_headers/arm64_linux_syscalls.h', + 'system_headers/mips_linux_syscalls.h', + 'system_headers/linux_syscalls.h', + 'system_headers/x86_32_linux_syscalls.h', + 'system_headers/x86_64_linux_syscalls.h', ], 'include_dirs': [ '..', diff --git a/sandbox/linux/sandbox_linux_test_sources.gypi b/sandbox/linux/sandbox_linux_test_sources.gypi index eef29db..6077fb1 100644 --- a/sandbox/linux/sandbox_linux_test_sources.gypi +++ b/sandbox/linux/sandbox_linux_test_sources.gypi @@ -39,11 +39,12 @@ }], [ 'use_seccomp_bpf==1', { 'sources': [ - 'bpf_dsl/bpf_dsl_more_unittest.cc', 'bpf_dsl/bpf_dsl_unittest.cc', 'bpf_dsl/codegen_unittest.cc', 'bpf_dsl/cons_unittest.cc', 'bpf_dsl/syscall_set_unittest.cc', + 'integration_tests/bpf_dsl_seccomp_unittest.cc', + 'integration_tests/seccomp_broker_process_unittest.cc', 'seccomp-bpf-helpers/baseline_policy_unittest.cc', 'seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc', 'seccomp-bpf/bpf_tests_unittest.cc', @@ -54,11 +55,11 @@ }], [ 'compile_credentials==1', { 'sources': [ + 'integration_tests/namespace_unix_domain_socket_unittest.cc', 'services/credentials_unittest.cc', 'services/namespace_sandbox_unittest.cc', 'services/namespace_utils_unittest.cc', 'services/proc_util_unittest.cc', - 'services/unix_domain_socket_unittest.cc', ], }], ], diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS index 01e1fe2..4419fd1 100644 --- a/sandbox/linux/seccomp-bpf-helpers/DEPS +++ b/sandbox/linux/seccomp-bpf-helpers/DEPS @@ -1,6 +1,7 @@ include_rules = [ "+sandbox/linux/bpf_dsl", - "+sandbox/linux/services", "+sandbox/linux/seccomp-bpf", + "+sandbox/linux/services", + "+sandbox/linux/system_headers", "+third_party/lss/linux_syscall_support.h", ] diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc index afa74cb..8c679a3 100644 --- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc @@ -18,8 +18,8 @@ #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" -#include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/services/syscall_wrappers.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" // Changing this implementation will have an effect on *all* policies. // Currently this means: Renderer/Worker, GPU, Flash and NaCl. diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc index 4955dfb..e6e8934 100644 --- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc +++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc @@ -30,10 +30,10 @@ #include "sandbox/linux/seccomp-bpf/bpf_tests.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/seccomp-bpf/syscall.h" -#include "sandbox/linux/services/android_futex.h" -#include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/services/syscall_wrappers.h" #include "sandbox/linux/services/thread_helpers.h" +#include "sandbox/linux/system_headers/android_futex.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" #include "sandbox/linux/tests/test_utils.h" #include "sandbox/linux/tests/unit_tests.h" diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc index 42be00b..21fd4d7 100644 --- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc +++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc @@ -16,8 +16,8 @@ #include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/seccomp-bpf/syscall.h" -#include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/services/syscall_wrappers.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" #if defined(__mips__) // __NR_Linux, is defined in <asm/unistd.h>. diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc index 64a6bb0..d90795b 100644 --- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc @@ -30,11 +30,11 @@ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" -#include "sandbox/linux/services/linux_syscalls.