sandboxed_api/sandbox2/syscall.h

*ec63e07aSXin Li// Copyright 2019 Google LLC
*ec63e07aSXin Li//
*ec63e07aSXin Li// Licensed under the Apache License, Version 2.0 (the "License");
*ec63e07aSXin Li// you may not use this file except in compliance with the License.
*ec63e07aSXin Li// You may obtain a copy of the License at
*ec63e07aSXin Li//
*ec63e07aSXin Li//     https://www.apache.org/licenses/LICENSE-2.0
*ec63e07aSXin Li//
*ec63e07aSXin Li// Unless required by applicable law or agreed to in writing, software
*ec63e07aSXin Li// distributed under the License is distributed on an "AS IS" BASIS,
*ec63e07aSXin Li// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*ec63e07aSXin Li// See the License for the specific language governing permissions and
*ec63e07aSXin Li// limitations under the License.
*ec63e07aSXin Li
*ec63e07aSXin Li// The sandbox2::Syscalls class defines mostly static helper methods which
*ec63e07aSXin Li// are used to analyze the status of the sandboxed process.
*ec63e07aSXin Li
*ec63e07aSXin Li#ifndef SANDBOXED_API_SANDBOX2_SYSCALL_H__
*ec63e07aSXin Li#define SANDBOXED_API_SANDBOX2_SYSCALL_H__
*ec63e07aSXin Li
*ec63e07aSXin Li#include <sys/types.h>
*ec63e07aSXin Li
*ec63e07aSXin Li#include <array>
*ec63e07aSXin Li#include <cstddef>
*ec63e07aSXin Li#include <cstdint>
*ec63e07aSXin Li#include <string>
*ec63e07aSXin Li#include <vector>
*ec63e07aSXin Li
*ec63e07aSXin Li#include "sandboxed_api/config.h"  // IWYU pragma: export
*ec63e07aSXin Li
*ec63e07aSXin Linamespace sandbox2 {
*ec63e07aSXin Li
*ec63e07aSXin Liclass Syscall {
*ec63e07aSXin Li public:
*ec63e07aSXin Li  // Maximum number of syscall arguments
*ec63e07aSXin Li  static constexpr size_t kMaxArgs = 6;
*ec63e07aSXin Li  using Args = std::array<uint64_t, kMaxArgs>;
*ec63e07aSXin Li
*ec63e07aSXin Li  // Returns the host architecture, according to CpuArch.
*ec63e07aSXin Li  static constexpr sapi::cpu::Architecture GetHostArch() {
*ec63e07aSXin Li    return sapi::host_cpu::Architecture();
*ec63e07aSXin Li  }
*ec63e07aSXin Li
*ec63e07aSXin Li  // Returns the host architecture, according to <linux/audit.h>.
*ec63e07aSXin Li  static uint32_t GetHostAuditArch();
*ec63e07aSXin Li
*ec63e07aSXin Li  // Returns a description of the architecture.
*ec63e07aSXin Li  static std::string GetArchDescription(sapi::cpu::Architecture arch);
*ec63e07aSXin Li
*ec63e07aSXin Li  Syscall() = default;
*ec63e07aSXin Li  Syscall(sapi::cpu::Architecture arch, uint64_t nr, Args args = {})
*ec63e07aSXin Li      : arch_(arch), nr_(nr), args_(args) {}
*ec63e07aSXin Li
*ec63e07aSXin Li  pid_t pid() const { return pid_; }
*ec63e07aSXin Li  uint64_t nr() const { return nr_; }
*ec63e07aSXin Li  sapi::cpu::Architecture arch() const { return arch_; }
*ec63e07aSXin Li  const Args& args() const { return args_; }
*ec63e07aSXin Li  uint64_t stack_pointer() const { return sp_; }
*ec63e07aSXin Li  uint64_t instruction_pointer() const { return ip_; }
*ec63e07aSXin Li
*ec63e07aSXin Li  std::string GetName() const;
*ec63e07aSXin Li
*ec63e07aSXin Li  std::vector<std::string> GetArgumentsDescription() const;
*ec63e07aSXin Li  std::string GetDescription() const;
*ec63e07aSXin Li
*ec63e07aSXin Li private:
*ec63e07aSXin Li  friend class Regs;
*ec63e07aSXin Li  friend class UnotifyMonitor;
*ec63e07aSXin Li
*ec63e07aSXin Li  explicit Syscall(pid_t pid) : pid_(pid) {}
*ec63e07aSXin Li  Syscall(sapi::cpu::Architecture arch, uint64_t nr, Args args, pid_t pid,
*ec63e07aSXin Li          uint64_t sp, uint64_t ip)
*ec63e07aSXin Li      : arch_(arch), nr_(nr), args_(args), pid_(pid), sp_(sp), ip_(ip) {}
*ec63e07aSXin Li
*ec63e07aSXin Li  sapi::cpu::Architecture arch_ = sapi::cpu::kUnknown;
*ec63e07aSXin Li  uint64_t nr_ = -1;
*ec63e07aSXin Li  Args args_ = {};
*ec63e07aSXin Li  pid_t pid_ = -1;
*ec63e07aSXin Li  uint64_t sp_ = 0;
*ec63e07aSXin Li  uint64_t ip_ = 0;
*ec63e07aSXin Li};
*ec63e07aSXin Li
*ec63e07aSXin Li}  // namespace sandbox2
*ec63e07aSXin Li
*ec63e07aSXin Li#endif  // SANDBOXED_API_SANDBOX2_SYSCALL_H__