Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl.cc

Issue 1309963002: sandbox/linux/bpf_dsl: remove ErrorCode intermediary representation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@rm-verifier
Patch Set: Sync Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/BUILD.gn ('k') | sandbox/linux/bpf_dsl/bpf_dsl_impl.h » ('j') | sandbox/linux/bpf_dsl/policy_compiler.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
6 6
7 #include <limits> 7 #include <limits>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/ref_counted.h" 10 #include "base/memory/ref_counted.h"
11 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h" 11 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
12 #include "sandbox/linux/bpf_dsl/errorcode.h" 12 #include "sandbox/linux/bpf_dsl/errorcode.h"
13 #include "sandbox/linux/bpf_dsl/policy_compiler.h" 13 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
14 #include "sandbox/linux/system_headers/linux_seccomp.h"
14 15
15 namespace sandbox { 16 namespace sandbox {
16 namespace bpf_dsl { 17 namespace bpf_dsl {
17 namespace { 18 namespace {
18 19
19 class AllowResultExprImpl : public internal::ResultExprImpl { 20 class AllowResultExprImpl : public internal::ResultExprImpl {
20 public: 21 public:
21 AllowResultExprImpl() {} 22 AllowResultExprImpl() {}
22 23
23 ErrorCode Compile(PolicyCompiler* pc) const override { 24 CodeGen::Node Compile(PolicyCompiler* pc) const override {
24 return ErrorCode(ErrorCode::ERR_ALLOWED); 25 return pc->Return(SECCOMP_RET_ALLOW);
25 } 26 }
26 27
27 bool IsAllow() const override { return true; } 28 bool IsAllow() const override { return true; }
28 29
29 private: 30 private:
30 ~AllowResultExprImpl() override {} 31 ~AllowResultExprImpl() override {}
31 32
32 DISALLOW_COPY_AND_ASSIGN(AllowResultExprImpl); 33 DISALLOW_COPY_AND_ASSIGN(AllowResultExprImpl);
33 }; 34 };
34 35
35 class ErrorResultExprImpl : public internal::ResultExprImpl { 36 class ErrorResultExprImpl : public internal::ResultExprImpl {
36 public: 37 public:
37 explicit ErrorResultExprImpl(int err) : err_(err) { 38 explicit ErrorResultExprImpl(int err) : err_(err) {
38 CHECK(err_ >= ErrorCode::ERR_MIN_ERRNO && err_ <= ErrorCode::ERR_MAX_ERRNO); 39 CHECK(err_ >= ErrorCode::ERR_MIN_ERRNO && err_ <= ErrorCode::ERR_MAX_ERRNO);
39 } 40 }
40 41
41 ErrorCode Compile(PolicyCompiler* pc) const override { 42 CodeGen::Node Compile(PolicyCompiler* pc) const override {
42 return pc->Error(err_); 43 return pc->Return(SECCOMP_RET_ERRNO + err_);
43 } 44 }
44 45
45 bool IsDeny() const override { return true; } 46 bool IsDeny() const override { return true; }
46 47
47 private: 48 private:
48 ~ErrorResultExprImpl() override {} 49 ~ErrorResultExprImpl() override {}
49 50
50 int err_; 51 int err_;
51 52
52 DISALLOW_COPY_AND_ASSIGN(ErrorResultExprImpl); 53 DISALLOW_COPY_AND_ASSIGN(ErrorResultExprImpl);
53 }; 54 };
54 55
55 class KillResultExprImpl : public internal::ResultExprImpl { 56 class KillResultExprImpl : public internal::ResultExprImpl {
56 public: 57 public:
57 KillResultExprImpl() {} 58 KillResultExprImpl() {}
58 59
59 ErrorCode Compile(PolicyCompiler* pc) const override { 60 CodeGen::Node Compile(PolicyCompiler* pc) const override {
60 return ErrorCode(ErrorCode::ERR_KILL); 61 return pc->Return(SECCOMP_RET_KILL);
61 } 62 }
62 63
63 bool IsDeny() const override { return true; } 64 bool IsDeny() const override { return true; }
64 65
65 private: 66 private:
66 ~KillResultExprImpl() override {} 67 ~KillResultExprImpl() override {}
67 68
68 DISALLOW_COPY_AND_ASSIGN(KillResultExprImpl); 69 DISALLOW_COPY_AND_ASSIGN(KillResultExprImpl);
69 }; 70 };
70 71
71 class TraceResultExprImpl : public internal::ResultExprImpl { 72 class TraceResultExprImpl : public internal::ResultExprImpl {
72 public: 73 public:
73 TraceResultExprImpl(uint16_t aux) : aux_(aux) {} 74 TraceResultExprImpl(uint16_t aux) : aux_(aux) {}