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" #if defined(OS_ANDROID) -#include "sandbox/linux/services/android_futex.h" +#include "sandbox/linux/system_headers/android_futex.h" #if !defined(F_DUPFD_CLOEXEC) #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc index e374ed2..e653b8a 100644 --- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc @@ -24,8 +24,8 @@ #include "sandbox/linux/seccomp-bpf/bpf_tests.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/seccomp-bpf/syscall.h" -#include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/services/syscall_wrappers.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" #include "sandbox/linux/tests/unit_tests.h" #if !defined(OS_ANDROID) diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc index 640be69..c217d47 100644 --- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc @@ -5,7 +5,7 @@ #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" #include "build/build_config.h" -#include "sandbox/linux/services/linux_syscalls.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/DEPS b/sandbox/linux/seccomp-bpf/DEPS index 7fef15f..149c463 100644 --- a/sandbox/linux/seccomp-bpf/DEPS +++ b/sandbox/linux/seccomp-bpf/DEPS @@ -1,4 +1,5 @@ include_rules = [ "+sandbox/linux/bpf_dsl", "+sandbox/linux/services", + "+sandbox/linux/system_headers", ] diff --git a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc index 9727d28..63e1814 100644 --- a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc +++ b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc @@ -16,8 +16,8 @@ #include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/bpf_dsl/policy.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" -#include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/services/syscall_wrappers.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" #include "sandbox/linux/tests/unit_tests.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc index d0a9ed3..588cd2e 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc @@ -34,9 +34,9 @@ #include "sandbox/linux/seccomp-bpf/syscall.h" #include "sandbox/linux/seccomp-bpf/trap.h" #include "sandbox/linux/seccomp-bpf/verifier.h" -#include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/services/syscall_wrappers.h" #include "sandbox/linux/services/thread_helpers.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc index 7e478b5..710f176 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc @@ -18,7 +18,7 @@ namespace sandbox { namespace { // NOTE: most tests for the SandboxBPF class are currently in -// bpf_dsl_more_unittest.cc. +// integration_tests/. TEST(SandboxBPF, CreateDestroy) { // Give an opportunity to dynamic tools to perform some simple testing. diff --git a/sandbox/linux/seccomp-bpf/syscall.h b/sandbox/linux/seccomp-bpf/syscall.h index 3686df5..dfb44eb 100644 --- a/sandbox/linux/seccomp-bpf/syscall.h +++ b/sandbox/linux/seccomp-bpf/syscall.h @@ -13,7 +13,7 @@ // Android's signal.h doesn't define ucontext etc. #if defined(OS_ANDROID) -#include "sandbox/linux/services/android_ucontext.h" +#include "sandbox/linux/system_headers/android_ucontext.h" #endif namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/trap.cc b/sandbox/linux/seccomp-bpf/trap.cc index dce6b7b..3f486be 100644 --- a/sandbox/linux/seccomp-bpf/trap.cc +++ b/sandbox/linux/seccomp-bpf/trap.cc @@ -20,7 +20,7 @@ // Android's signal.h doesn't define ucontext etc. #if defined(OS_ANDROID) -#include "sandbox/linux/services/android_ucontext.h" +#include "sandbox/linux/system_headers/android_ucontext.h" #endif namespace { diff --git a/sandbox/linux/services/DEPS b/sandbox/linux/services/DEPS new file mode 100644 index 0000000..70d9b18 --- /dev/null +++ b/sandbox/linux/services/DEPS @@ -0,0 +1,3 @@ +include_rules = [ + "+sandbox/linux/system_headers", +] diff --git a/sandbox/linux/services/android_ucontext.h b/sandbox/linux/services/android_ucontext.h deleted file mode 100644 index 2814710..0000000 --- a/sandbox/linux/services/android_ucontext.h +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef SANDBOX_LINUX_SERVICES_ANDROID_UCONTEXT_H_ -#define SANDBOX_LINUX_SERVICES_ANDROID_UCONTEXT_H_ - -#if defined(__ANDROID__) - -#if defined(__arm__) -#include "sandbox/linux/services/android_arm_ucontext.h" -#elif defined(__i386__) -#include "sandbox/linux/services/android_i386_ucontext.h" -#elif defined(__x86_64__) -#include "sandbox/linux/services/android_x86_64_ucontext.h" -#elif defined(__mips__) -#include "sandbox/linux/services/android_mips_ucontext.h" -#elif defined(__aarch64__) -#include "sandbox/linux/services/android_arm64_ucontext.h" -#else -#error "No support for your architecture in Android header" -#endif - -#else // __ANDROID__ -#error "Android header file included on non Android." -#endif // __ANDROID__ - -#endif // SANDBOX_LINUX_SERVICES_ANDROID_UCONTEXT_H_ diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc index efadbaf..af9dc46 100644 --- a/sandbox/linux/services/syscall_wrappers.cc +++ b/sandbox/linux/services/syscall_wrappers.cc @@ -17,7 +17,7 @@ #include "base/logging.h" #include "base/third_party/valgrind/valgrind.h" #include "build/build_config.h" -#include "sandbox/linux/services/linux_syscalls.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" namespace sandbox { diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS index 99a337d..70d9b18 100644 --- a/sandbox/linux/syscall_broker/DEPS +++ b/sandbox/linux/syscall_broker/DEPS @@ -1,3 +1,3 @@ include_rules = [ - "+sandbox/linux/services", + "+sandbox/linux/system_headers", ] diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc index ca55f21..fe28b47 100644 --- a/sandbox/linux/syscall_broker/broker_host.cc +++ b/sandbox/linux/syscall_broker/broker_host.cc @@ -20,9 +20,9 @@ #include "base/posix/eintr_wrapper.h" #include "base/posix/unix_domain_socket_linux.h" #include "base/third_party/valgrind/valgrind.h" -#include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/syscall_broker/broker_common.h" #include "sandbox/linux/syscall_broker/broker_policy.h" +#include "sandbox/linux/system_headers/linux_syscalls.h" namespace sandbox { diff --git a/sandbox/linux/services/android_arm64_ucontext.h b/sandbox/linux/system_headers/android_arm64_ucontext.h index 3df0399..df2b66a 100644 --- a/sandbox/linux/services/android_arm64_ucontext.h +++ b/sandbox/linux/system_headers/android_arm64_ucontext.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_LINUX_SERVICES_ANDROID_ARM64_UCONTEXT_H_ -#define SANDBOX_LINUX_SERVICES_ANDROID_ARM64_UCONTEXT_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_ARM64_UCONTEXT_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_ARM64_UCONTEXT_H_ #if !defined(__BIONIC_HAVE_UCONTEXT_T) #include <asm/sigcontext.h> @@ -26,4 +26,4 @@ struct ucontext_t { #include <sys/ucontext.h> #endif // __BIONIC_HAVE_UCONTEXT_T -#endif // SANDBOX_LINUX_SERVICES_ANDROID_ARM64_UCONTEXT_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_ARM64_UCONTEXT_H_ diff --git a/sandbox/linux/services/android_arm_ucontext.h b/sandbox/linux/system_headers/android_arm_ucontext.h index d1446c6..a380499 100644 --- a/sandbox/linux/services/android_arm_ucontext.h +++ b/sandbox/linux/system_headers/android_arm_ucontext.