Permission message rules: Each rule must have >= 1 required permissions
[chromium-blink-merge.git] / sandbox / linux / services / syscall_wrappers.h
blob581425a367ab249a26cc74c3497fa7a5984a3b05
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
6 #define SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
8 #include <signal.h>
9 #include <stdint.h>
10 #include <sys/types.h>
12 #include "sandbox/sandbox_export.h"
14 struct sock_fprog;
15 struct rlimit64;
16 struct cap_hdr;
17 struct cap_data;
19 namespace sandbox {
21 // Provide direct system call wrappers for a few common system calls.
22 // These are guaranteed to perform a system call and do not rely on things such
23 // as caching the current pid (c.f. getpid()) unless otherwise specified.
25 SANDBOX_EXPORT pid_t sys_getpid(void);
27 SANDBOX_EXPORT pid_t sys_gettid(void);
29 SANDBOX_EXPORT long sys_clone(unsigned long flags);
31 // |regs| is not supported and must be passed as nullptr. |child_stack| must be
32 // nullptr, since otherwise this function cannot safely return. As a
33 // consequence, this function does not support CLONE_VM.
34 SANDBOX_EXPORT long sys_clone(unsigned long flags,
35 decltype(nullptr) child_stack,
36 pid_t* ptid,
37 pid_t* ctid,
38 decltype(nullptr) regs);
40 SANDBOX_EXPORT void sys_exit_group(int status);
42 // The official system call takes |args| as void* (in order to be extensible),
43 // but add more typing for the cases that are currently used.
44 SANDBOX_EXPORT int sys_seccomp(unsigned int operation,
45 unsigned int flags,
46 const struct sock_fprog* args);
48 // Some libcs do not expose a prlimit64 wrapper.
49 SANDBOX_EXPORT int sys_prlimit64(pid_t pid,
50 int resource,
51 const struct rlimit64* new_limit,
52 struct rlimit64* old_limit);
54 // Some libcs do not expose capget/capset wrappers. We want to use these
55 // directly in order to avoid pulling in libcap2.
56 SANDBOX_EXPORT int sys_capget(struct cap_hdr* hdrp, struct cap_data* datap);
57 SANDBOX_EXPORT int sys_capset(struct cap_hdr* hdrp,
58 const struct cap_data* datap);
60 // Some libcs do not expose getresuid/getresgid wrappers.
61 SANDBOX_EXPORT int sys_getresuid(uid_t* ruid, uid_t* euid, uid_t* suid);
62 SANDBOX_EXPORT int sys_getresgid(gid_t* rgid, gid_t* egid, gid_t* sgid);
64 // Some libcs do not expose a chroot wrapper.
65 SANDBOX_EXPORT int sys_chroot(const char* path);
67 // Some libcs do not expose a unshare wrapper.
68 SANDBOX_EXPORT int sys_unshare(int flags);
70 // Some libcs do not expose a sigprocmask. Note that oldset must be a nullptr,
71 // because of some ABI gap between toolchain's and Linux's.
72 SANDBOX_EXPORT int sys_sigprocmask(int how,
73 const sigset_t* set,
74 decltype(nullptr) oldset);
76 // Some libcs do not expose a sigaction().
77 SANDBOX_EXPORT int sys_sigaction(int signum,
78 const struct sigaction* act,
79 struct sigaction* oldact);
81 } // namespace sandbox
83 #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_