From 8a93e3822b23897bde15cf0e2a7cdee5973fd5a2 Mon Sep 17 00:00:00 2001
From: "markus@chromium.org"
 <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 18 May 2010 20:54:46 +0000
Subject: Add support for calling {rt_,}sigaction(), and for invoking signal
 handlers from within the sandbox.

Added tests for the new functionality and merged the tests for sigreturn()
that had previously been committed to the standalone version of the sandbox
(on Google Code)

TEST=run "make test"
BUG=37728
Review URL: http://codereview.chromium.org/2074003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47561 0039d316-1c4b-4281-b951-d872f2087c98
---
 sandbox/linux/seccomp/sandbox_impl.h | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'sandbox/linux/seccomp/sandbox_impl.h')

diff --git a/sandbox/linux/seccomp/sandbox_impl.h b/sandbox/linux/seccomp/sandbox_impl.h
index 9c49ffc..ce2291c 100644
--- a/sandbox/linux/seccomp/sandbox_impl.h
+++ b/sandbox/linux/seccomp/sandbox_impl.h
@@ -139,6 +139,10 @@ class Sandbox {
   STATIC ssize_t sandbox_recvmsg(int, struct msghdr*, int)
                                          asm("playground$sandbox_recvmsg");
   #endif
+  #if defined(__NR_rt_sigaction)
+  STATIC long sandbox_rt_sigaction(int, const void*, void*, size_t)
+                                        asm("playground$sandbox_rt_sigaction");
+  #endif
   #if defined(__NR_rt_sigprocmask)
   STATIC long sandbox_rt_sigprocmask(int how, const void*, void*, size_t)
                                       asm("playground$sandbox_rt_sigprocmask");
@@ -162,6 +166,14 @@ class Sandbox {
   STATIC long sandbox_setsockopt(int, int, int, const void*, socklen_t)
                                          asm("playground$sandbox_setsockopt");
   #endif
+  #if defined(__NR_sigaction)
+  STATIC long sandbox_sigaction(int, const void*, void*)
+                                         asm("playground$sandbox_sigaction");
+  #endif
+  #if defined(__NR_signal)
+  STATIC void* sandbox_signal(int, const void*)
+                                         asm("playground$sandbox_signal");
+  #endif
   #if defined(__NR_sigprocmask)
   STATIC long sandbox_sigprocmask(int how, const void*, void*)
                                          asm("playground$sandbox_sigprocmask");
@@ -226,6 +238,8 @@ class Sandbox {
   STATIC bool process_shmget(int, int, int, int, SecureMemArgs*)
                                          asm("playground$process_shmget");
   #endif
+  STATIC bool process_sigaction(int, int, int, int, SecureMemArgs*)
+                                         asm("playground$process_sigaction");
   #if defined(__NR_socketcall)
   STATIC bool process_socketcall(int, int, int, int, SecureMemArgs*)
                                          asm("playground$process_socketcall");
@@ -542,6 +556,14 @@ class Sandbox {
     int how;
   } __attribute__((packed));
 
+  struct SigAction {
+    int                               sysnum;
+    int                               signum;
+    const SysCalls::kernel_sigaction* action;
+    const SysCalls::kernel_sigaction* old_action;
+    size_t                            sigsetsize;
+  } __attribute__((packed));
+
   struct Socket {
     int domain;
     int type;
@@ -657,6 +679,10 @@ class Sandbox {
   static const struct SocketCallArgInfo socketCallArgInfo[];
   #endif
 
+  // We always have to intercept SIGSEGV. If the application wants to set its
+  // own SEGV handler, we forward to it whenever necessary.
+  static SysCalls::kernel_sigaction sa_segv_ asm("playground$sa_segv");
+
   // The syscall_mutex_ can only be directly accessed by the trusted process.
   // It can be accessed by the trusted thread after fork()ing and calling
   // mprotect(PROT_READ|PROT_WRITE). The mutex is used for system calls that
-- 
cgit v1.1