Bug 1093334 - Delete unnecessary copies of Chromium headers in security/sandbox/linux. r=kang

security/sandbox/linux/LICENSE

@@ -1,27 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//    * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//    * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//    * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

security/sandbox/linux/android_arm_ucontext.h

@@ -1,36 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-/* This file has been imported from
- * http://git.chromium.org/gitweb/?p=chromium.git;a=blob;f=sandbox/linux/services/android_arm_ucontext.h;hb=99b3e83972e478a42fa72da1ffefee58413e87d4
- */
-
-#ifndef SANDBOX_LINUX_SERVICES_ANDROID_ARM_UCONTEXT_H_
-#define SANDBOX_LINUX_SERVICES_ANDROID_ARM_UCONTEXT_H_
-
-#if !defined(__BIONIC_HAVE_UCONTEXT_T)
-#include <asm/sigcontext.h>
-
-// We also need greg_t for the sandbox, include it in this header as well.
-typedef unsigned long greg_t;
-
-//typedef unsigned long sigset_t;
-typedef struct ucontext {
-  unsigned long   uc_flags;
-  struct ucontext  *uc_link;
-  stack_t     uc_stack;
-  struct sigcontext uc_mcontext;
-  sigset_t    uc_sigmask;
-  /* Allow for uc_sigmask growth.  Glibc uses a 1024-bit sigset_t.  */
-  int     __not_used[32 - (sizeof (sigset_t) / sizeof (int))];
-  /* Last for extensibility.  Eight byte aligned because some
-     coprocessors require eight byte alignment.  */
-  unsigned long   uc_regspace[128] __attribute__((__aligned__(8)));
-} ucontext_t;
-
-#else
-#include <sys/ucontext.h>
-#endif  // __BIONIC_HAVE_UCONTEXT_T
-
-#endif  // SANDBOX_LINUX_SERVICES_ANDROID_ARM_UCONTEXT_H_

security/sandbox/linux/android_i386_ucontext.h

@@ -1,83 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-/* This file has been imported from
- * http://git.chromium.org/gitweb/?p=chromium.git;a=blob;f=sandbox/linux/services/android_i386_ucontext.h;hb=99b3e83972e478a42fa72da1ffefee58413e87d4
- */
-
-#ifndef SANDBOX_LINUX_SERVICES_ANDROID_I386_UCONTEXT_H_
-#define SANDBOX_LINUX_SERVICES_ANDROID_I386_UCONTEXT_H_
-
-// We do something compatible with glibc. Hopefully, at some point Android will
-// provide that for us, and __BIONIC_HAVE_UCONTEXT_T should be defined.
-// This is mostly copied from breakpad (common/android/include/sys/ucontext.h),
-// except we do use sigset_t for uc_sigmask instead of a custom type.
-
-#if !defined(__BIONIC_HAVE_UCONTEXT_T)
-#include <asm/sigcontext.h>
-
-/* 80-bit floating-point register */
-struct _libc_fpreg {
-  unsigned short significand[4];
-  unsigned short exponent;
-};
-
-/* Simple floating-point state, see FNSTENV instruction */
-struct _libc_fpstate {
-  unsigned long cw;
-  unsigned long sw;
-  unsigned long tag;
-  unsigned long ipoff;
-  unsigned long cssel;
-  unsigned long dataoff;
-  unsigned long datasel;
-  struct _libc_fpreg _st[8];
-  unsigned long status;
-};
-
-typedef uint32_t greg_t;
-
-typedef struct {
-  uint32_t gregs[19];
-  struct _libc_fpstate* fpregs;
-  uint32_t oldmask;
-  uint32_t cr2;
-} mcontext_t;
-
-enum {
-  REG_GS = 0,
-  REG_FS,
-  REG_ES,
-  REG_DS,
-  REG_EDI,
-  REG_ESI,
-  REG_EBP,
-  REG_ESP,
-  REG_EBX,
-  REG_EDX,
-  REG_ECX,
-  REG_EAX,
-  REG_TRAPNO,
-  REG_ERR,
-  REG_EIP,
-  REG_CS,
-  REG_EFL,
-  REG_UESP,
-  REG_SS,
-};
-
-typedef struct ucontext {
-  uint32_t uc_flags;
-  struct ucontext* uc_link;
-  stack_t uc_stack;
-  mcontext_t uc_mcontext;
-  sigset_t uc_sigmask;
-  struct _libc_fpstate __fpregs_mem;
-} ucontext_t;
-
-#else
-#include <sys/ucontext.h>
-#endif  // __BIONIC_HAVE_UCONTEXT_T
-
-#endif  // SANDBOX_LINUX_SERVICES_ANDROID_I386_UCONTEXT_H_