74 75
75 ErrorCode Compile(PolicyCompiler* pc) const override { 76 CodeGen::Node Compile(PolicyCompiler* pc) const override {
76 return ErrorCode(ErrorCode::ERR_TRACE + aux_); 77 return pc->Return(SECCOMP_RET_TRACE + aux_);
77 } 78 }
78 79
79 private: 80 private:
80 ~TraceResultExprImpl() override {} 81 ~TraceResultExprImpl() override {}
81 82
82 uint16_t aux_; 83 uint16_t aux_;
83 84
84 DISALLOW_COPY_AND_ASSIGN(TraceResultExprImpl); 85 DISALLOW_COPY_AND_ASSIGN(TraceResultExprImpl);
85 }; 86 };
86 87
87 class TrapResultExprImpl : public internal::ResultExprImpl { 88 class TrapResultExprImpl : public internal::ResultExprImpl {
88 public: 89 public:
89 TrapResultExprImpl(TrapRegistry::TrapFnc func, const void* arg, bool safe) 90 TrapResultExprImpl(TrapRegistry::TrapFnc func, const void* arg, bool safe)
90 : func_(func), arg_(arg), safe_(safe) { 91 : func_(func), arg_(arg), safe_(safe) {
91 DCHECK(func_); 92 DCHECK(func_);
92 } 93 }
93 94
94 ErrorCode Compile(PolicyCompiler* pc) const override { 95 CodeGen::Node Compile(PolicyCompiler* pc) const override {
95 return pc->Trap(func_, arg_, safe_); 96 return pc->Trap(func_, arg_, safe_);
96 } 97 }
97 98
98 bool HasUnsafeTraps() const override { return safe_ == false; } 99 bool HasUnsafeTraps() const override { return safe_ == false; }
99 100
100 bool IsDeny() const override { return true; } 101 bool IsDeny() const override { return true; }
101 102
102 private: 103 private:
103 ~TrapResultExprImpl() override {} 104 ~TrapResultExprImpl() override {}
104 105
105 TrapRegistry::TrapFnc func_; 106 TrapRegistry::TrapFnc func_;
106 const void* arg_; 107 const void* arg_;
107 bool safe_; 108 bool safe_;
108 109
109 DISALLOW_COPY_AND_ASSIGN(TrapResultExprImpl); 110 DISALLOW_COPY_AND_ASSIGN(TrapResultExprImpl);
110 }; 111 };
111 112
112 class IfThenResultExprImpl : public internal::ResultExprImpl { 113 class IfThenResultExprImpl : public internal::ResultExprImpl {
113 public: 114 public:
114 IfThenResultExprImpl(const BoolExpr& cond, 115 IfThenResultExprImpl(const BoolExpr& cond,
115 const ResultExpr& then_result, 116 const ResultExpr& then_result,
116 const ResultExpr& else_result) 117 const ResultExpr& else_result)
117 : cond_(cond), then_result_(then_result), else_result_(else_result) {} 118 : cond_(cond), then_result_(then_result), else_result_(else_result) {}
118 119
119 ErrorCode Compile(PolicyCompiler* pc) const override { 120 CodeGen::Node Compile(PolicyCompiler* pc) const override {
120 return cond_->Compile( 121 return cond_->Compile(
121 pc, then_result_->Compile(pc), else_result_->Compile(pc)); 122 pc, then_result_->Compile(pc), else_result_->Compile(pc));
122 } 123 }
123 124
124 bool HasUnsafeTraps() const override { 125 bool HasUnsafeTraps() const override {
125 return then_result_->HasUnsafeTraps() || else_result_->HasUnsafeTraps(); 126 return then_result_->HasUnsafeTraps() || else_result_->HasUnsafeTraps();
126 } 127 }
127 128
128 private: 129 private:
129 ~IfThenResultExprImpl() override {} 130 ~IfThenResultExprImpl() override {}
130 131
131 BoolExpr cond_; 132 BoolExpr cond_;
132 ResultExpr then_result_; 133 ResultExpr then_result_;
133 ResultExpr else_result_; 134 ResultExpr else_result_;
134 135
135 DISALLOW_COPY_AND_ASSIGN(IfThenResultExprImpl); 136 DISALLOW_COPY_AND_ASSIGN(IfThenResultExprImpl);
136 }; 137 };
137 138
138 class ConstBoolExprImpl : public internal::BoolExprImpl { 139 class ConstBoolExprImpl : public internal::BoolExprImpl {
139 public: 140 public:
140 ConstBoolExprImpl(bool value) : value_(value) {} 141 ConstBoolExprImpl(bool value) : value_(value) {}
141 142
142 ErrorCode Compile(PolicyCompiler* pc, 143 CodeGen::Node Compile(PolicyCompiler* pc,
143 ErrorCode true_ec, 144 CodeGen::Node then_node,
144 ErrorCode false_ec) const override { 145 CodeGen::Node else_node) const override {
145 return value_ ? true_ec : false_ec; 146 return value_ ? then_node : else_node;
