sandbox/linux/services/syscall_wrappers.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
   6 #define SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
   7
   8 #include <stdint.h>
   9 #include <sys/types.h>
  10
  11 #include "sandbox/sandbox_export.h"
  12
  13 struct sock_fprog;
  14 struct rlimit64;
  15 struct cap_hdr;
  16 struct cap_data;
  17
  18 namespace sandbox {
  19
  20 // Provide direct system call wrappers for a few common system calls.
  21 // These are guaranteed to perform a system call and do not rely on things such
  22 // as caching the current pid (c.f. getpid()) unless otherwise specified.
  23
  24 SANDBOX_EXPORT pid_t sys_getpid(void);
  25
  26 SANDBOX_EXPORT pid_t sys_gettid(void);
  27
  28 SANDBOX_EXPORT long sys_clone(unsigned long flags);
  29
  30 // |regs| is not supported and must be passed as nullptr. |child_stack| must be
  31 // nullptr, since otherwise this function cannot safely return. As a
  32 // consequence, this function does not support CLONE_VM.
  33 SANDBOX_EXPORT long sys_clone(unsigned long flags,
  34                               decltype(nullptr) child_stack,
  35                               pid_t* ptid,
  36                               pid_t* ctid,
  37                               decltype(nullptr) regs);
  38
  39 SANDBOX_EXPORT void sys_exit_group(int status);
  40
  41 // The official system call takes |args| as void*  (in order to be extensible),
  42 // but add more typing for the cases that are currently used.
  43 SANDBOX_EXPORT int sys_seccomp(unsigned int operation,
  44                                unsigned int flags,
  45                                const struct sock_fprog* args);
  46
  47 // Some libcs do not expose a prlimit64 wrapper.
  48 SANDBOX_EXPORT int sys_prlimit64(pid_t pid,
  49                                  int resource,
  50                                  const struct rlimit64* new_limit,
  51                                  struct rlimit64* old_limit);
  52
  53 // Some libcs do not expose capget/capset wrappers. We want to use these
  54 // directly in order to avoid pulling in libcap2.
  55 SANDBOX_EXPORT int sys_capget(struct cap_hdr* hdrp, struct cap_data* datap);
  56 SANDBOX_EXPORT int sys_capset(struct cap_hdr* hdrp,
  57                               const struct cap_data* datap);
  58
  59 // Some libcs do not expose getresuid/getresgid wrappers.
  60 SANDBOX_EXPORT int sys_getresuid(uid_t* ruid, uid_t* euid, uid_t* suid);
  61 SANDBOX_EXPORT int sys_getresgid(gid_t* rgid, gid_t* egid, gid_t* sgid);
  62
  63 // Some libcs do not expose a chroot wrapper.
  64 SANDBOX_EXPORT int sys_chroot(const char* path);
  65
  66 // Some libcs do not expose a unshare wrapper.
  67 SANDBOX_EXPORT int sys_unshare(int flags);
  68
  69 }  // namespace sandbox
  70
  71 #endif  // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_