security/sandbox/linux/android_ucontext.h

@@ -1,26 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-/* This file has been imported from
- * http://git.chromium.org/gitweb/?p=chromium.git;a=blob_plain;f=sandbox/linux/services/android_ucontext.h;hb=99b3e83972e478a42fa72da1ffefee58413e87d4
- */
-
-#ifndef SANDBOX_LINUX_SERVICES_ANDROID_UCONTEXT_H_
-#define SANDBOX_LINUX_SERVICES_ANDROID_UCONTEXT_H_
-
-#if defined(__ANDROID__)
-
-#if defined(__arm__)
-#include "android_arm_ucontext.h"
-#elif defined(__i386__)
-#include "android_i386_ucontext.h"
-#else
-#error "No support for your architecture in Android header"
-#endif
-
-#else  // __ANDROID__
-#error "Android header file included on non Android."
-#endif  // __ANDROID__
-
-#endif  // SANDBOX_LINUX_SERVICES_ANDROID_UCONTEXT_H_

security/sandbox/linux/linux_seccomp.h

@@ -1,267 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-/* This file has been initially imported from
- * http://git.chromium.org/gitweb/?p=chromium.git;a=blob;f=sandbox/linux/seccomp-bpf/linux_seccomp.h;h=0de0259da39ecdb745e5923b9a6ff3961c13be00;hb=2362c9abea79cae475921bdeee58f9e3910d211c
- *
- * Contains code for macro for common filters from:
- * http://outflux.net/teach-seccomp/step-5/seccomp-bpf.h
- *
- * Contains code for arch_seccomp_data and arch_sigsys from:
- * http://git.chromium.org/gitweb/?p=chromium.git;a=blob;f=sandbox/linux/seccomp-bpf/sandbox_bpf.h;h=3d269916070c97b8be8938503b9b799f12d79ca6;hb=2362c9abea79cae475921bdeee58f9e3910d211c
- *
- * For more information about Seccomp, see also:
- * Documentation/prctl/seccomp_filter.txt and
- * samples/seccomp in the Linux kernel directory, for any kernel >= 3.5.0.
- */
-
-#ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
-#define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
-
-struct arch_seccomp_data {
-  int      nr;
-  uint32_t arch;
-  uint64_t instruction_pointer;
-  uint64_t args[6];
-};
-
-struct arch_sigsys {
-  void         *ip;
-  int          nr;
-  unsigned int arch;
-};
-
-// The Seccomp2 kernel ABI is not part of older versions of glibc.
-// As we can't break compilation with these versions of the library,
-// we explicitly define all missing symbols.
-// If we ever decide that we can now rely on system headers, the following
-// include files should be enabled:
-// #include <linux/audit.h>
-// #include <linux/seccomp.h>
-
-#include <asm/unistd.h>
-#include <linux/filter.h>
-
-// From <linux/elf.h> and <linux/audit.h>
-// This is necessary as we can't expect recent audit headers.
-#ifndef EM_ARM
-#define EM_ARM    40
-#endif
-#ifndef EM_386
-#define EM_386    3
-#endif
-#ifndef EM_X86_64
-#define EM_X86_64 62
-#endif
-
-#ifndef __AUDIT_ARCH_64BIT
-#define __AUDIT_ARCH_64BIT 0x80000000
-#endif
-#ifndef __AUDIT_ARCH_LE
-#define __AUDIT_ARCH_LE    0x40000000
-#endif
-#ifndef AUDIT_ARCH_ARM
-#define AUDIT_ARCH_ARM    (EM_ARM|__AUDIT_ARCH_LE)
-#endif
-#ifndef AUDIT_ARCH_I386
-#define AUDIT_ARCH_I386   (EM_386|__AUDIT_ARCH_LE)
-#endif
-#ifndef AUDIT_ARCH_X86_64
-#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
-#endif
-
-// From <linux/prctl.h>
-// This is necessary as we can't expect recent prctl headers.
-#ifndef PR_SET_SECCOMP
-#define PR_SET_SECCOMP               22
-#define PR_GET_SECCOMP               21
-#endif
-#ifndef PR_SET_NO_NEW_PRIVS
-#define PR_SET_NO_NEW_PRIVS          38
-#define PR_GET_NO_NEW_PRIVS          39
-#endif
-#ifndef IPC_64
-#define IPC_64                   0x0100
-#endif
-
-#ifndef BPF_MOD
-#define BPF_MOD                    0x90
-#endif
-#ifndef BPF_XOR
-#define BPF_XOR                    0xA0
-#endif
-
-// From <linux/seccomp.h>
-// This is necessary as we can't expect recent seccomp headers.
-#ifndef SECCOMP_MODE_FILTER
-#define SECCOMP_MODE_DISABLED         0
-#define SECCOMP_MODE_STRICT           1
-#define SECCOMP_MODE_FILTER           2  // User user-supplied filter (seccomp-bpf)
-#endif
-
-#ifndef SECCOMP_RET_KILL
-// Return values supported for BPF filter programs. Please note that the
-// "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only
-// ever be used internally, and would result in the kernel killing our process.
-#define SECCOMP_RET_KILL    0x00000000U  // Kill the task immediately