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_LINUX_SERVICES_ANDROID_ARM_UCONTEXT_H_ -#define SANDBOX_LINUX_SERVICES_ANDROID_ARM_UCONTEXT_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_ARM_UCONTEXT_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_ARM_UCONTEXT_H_ #if !defined(__BIONIC_HAVE_UCONTEXT_T) #include <asm/sigcontext.h> @@ -29,4 +29,4 @@ typedef struct ucontext { #include <sys/ucontext.h> #endif // __BIONIC_HAVE_UCONTEXT_T -#endif // SANDBOX_LINUX_SERVICES_ANDROID_ARM_UCONTEXT_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_ARM_UCONTEXT_H_ diff --git a/sandbox/linux/services/android_futex.h b/sandbox/linux/system_headers/android_futex.h index 571f5d2..11b766f 100644 --- a/sandbox/linux/services/android_futex.h +++ b/sandbox/linux/system_headers/android_futex.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_LINUX_SERVICES_ANDROID_FUTEX_H_ -#define SANDBOX_LINUX_SERVICES_ANDROID_FUTEX_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_FUTEX_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_FUTEX_H_ #if !defined(FUTEX_WAIT) #define FUTEX_WAIT 0 @@ -77,4 +77,4 @@ #define FUTEX_UNLOCK_PI_PRIVATE (FUTEX_UNLOCK_PI | FUTEX_PRIVATE_FLAG) #endif -#endif // SANDBOX_LINUX_SERVICES_ANDROID_FUTEX_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_FUTEX_H_ diff --git a/sandbox/linux/services/android_i386_ucontext.h b/sandbox/linux/system_headers/android_i386_ucontext.h index 580ac70..868016b 100644 --- a/sandbox/linux/services/android_i386_ucontext.h +++ b/sandbox/linux/system_headers/android_i386_ucontext.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_LINUX_SERVICES_ANDROID_I386_UCONTEXT_H_ -#define SANDBOX_LINUX_SERVICES_ANDROID_I386_UCONTEXT_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_I386_UCONTEXT_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_I386_UCONTEXT_H_ // We do something compatible with glibc. Hopefully, at some point Android will // provide that for us, and __BIONIC_HAVE_UCONTEXT_T should be defined. @@ -76,4 +76,4 @@ typedef struct ucontext { #include <sys/ucontext.h> #endif // __BIONIC_HAVE_UCONTEXT_T -#endif // SANDBOX_LINUX_SERVICES_ANDROID_I386_UCONTEXT_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_I386_UCONTEXT_H_ diff --git a/sandbox/linux/services/android_mips_ucontext.h b/sandbox/linux/system_headers/android_mips_ucontext.h index e23f1a7..ec3aa63 100644 --- a/sandbox/linux/services/android_mips_ucontext.h +++ b/sandbox/linux/system_headers/android_mips_ucontext.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_LINUX_SERVICES_ANDROID_MIPS_UCONTEXT_H_ -#define SANDBOX_LINUX_SERVICES_ANDROID_MIPS_UCONTEXT_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_MIPS_UCONTEXT_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_MIPS_UCONTEXT_H_ // This is mostly copied from breakpad (common/android/include/sys/ucontext.h), // except we do use sigset_t for uc_sigmask instead of a custom type. @@ -48,4 +48,4 @@ typedef struct ucontext { #include <sys/ucontext.h> #endif // __BIONIC_HAVE_UCONTEXT_T -#endif // SANDBOX_LINUX_SERVICES_ANDROID_MIPS_UCONTEXT_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_MIPS_UCONTEXT_H_ diff --git a/sandbox/linux/system_headers/android_ucontext.h b/sandbox/linux/system_headers/android_ucontext.h new file mode 100644 index 0000000..8e873be --- /dev/null +++ b/sandbox/linux/system_headers/android_ucontext.h @@ -0,0 +1,28 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_UCONTEXT_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_UCONTEXT_H_ + +#if defined(__ANDROID__) + +#if defined(__arm__) +#include "sandbox/linux/system_headers/android_arm_ucontext.h" +#elif defined(__i386__) +#include "sandbox/linux/system_headers/android_i386_ucontext.h" +#elif defined(__x86_64__) +#include "sandbox/linux/system_headers/android_x86_64_ucontext.h" +#elif defined(__mips__) +#include "sandbox/linux/system_headers/android_mips_ucontext.h" +#elif defined(__aarch64__) +#include "sandbox/linux/system_headers/android_arm64_ucontext.h" +#else +#error "No support for your architecture in Android header" +#endif + +#else // __ANDROID__ +#error "Android header file included on non Android." +#endif // __ANDROID__ + +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_UCONTEXT_H_ diff --git a/sandbox/linux/services/android_x86_64_ucontext.h b/sandbox/linux/system_headers/android_x86_64_ucontext.h index ef328e5..778e6d0 100644 --- a/sandbox/linux/services/android_x86_64_ucontext.h +++ b/sandbox/linux/system_headers/android_x86_64_ucontext.