Fix link in German terms of service.
[chromium-blink-merge.git] / sandbox / linux / bpf_dsl / trap_registry.h
blob0a5d2f14cccfcd2c51ed80e7bfa39d8811d79464
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_
6 #define SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_
8 #include <stdint.h>
10 #include "base/macros.h"
11 #include "sandbox/sandbox_export.h"
13 namespace sandbox {
15 // This must match the kernel's seccomp_data structure.
16 struct arch_seccomp_data {
17 int nr;
18 uint32_t arch;
19 uint64_t instruction_pointer;
20 uint64_t args[6];
23 namespace bpf_dsl {
25 // TrapRegistry provides an interface for registering "trap handlers"
26 // by associating them with non-zero 16-bit trap IDs. Trap IDs should
27 // remain valid for the lifetime of the trap registry.
28 class SANDBOX_EXPORT TrapRegistry {
29 public:
30 // TrapFnc is a pointer to a function that fulfills the trap handler
31 // function signature.
33 // Trap handlers follow the calling convention of native system
34 // calls; e.g., to report an error, they return an exit code in the
35 // range -1..-4096 instead of directly modifying errno. However,
36 // modifying errno is harmless, as the original value will be
37 // restored afterwards.
39 // Trap handlers are executed from signal context and possibly an
40 // async-signal context, so they must be async-signal safe:
41 // http://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html
42 typedef intptr_t (*TrapFnc)(const struct arch_seccomp_data& args, void* aux);
44 // Add registers the specified trap handler tuple and returns a
45 // non-zero trap ID that uniquely identifies the tuple for the life
46 // time of the trap registry. If the same tuple is registered
47 // multiple times, the same value will be returned each time.
48 virtual uint16_t Add(TrapFnc fnc, const void* aux, bool safe) = 0;
50 // EnableUnsafeTraps tries to enable unsafe traps and returns
51 // whether it was successful. This is a one-way operation.
53 // CAUTION: Enabling unsafe traps effectively defeats the security
54 // guarantees provided by the sandbox policy. TrapRegistry
55 // implementations should ensure unsafe traps are only enabled
56 // during testing.
57 virtual bool EnableUnsafeTraps() = 0;
59 protected:
60 TrapRegistry() {}
62 // TrapRegistry's destructor is intentionally non-virtual so that
63 // implementations can omit their destructor. Instead we protect against
64 // misuse by marking it protected.
65 ~TrapRegistry() {}
67 DISALLOW_COPY_AND_ASSIGN(TrapRegistry);
70 } // namespace bpf_dsl
71 } // namespace sandbox
73 #endif // SANDBOX_LINUX_BPF_DSL_TRAP_REGISTRY_H_