Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(75)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl.h

Issue 1302043002: sandbox/linux: refactor bpf_dsl dependency on die.h (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Use logging.h instead of errx Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/linux/bpf_dsl/bpf_dsl.cc » ('j') | sandbox/linux/bpf_dsl/policy_compiler.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 5 #ifndef SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
6 #define SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 6 #define SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <utility> 10 #include <utility>
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
48 // return Allow(); 48 // return Allow();
49 // } 49 // }
50 // } 50 // }
51 // 51 //
52 // private: 52 // private:
53 // DISALLOW_COPY_AND_ASSIGN(SillyPolicy); 53 // DISALLOW_COPY_AND_ASSIGN(SillyPolicy);
54 // }; 54 // };
55 // 55 //
56 // More generally, the DSL currently supports the following grammar: 56 // More generally, the DSL currently supports the following grammar:
57 // 57 //
58 // result = Allow() | Error(errno) | Kill(msg) | Trace(aux) 58 // result = Allow() | Error(errno) | Trace(aux)
59 // | Trap(trap_func, aux) | UnsafeTrap(trap_func, aux) 59 // | Trap(trap_func, aux) | UnsafeTrap(trap_func, aux)
60 // | If(bool, result)[.ElseIf(bool, result)].Else(result) 60 // | If(bool, result)[.ElseIf(bool, result)].Else(result)
61 // | Switch(arg)[.Case(val, result)].Default(result) 61 // | Switch(arg)[.Case(val, result)].Default(result)
62 // bool = BoolConst(boolean) | !bool | bool && bool | bool || bool 62 // bool = BoolConst(boolean) | !bool | bool && bool | bool || bool
63 // | arg == val | arg != val 63 // | arg == val | arg != val
64 // arg = Arg<T>(num) | arg & mask 64 // arg = Arg<T>(num) | arg & mask
65 // 65 //
66 // The semantics of each function and operator are intended to be 66 // The semantics of each function and operator are intended to be
67 // intuitive, but are described in more detail below. 67 // intuitive, but are described in more detail below.
68 // 68 //
(...skipping 13 matching lines...) Expand all
82 // Allow specifies a result that the system call should be allowed to 82 // Allow specifies a result that the system call should be allowed to
83 // execute normally. 83 // execute normally.
84 SANDBOX_EXPORT ResultExpr Allow(); 84 SANDBOX_EXPORT ResultExpr Allow();
85 85
86 // Error specifies a result that the system call should fail with 86 // Error specifies a result that the system call should fail with
87 // error number |err|. As a special case, Error(0) will result in the 87 // error number |err|. As a special case, Error(0) will result in the
88 // system call appearing to have succeeded, but without having any 88 // system call appearing to have succeeded, but without having any
89 // side effects. 89 // side effects.
90 SANDBOX_EXPORT ResultExpr Error(int err); 90 SANDBOX_EXPORT ResultExpr Error(int err);
91 91
92 // Kill specifies a result to kill the program and print an error message.
93 SANDBOX_EXPORT ResultExpr Kill(const char* msg);
94
95 // Trace specifies a result to notify a tracing process via the 92 // Trace specifies a result to notify a tracing process via the
96 // PTRACE_EVENT_SECCOMP event and allow it to change or skip the system call. 93 // PTRACE_EVENT_SECCOMP event and allow it to change or skip the system call.
97 // The value of |aux| will be available to the tracer via PTRACE_GETEVENTMSG. 94 // The value of |aux| will be available to the tracer via PTRACE_GETEVENTMSG.
98 SANDBOX_EXPORT ResultExpr Trace(uint16_t aux); 95 SANDBOX_EXPORT ResultExpr Trace(uint16_t aux);
99 96
100 // Trap specifies a result that the system call should be handled by 97 // Trap specifies a result that the system call should be handled by
101 // trapping back into userspace and invoking |trap_func|, passing 98 // trapping back into userspace and invoking |trap_func|, passing
102 // |aux| as the second parameter. 99 // |aux| as the second parameter.
103 SANDBOX_EXPORT ResultExpr 100 SANDBOX_EXPORT ResultExpr
104 Trap(TrapRegistry::TrapFnc trap_func, const void* aux); 101 Trap(TrapRegistry::TrapFnc trap_func, const void* aux);
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after
312 309
313 template <typename T> 310 template <typename T>
314 ResultExpr Caser<T>::Default(ResultExpr result) const { 311 ResultExpr Caser<T>::Default(ResultExpr result) const {
315 return elser_.Else(result); 312 return elser_.Else(result);
316 } 313 }
317 314
318 } // namespace bpf_dsl 315 } // namespace bpf_dsl
319 } // namespace sandbox 316 } // namespace sandbox
320 317
321 #endif // SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 318 #endif // SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/bpf_dsl/bpf_dsl.cc » ('j') | sandbox/linux/bpf_dsl/policy_compiler.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698