sandbox/linux/bpf_dsl/trap_registry.h - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_
 #define SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_

 #include <stdint.h>

 #include "base/macros.h"
 #include "sandbox/sandbox_export.h"

 namespace sandbox {

 // This must match the kernel's seccomp_data structure.
 struct arch_seccomp_data {
   int nr;
   uint32_t arch;
   uint64_t instruction_pointer;
   uint64_t args[6];
 };

 namespace bpf_dsl {

 // TrapRegistry provides an interface for registering "trap handlers"
 // by associating them with non-zero 16-bit trap IDs. Trap IDs should
 // remain valid for the lifetime of the trap registry.
 class SANDBOX_EXPORT TrapRegistry {
  public:
   // TrapFnc is a pointer to a function that fulfills the trap handler
   // function signature.
   //
   // Trap handlers follow the calling convention of native system
   // calls; e.g., to report an error, they return an exit code in the
   // range -1..-4096 instead of directly modifying errno. However,
   // modifying errno is harmless, as the original value will be
   // restored afterwards.
   //
   // Trap handlers are executed from signal context and possibly an
   // async-signal context, so they must be async-signal safe:
   // http://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html
   typedef intptr_t (*TrapFnc)(const struct arch_seccomp_data& args, void* aux);

   // Add registers the specified trap handler tuple and returns a
   // non-zero trap ID that uniquely identifies the tuple for the life
   // time of the trap registry. If the same tuple is registered
   // multiple times, the same value will be returned each time.
   virtual uint16_t Add(TrapFnc fnc, const void* aux, bool safe) = 0;

   // EnableUnsafeTraps tries to enable unsafe traps and returns
   // whether it was successful. This is a one-way operation.
   //
   // CAUTION: Enabling unsafe traps effectively defeats the security
   // guarantees provided by the sandbox policy. TrapRegistry
   // implementations should ensure unsafe traps are only enabled
   // during testing.
   virtual bool EnableUnsafeTraps() = 0;

  protected:
   TrapRegistry() {}

   // TrapRegistry's destructor is intentionally non-virtual so that
   // implementations can omit their destructor.  Instead we protect against
   // misuse by marking it protected.
   ~TrapRegistry() {}

   DISALLOW_COPY_AND_ASSIGN(TrapRegistry);
 };

 }  // namespace bpf_dsl
 }  // namespace sandbox

 #endif  // SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_
	#define SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_

	#include <stdint.h>

	#include "base/macros.h"
	#include "sandbox/sandbox_export.h"

	namespace sandbox {

	// This must match the kernel's seccomp_data structure.
	struct arch_seccomp_data {
	int nr;
	uint32_t arch;
	uint64_t instruction_pointer;
	uint64_t args[6];
	};

	namespace bpf_dsl {

	// TrapRegistry provides an interface for registering "trap handlers"
	// by associating them with non-zero 16-bit trap IDs. Trap IDs should
	// remain valid for the lifetime of the trap registry.
	class SANDBOX_EXPORT TrapRegistry {
	public:
	// TrapFnc is a pointer to a function that fulfills the trap handler
	// function signature.
	//
	// Trap handlers follow the calling convention of native system
	// calls; e.g., to report an error, they return an exit code in the
	// range -1..-4096 instead of directly modifying errno. However,
	// modifying errno is harmless, as the original value will be
	// restored afterwards.
	//
	// Trap handlers are executed from signal context and possibly an
	// async-signal context, so they must be async-signal safe:
	// http://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html
	typedef intptr_t (TrapFnc)(const struct arch_seccomp_data& args, void aux);

	// Add registers the specified trap handler tuple and returns a
	// non-zero trap ID that uniquely identifies the tuple for the life
	// time of the trap registry. If the same tuple is registered
	// multiple times, the same value will be returned each time.
	virtual uint16_t Add(TrapFnc fnc, const void* aux, bool safe) = 0;

	// EnableUnsafeTraps tries to enable unsafe traps and returns
	// whether it was successful. This is a one-way operation.
	//
	// CAUTION: Enabling unsafe traps effectively defeats the security
	// guarantees provided by the sandbox policy. TrapRegistry
	// implementations should ensure unsafe traps are only enabled
	// during testing.
	virtual bool EnableUnsafeTraps() = 0;

	protected:
	TrapRegistry() {}

	// TrapRegistry's destructor is intentionally non-virtual so that
	// implementations can omit their destructor. Instead we protect against
	// misuse by marking it protected.
	~TrapRegistry() {}

	DISALLOW_COPY_AND_ASSIGN(TrapRegistry);
	};

	} // namespace bpf_dsl
	} // namespace sandbox

	#endif // SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_