-#define SECCOMP_RET_INVALID 0x00010000U  // Illegal return value
-#define SECCOMP_RET_TRAP    0x00030000U  // Disallow and force a SIGSYS
-#define SECCOMP_RET_ERRNO   0x00050000U  // Returns an errno
-#define SECCOMP_RET_TRACE   0x7ff00000U  // Pass to a tracer or disallow
-#define SECCOMP_RET_ALLOW   0x7fff0000U  // Allow
-#define SECCOMP_RET_ACTION  0xffff0000U  // Masks for the return value
-#define SECCOMP_RET_DATA    0x0000ffffU  //   sections
-#else
-#define SECCOMP_RET_INVALID 0x00010000U  // Illegal return value
-#endif
-
-#ifndef SYS_SECCOMP
-#define SYS_SECCOMP                   1
-#endif
-
-// Impose some reasonable maximum BPF program size. Realistically, the
-// kernel probably has much lower limits. But by limiting to less than
-// 30 bits, we can ease requirements on some of our data types.
-#define SECCOMP_MAX_PROGRAM_SIZE (1<<30)
-
-#if defined(__i386__)
-#define MIN_SYSCALL         0u
-#define MAX_PUBLIC_SYSCALL  1024u
-#define MAX_SYSCALL         MAX_PUBLIC_SYSCALL
-#define SECCOMP_ARCH        AUDIT_ARCH_I386
-
-#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
-#define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_EAX)
-#define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_EAX)
-#define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_EIP)
-#define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_EBX)
-#define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_ECX)
-#define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_EDX)
-#define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_ESI)
-#define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_EDI)
-#define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_EBP)
-#define SECCOMP_NR_IDX          (offsetof(struct arch_seccomp_data, nr))
-#define SECCOMP_ARCH_IDX        (offsetof(struct arch_seccomp_data, arch))
-#define SECCOMP_IP_MSB_IDX      (offsetof(struct arch_seccomp_data,           \
-                                          instruction_pointer) + 4)
-#define SECCOMP_IP_LSB_IDX      (offsetof(struct arch_seccomp_data,           \
-                                          instruction_pointer) + 0)
-#define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
-                                 8*(nr) + 4)
-#define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
-                                 8*(nr) + 0)
-
-#elif defined(__x86_64__)
-#define MIN_SYSCALL         0u
-#define MAX_PUBLIC_SYSCALL  1024u
-#define MAX_SYSCALL         MAX_PUBLIC_SYSCALL
-#define SECCOMP_ARCH        AUDIT_ARCH_X86_64
-
-#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
-#define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_RAX)
-#define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_RAX)
-#define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_RIP)
-#define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_RDI)
-#define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_RSI)
-#define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_RDX)
-#define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_R10)
-#define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_R8)
-#define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_R9)
-#define SECCOMP_NR_IDX          (offsetof(struct arch_seccomp_data, nr))
-#define SECCOMP_ARCH_IDX        (offsetof(struct arch_seccomp_data, arch))
-#define SECCOMP_IP_MSB_IDX      (offsetof(struct arch_seccomp_data,           \
-                                          instruction_pointer) + 4)
-#define SECCOMP_IP_LSB_IDX      (offsetof(struct arch_seccomp_data,           \
-                                          instruction_pointer) + 0)
-#define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
-                                 8*(nr) + 4)
-#define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
-                                 8*(nr) + 0)
-
-#elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
-// ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|,
-// and a "ghost syscall private to the kernel", cmpxchg,
-// at |__ARM_NR_BASE+0x00fff0|.
-// See </arch/arm/include/asm/unistd.h> in the Linux kernel.
-#define MIN_SYSCALL         ((unsigned int)__NR_SYSCALL_BASE)
