Cross Reference: /external/minijail/bpf.h

History log of /external/minijail/bpf.h
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
fd6f8e31caec28bdd127eb97e2c2111cfcbac447	12-Oct-2016	Jorge Lucangeli Obes <jorgelo@google.com>	syscall_filter: Implement flag set inclusion. When filtering syscalls that take flags as an argument, we usually want to allow a small set of "safe" flags. This is hard to express with the current language. Implement this by adding a "flag set inclusion" mode using the 'in' keyword. This works by allowing the syscall as long as the passed flags, when viewed as a set, are included in the set of flags described by the policy. Also, clang-format all of bpf.c. Bug: 31997910 Test: syscall_filter_unittest Change-Id: I121af56b176bd3260904d367fd92d47a16bb3dcb /external/minijail/bpf.h
8cc9d4adccb73c0ece2baf52bcce757628a6bc52	03-Oct-2016	Jorge Lucangeli Obes <jorgelo@google.com>	Fix decreasing loop. As pointed out by rickyz@, we were comparing past the beginning of the array. Also add a bunch of unit tests for the label functionality. Bug: 31955943 Test: syscall_filter_unittest Change-Id: Iece922372c6548aff36cf2f2650e37d2f25eaae7 /external/minijail/bpf.h
f16d6d177fdbf41f6d4389436dbbe5d2b84cd519	30-Sep-2016	Jorge Lucangeli Obes <jorgelo@google.com>	Fix BPF instruction count bug. We were accidentally capping the total number of BPF instructions at 256 when doing label fixup. Also add a simple binary to print a compiled policy. Bug: 31848734 Test: Policy attached to the bug works. Change-Id: I9df058e2f4888289db0219d65ca97851fac515d0 /external/minijail/bpf.h
a67bd6a31668498f3e21af49f64950ef78645515	19-Aug-2016	Jorge Lucangeli Obes <jorgelo@google.com>	Port libminijail unit tests to C++. That way they can be run on Android Platform Continuous Testing, which requires gtest for parsing of test output. Fix one issue in free_label_strings(), which was not setting \|labels->count\| to 0. Also fix some nits in test files. Bug: 30973585 Change-Id: I8bdb414329aab82e2180d412b9ecc128beab7227 /external/minijail/bpf.h
68db15cc2ea5b8314b4c8f7f3920423aeb5e25eb	09-Oct-2015	Samuel Tan <samueltan@google.com>	minijail: fix Makefile and bpf.h to build in CrOS Make the following two changes to ensure that minijail builds in CrOS: 1) Edit references to the previously renamed signal.o file to signal_handler.o in the Makefile 2) Add a comparison of __LITTLE_ENDIAN with __BYTE_ORDER to bpf.h, since __LITTLE_ENDIAN__ is not defined when building for CrOS. BUG: 24680644 Change-Id: I152573d29a87a3a685c0d27e728632e84462e8ef TEST: Cherry-pick change to CrOS and minijail build succeeds. /external/minijail/bpf.h
a21c8fc135523df5bbd4523b36096dff6e8ade4a	16-Jul-2015	Jorge Lucangeli Obes <jorgelo@google.com>	Add 'Android.mk' file, fix compile on Android. This requires disabling LDPRELOAD and temporarily disabling capabilities support. Reland of https://android-review.googlesource.com/#/c/159755/ with compile fixes. Compile-tested on aosp_{x86,x86_64,arm,arm64,mips64}-eng. Bug: 22487289 Change-Id: Ia4530cf09b074aa0a2afe5a5b307ff3c5c5d6c08 /external/minijail/bpf.h
4365a58dbf36b618601f786358719cd7e2bb70d1	18-Jul-2015	Jorge Lucangeli Obes <jorgelo@google.com>	Revert "Fix aosp_x86_64 build." Fix is not complete, arm64 was still failing. This reverts commit 6666fe26242c1daed54c0e384bfcbb1e98ae2bfb. Change-Id: Iad02965e730271f80aa59ca7d26b34a553bc0c70 /external/minijail/bpf.h
6666fe26242c1daed54c0e384bfcbb1e98ae2bfb	18-Jul-2015	Jorge Lucangeli Obes <jorgelo@google.com>	Fix aosp_x86_64 build. Endianness macros are different on Android. Change-Id: I12d4e79b81d9192652b398b9a994db41bfa7880c /external/minijail/bpf.h
8b488a5b1f0b5eab62516b50e638c1484409bb87	26-Sep-2014	Jorge Lucangeli Obes <jorgelo@chromium.org>	minijail: extract ARCH_NR definition to a header, fix indentation. BUG=chromium:416890 TEST=syscall_filter_unittest passes. Change-Id: I0cec225e0276f786fc44a05e3dff2080866f3c49 Reviewed-on: https://chromium-review.googlesource.com/220188 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Ben Chan <benchan@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.h
5adfd10aa02f68299db8a1705d9e444be0c9fdb8	23-Sep-2014	Ben Chan <benchan@chromium.org>	minijail: Fix architecture validation for 32-bit MIPS platforms. minijail did not set ARCH_NR correctly such that it always assumed any MIPS platform to be 64-bit, which caused the architecture validation in the seccomp filter to fail on a 32-bit MIPS platform. BUG=chromium:416734 TEST=Tested a seccomp filter via minijail on a 32-bit MIPS platform. Change-Id: I26489f0b80e48c30ee39d256218b48f927cd74b4 Reviewed-on: https://chromium-review.googlesource.com/219434 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Ben Chan <benchan@chromium.org> Tested-by: Ben Chan <benchan@chromium.org> /external/minijail/bpf.h