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_LINUX_SERVICES_ANDROID_X86_64_UCONTEXT_H_ -#define SANDBOX_LINUX_SERVICES_ANDROID_X86_64_UCONTEXT_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_X86_64_UCONTEXT_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_X86_64_UCONTEXT_H_ // We do something compatible with glibc. Hopefully, at some point Android will // provide that for us, and __BIONIC_HAVE_UCONTEXT_T should be defined. @@ -85,4 +85,4 @@ typedef struct ucontext { #include <sys/ucontext.h> #endif // __BIONIC_HAVE_UCONTEXT_T -#endif // SANDBOX_LINUX_SERVICES_ANDROID_X86_64_UCONTEXT_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ANDROID_X86_64_UCONTEXT_H_ diff --git a/sandbox/linux/services/arm64_linux_syscalls.h b/sandbox/linux/system_headers/arm64_linux_syscalls.h index 4443059..8acb2d1 100644 --- a/sandbox/linux/services/arm64_linux_syscalls.h +++ b/sandbox/linux/system_headers/arm64_linux_syscalls.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_LINUX_SERVICES_ARM64_LINUX_SYSCALLS_H_ -#define SANDBOX_LINUX_SERVICES_ARM64_LINUX_SYSCALLS_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_ #include <asm-generic/unistd.h> @@ -1059,4 +1059,4 @@ #define __NR_getrandom 278 #endif -#endif // SANDBOX_LINUX_SERVICES_ARM64_LINUX_SYSCALLS_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_ diff --git a/sandbox/linux/services/arm_linux_syscalls.h b/sandbox/linux/system_headers/arm_linux_syscalls.h index 5fa140d..b11041d 100644 --- a/sandbox/linux/services/arm_linux_syscalls.h +++ b/sandbox/linux/system_headers/arm_linux_syscalls.h @@ -3,8 +3,8 @@ // found in the LICENSE file. // Generated from the Linux kernel's calls.S. -#ifndef SANDBOX_LINUX_SERVICES_ARM_LINUX_SYSCALLS_H_ -#define SANDBOX_LINUX_SERVICES_ARM_LINUX_SYSCALLS_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_ARM_LINUX_SYSCALLS_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_ARM_LINUX_SYSCALLS_H_ #if !defined(__arm__) || !defined(__ARM_EABI__) #error "Including header on wrong architecture" @@ -1405,5 +1405,5 @@ #define __ARM_NR_cmpxchg (__ARM_NR_BASE+0x00fff0) #endif -#endif // SANDBOX_LINUX_SERVICES_ARM_LINUX_SYSCALLS_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ARM_LINUX_SYSCALLS_H_ diff --git a/sandbox/linux/services/linux_syscalls.h b/sandbox/linux/system_headers/linux_syscalls.h index 73d9f40..2b441e4 100644 --- a/sandbox/linux/services/linux_syscalls.h +++ b/sandbox/linux/system_headers/linux_syscalls.h @@ -6,32 +6,32 @@ // policies even when system headers are old. // System call numbers are accessible through __NR_syscall_name. -#ifndef SANDBOX_LINUX_SERVICES_LINUX_SYSCALLS_H_ -#define SANDBOX_LINUX_SERVICES_LINUX_SYSCALLS_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ #if defined(__x86_64__) -#include "sandbox/linux/services/x86_64_linux_syscalls.h" +#include "sandbox/linux/system_headers/x86_64_linux_syscalls.h" #endif #if defined(__i386__) -#include "sandbox/linux/services/x86_32_linux_syscalls.h" +#include "sandbox/linux/system_headers/x86_32_linux_syscalls.h" #endif #if defined(__arm__) && defined(__ARM_EABI__) -#include "sandbox/linux/services/arm_linux_syscalls.h" +#include "sandbox/linux/system_headers/arm_linux_syscalls.h" #endif #if defined(__mips__) && (_MIPS_SIM == _ABIO32) -#include "sandbox/linux/services/mips_linux_syscalls.h" +#include "sandbox/linux/system_headers/mips_linux_syscalls.h" #endif #if defined(__mips__) && (_MIPS_SIM == _ABI64) -#include "sandbox/linux/services/mips64_linux_syscalls.h" +#include "sandbox/linux/system_headers/mips64_linux_syscalls.h" #endif #if defined(__aarch64__) -#include "sandbox/linux/services/arm64_linux_syscalls.h" +#include "sandbox/linux/system_headers/arm64_linux_syscalls.h" #endif -#endif // SANDBOX_LINUX_SERVICES_LINUX_SYSCALLS_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ diff --git a/sandbox/linux/services/mips64_linux_syscalls.h b/sandbox/linux/system_headers/mips64_linux_syscalls.h index e6ef391..d003124 100644 --- a/sandbox/linux/services/mips64_linux_syscalls.h +++ b/sandbox/linux/system_headers/mips64_linux_syscalls.h @@ -3,8 +3,8 @@ // found in the LICENSE file. // Generated from the Linux kernel's calls.S. -#ifndef SANDBOX_LINUX_SERVICES_MIPS64_LINUX_SYSCALLS_H_ -#define SANDBOX_LINUX_SERVICES_MIPS64_LINUX_SYSCALLS_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_ #if !defined(__mips__) || (_MIPS_SIM != _ABI64) #error "Including header on wrong architecture" @@ -1263,4 +1263,4 @@ #define __NR_seccomp (__NR_Linux + 312) #endif -#endif // SANDBOX_LINUX_SERVICES_MIPS64_LINUX_SYSCALLS_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_ diff --git a/sandbox/linux/services/mips_linux_syscalls.h b/sandbox/linux/system_headers/mips_linux_syscalls.h index 3a7d3d9..eb1717a 100644 --- a/sandbox/linux/services/mips_linux_syscalls.h +++ b/sandbox/linux/system_headers/mips_linux_syscalls.h @@ -3,8 +3,8 @@ // found in the LICENSE file. // Generated from the Linux kernel's calls.S. -#ifndef SANDBOX_LINUX_SERVICES_MIPS_LINUX_SYSCALLS_H_ -#define SANDBOX_LINUX_SERVICES_MIPS_LINUX_SYSCALLS_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_ #if !defined(__mips__) || (_MIPS_SIM != _ABIO32) #error "Including header on wrong architecture" @@ -1425,4 +1425,4 @@ #define __NR_seccomp (__NR_Linux + 352) #endif -#endif // SANDBOX_LINUX_SERVICES_MIPS_LINUX_SYSCALLS_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_ diff --git a/sandbox/linux/services/x86_32_linux_syscalls.h b/sandbox/linux/system_headers/x86_32_linux_syscalls.h index 0fc2183..a6afc62 100644 --- a/sandbox/linux/services/x86_32_linux_syscalls.h +++ b/sandbox/linux/system_headers/x86_32_linux_syscalls.h @@ -3,8 +3,8 @@ // found in the LICENSE file. // Generated from the Linux kernel's syscall_32.tbl. -#ifndef SANDBOX_LINUX_SERVICES_X86_32_LINUX_SYSCALLS_H_ -#define SANDBOX_LINUX_SERVICES_X86_32_LINUX_SYSCALLS_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_ #if !defined(__i386__) #error "Including header on wrong architecture" @@ -1422,5 +1422,5 @@ #define __NR_memfd_create 356 #endif -#endif // SANDBOX_LINUX_SERVICES_X86_32_LINUX_SYSCALLS_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_ diff --git a/sandbox/linux/services/x86_64_linux_syscalls.h b/sandbox/linux/system_headers/x86_64_linux_syscalls.h index ea6c555..349504a 100644 --- a/sandbox/linux/services/x86_64_linux_syscalls.h +++ b/sandbox/linux/system_headers/x86_64_linux_syscalls.h @@ -3,8 +3,8 @@ // found in the LICENSE file. // Generated from the Linux kernel's syscall_64.tbl. -#ifndef SANDBOX_LINUX_SERVICES_X86_64_LINUX_SYSCALLS_H_ -#define SANDBOX_LINUX_SERVICES_X86_64_LINUX_SYSCALLS_H_ +#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_ +#define SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_ #if !defined(__x86_64__) #error "Including header on wrong architecture" @@ -1290,5 +1290,5 @@ #define __NR_memfd_create 319 #endif -#endif // SANDBOX_LINUX_SERVICES_X86_64_LINUX_SYSCALLS_H_ +#endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_ |