-#define MAX_PUBLIC_SYSCALL  (MIN_SYSCALL + 1024u)
-#define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE)
-#define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u)
-#define MIN_GHOST_SYSCALL   ((unsigned int)__ARM_NR_BASE + 0xfff0u)
-#define MAX_SYSCALL         (MIN_GHOST_SYSCALL + 4u)
-
-#define SECCOMP_ARCH AUDIT_ARCH_ARM
-
-// ARM sigcontext_t is different from i386/x86_64.
-// See </arch/arm/include/asm/sigcontext.h> in the Linux kernel.
-#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.arm_##_reg)
-// ARM EABI syscall convention.
-#define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, r0)
-#define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, r7)
-#define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, pc)
-#define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, r0)
-#define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, r1)
-#define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, r2)
-#define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, r3)
-#define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, r4)
-#define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, r5)
-#define SECCOMP_NR_IDX          (offsetof(struct arch_seccomp_data, nr))
-#define SECCOMP_ARCH_IDX        (offsetof(struct arch_seccomp_data, arch))
-#define SECCOMP_IP_MSB_IDX      (offsetof(struct arch_seccomp_data,           \
-                                          instruction_pointer) + 4)
-#define SECCOMP_IP_LSB_IDX      (offsetof(struct arch_seccomp_data,           \
-                                          instruction_pointer) + 0)
-#define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
-                                 8*(nr) + 4)
-#define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
-                                 8*(nr) + 0)
-
-#else
-#error Unsupported target platform
-
-#endif
-
-/* Macros to common filters */
-#define VALIDATE_ARCHITECTURE \
-        BPF_STMT(BPF_LD+BPF_W+BPF_ABS, SECCOMP_ARCH_IDX), \
-        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SECCOMP_ARCH, 1, 0), \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
-
-#define EXAMINE_SYSCALL \
-        BPF_STMT(BPF_LD+BPF_W+BPF_ABS, SECCOMP_NR_IDX)
-
-#define ALLOW_SYSCALL(name) \
-        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
-
-#if defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
-#define ALLOW_ARM_SYSCALL(name) \
-        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __ARM_NR_##name, 0, 1), \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
-#endif
-
-#define DENY_KILL_SYSCALL(name) \
-        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
-
-#define DENY_SYSCALL(name, err) \
-        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO + err)
-
-#define KILL_PROCESS \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
-
-#define TRAP_PROCESS \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP)
-
-#define ALLOW_PROCESS \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
-
-#define TRACE_PROCESS \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRACE)
-
-#define ERRNO_PROCESS \
-        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO)
-
-#endif  // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__

security/sandbox/linux/linux_syscalls.h

@@ -1,29 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-/* This file has been imported from
- * http://git.chromium.org/gitweb/?p=chromium.git;a=blob_plain;f=sandbox/linux/services/linux_syscalls.h;h=77c1be8b82a0fe4aca308ca40547ebf7a008d24a;hb=2362c9abea79cae475921bdeee58f9e3910d211c
- */
-
-// This header will be kept up to date so that we can compile system-call
-// policies even when system headers are old.
-// System call numbers are accessible through __NR_syscall_name.
-
-#ifndef SANDBOX_LINUX_SERVICES_LINUX_SYSCALLS_H_
-#define SANDBOX_LINUX_SERVICES_LINUX_SYSCALLS_H_
-
-#if defined(__x86_64__)
-#include "x86_64_linux_syscalls.h"
-#endif
-
-#if defined(__i386__)
-#include "x86_32_linux_syscalls.h"
-#endif
-
-#if defined(__arm__) && defined(__ARM_EABI__)
-#include "arm_linux_syscalls.h"
-#endif
-
-#endif  // SANDBOX_LINUX_SERVICES_LINUX_SYSCALLS_H_
-