fccb4c99597b7c20568e4d468004c9ab192e695a	19-Oct-2013	Mike Frysinger <vapier@chromium.org>	port to more arches Just copy & paste relevant toolchain defines and kernel headers. BUG=chromium:307180 TEST=ppc build works Change-Id: I43b402e6eebbfa5e9ce11ac0c782d6baab9e0a4b Reviewed-on: https://chromium-review.googlesource.com/173726 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> /external/minijail/bpf.h
02d0654f088b5de57f49f85c5ec064e6e581c6fc	26-Sep-2013	Yunlian Jiang <yunlian@google.com>	minijail: fix undefined inline function error under clang. In C99 standard. Inline functions only make sense when you put them in a ".h" file. The whole concept is about making the function definition visible to all callers. In this case, the function 'set_bpf_instr' is declared in bpf.h and defined in bpf.c and it is called by functions from libsyscalls.gen.c When compiling libsyscalls.gen.c, it finds the 'set_bpf_instr' is a inline funtions, however, in this compilation unit, it could not find the definition, so the error pops out. BUG=chromium:298450 TEST=FEATURES="test" CC=i686-pc-linux-gnu-clang emerge-x86-generic chromeos-minijail Change-Id: I666386337379c5897bdd3772fed428f284e76661 Reviewed-on: https://chromium-review.googlesource.com/170615 Reviewed-by: Luis Lozano <llozano@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Yunlian Jiang <yunlian@chromium.org> Tested-by: Yunlian Jiang <yunlian@chromium.org> /external/minijail/bpf.h
8a56ec283c64512a16e4e19ae6a293ba7f543daf	04-Feb-2013	Jorge Lucangeli Obes <jorgelo@chromium.org>	Fix Minijail x32 compilation. BUG=chromium-os:38539 TEST=./setup_board --board=x32-generic; emerge-x32-generic chromeos-minijail Change-Id: I4ca1c78d583976a6f692a589c5b153101700beee Reviewed-on: https://gerrit.chromium.org/gerrit/42543 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.h
ffec8919585a3a30e9f8a3551e85cf06fc62cd8a	30-Nov-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Add BPF jset instruction support to Minijail. First step is to add support for the actual BPF instruction. Next step is to parse this in the policy files and use the functions introduced by this CL. BUG=chromium-os:36848 TEST=syscall_filter_unittest Change-Id: I172598e63413506f190ae6b4b07ae63e1198f44c Reviewed-on: https://gerrit.chromium.org/gerrit/39018 Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.h
bda833cbcee330eab91561a9b50b6bc24c47f2e9	01-Aug-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Minijail: add logging for seccomp filter failures. BUG=chromium-os:33361 TEST=unit tests TEST=security_Minijail0, security_Minijail_seccomp, platform_CrosDisksArchive Change-Id: I16cdb8fbcf1cb13f2dee5521f97fb8d0bdbdf93b Reviewed-on: https://gerrit.chromium.org/gerrit/29053 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.h
224e4275abc940fa96d8cf8eec69a052957aa7e1	02-Aug-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Refactor logging in Minijail. That way, the syscall filtering module can log to syslog without duplicating code. While I'm at it, make naming more consistent. BUG=None TEST=unit TEST=security_Minijail0, security_Minijail_seccomp, platform_CrosDisksArchive Change-Id: I7102ca22f49dd7e5bb56bf2997d0d83cb0507e83 Reviewed-on: https://gerrit.chromium.org/gerrit/29080 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.h
d4467260de60d23ca7d2d506517caf71ef90984d	24-Mar-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Add full seccomp BPF filter generation. This CL uses the mechanism to generate filter sections from policy strings and builds a complete filter by first validating the arch and loading the syscall number, then checking against all syscalls listed in the policy file, and executing the argument filters if necessary. BUG=chromium-os:25429 BUG=chromium-os:27878 TEST=syscall_filter_unittest CQ-DEPEND=I3a4334a3c568178e19b18e7f3ed97517b03afd1b Change-Id: I13a9b22ac8d55f02d5a77b5beedb955386b63723 Reviewed-on: https://gerrit.chromium.org/gerrit/19007 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org> /external/minijail/bpf.h
fc8ab53c3ee4697b907a35ac54f26fb9477f6e7c	20-Mar-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Add syscall filter BPF program generator. BUG=chromium-os:25429 BUG=chromium-os:27878 TEST=syscall_filter_unittest Change-Id: I3a4334a3c568178e19b18e7f3ed97517b03afd1b Reviewed-on: https://gerrit.chromium.org/gerrit/18914 Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.h