146 } 147 }
147 148
148 private: 149 private:
149 ~ConstBoolExprImpl() override {} 150 ~ConstBoolExprImpl() override {}
150 151
151 bool value_; 152 bool value_;
152 153
153 DISALLOW_COPY_AND_ASSIGN(ConstBoolExprImpl); 154 DISALLOW_COPY_AND_ASSIGN(ConstBoolExprImpl);
154 }; 155 };
155 156
156 class PrimitiveBoolExprImpl : public internal::BoolExprImpl { 157 class MaskedEqualBoolExprImpl : public internal::BoolExprImpl {
157 public: 158 public:
158 PrimitiveBoolExprImpl(int argno, 159 MaskedEqualBoolExprImpl(int argno,
159 ErrorCode::ArgType is_32bit, 160 size_t width,
160 uint64_t mask, 161 uint64_t mask,
161 uint64_t value) 162 uint64_t value)
162 : argno_(argno), is_32bit_(is_32bit), mask_(mask), value_(value) {} 163 : argno_(argno), width_(width), mask_(mask), value_(value) {}
163 164
164 ErrorCode Compile(PolicyCompiler* pc, 165 CodeGen::Node Compile(PolicyCompiler* pc,
165 ErrorCode true_ec, 166 CodeGen::Node then_node,
166 ErrorCode false_ec) const override { 167 CodeGen::Node else_node) const override {
167 return pc->CondMaskedEqual( 168 return pc->MaskedEqual(argno_, width_, mask_, value_, then_node, else_node);
168 argno_, is_32bit_, mask_, value_, true_ec, false_ec);
169 } 169 }
170 170
171 private: 171 private:
172 ~PrimitiveBoolExprImpl() override {} 172 ~MaskedEqualBoolExprImpl() override {}
173 173
174 int argno_; 174 int argno_;
175 ErrorCode::ArgType is_32bit_; 175 size_t width_;
176 uint64_t mask_; 176 uint64_t mask_;
177 uint64_t value_; 177 uint64_t value_;
178 178
179 DISALLOW_COPY_AND_ASSIGN(PrimitiveBoolExprImpl); 179 DISALLOW_COPY_AND_ASSIGN(MaskedEqualBoolExprImpl);
180 }; 180 };
181 181
182 class NegateBoolExprImpl : public internal::BoolExprImpl { 182 class NegateBoolExprImpl : public internal::BoolExprImpl {
183 public: 183 public:
184 explicit NegateBoolExprImpl(const BoolExpr& cond) : cond_(cond) {} 184 explicit NegateBoolExprImpl(const BoolExpr& cond) : cond_(cond) {}
185 185
186 ErrorCode Compile(PolicyCompiler* pc, 186 CodeGen::Node Compile(PolicyCompiler* pc,
187 ErrorCode true_ec, 187 CodeGen::Node then_node,
188 ErrorCode false_ec) const override { 188 CodeGen::Node else_node) const override {
189 return cond_->Compile(pc, false_ec, true_ec); 189 return cond_->Compile(pc, else_node, then_node);
190 } 190 }
191 191
192 private: 192 private:
193 ~NegateBoolExprImpl() override {} 193 ~NegateBoolExprImpl() override {}
194 194
195 BoolExpr cond_; 195 BoolExpr cond_;
196 196
197 DISALLOW_COPY_AND_ASSIGN(NegateBoolExprImpl); 197 DISALLOW_COPY_AND_ASSIGN(NegateBoolExprImpl);
198 }; 198 };
199 199
200 class AndBoolExprImpl : public internal::BoolExprImpl { 200 class AndBoolExprImpl : public internal::BoolExprImpl {
201 public: 201 public:
202 AndBoolExprImpl(const BoolExpr& lhs, const BoolExpr& rhs) 202 AndBoolExprImpl(const BoolExpr& lhs, const BoolExpr& rhs)
203 : lhs_(lhs), rhs_(rhs) {} 203 : lhs_(lhs), rhs_(rhs) {}
204 204
205 ErrorCode Compile(PolicyCompiler* pc, 205 CodeGen::Node Compile(PolicyCompiler* pc,
206 ErrorCode true_ec, 206 CodeGen::Node then_node,
207 ErrorCode false_ec) const override { 207 CodeGen::Node else_node) const override {
208 return lhs_->Compile(pc, rhs_->Compile(pc, true_ec, false_ec), false_ec); 208 return lhs_->Compile(pc, rhs_->Compile(pc, then_node, else_node),
209 else_node);
209 } 210 }
210 211
211 private: 212 private:
212 ~AndBoolExprImpl() override {} 213 ~AndBoolExprImpl() override {}
213 214
214 BoolExpr lhs_; 215 BoolExpr lhs_;
215 BoolExpr rhs_; 216 BoolExpr rhs_;
216 217
217 DISALLOW_COPY_AND_ASSIGN(AndBoolExprImpl); 218 DISALLOW_COPY_AND_ASSIGN(AndBoolExprImpl);
218 }; 219 };
219 220
220 class OrBoolExprImpl : public internal::BoolExprImpl { 221 class OrBoolExprImpl : public internal::BoolExprImpl {
221 public: 222 public:
222 OrBoolExprImpl(const BoolExpr& lhs, const BoolExpr& rhs) 223 OrBoolExprImpl(const BoolExpr& lhs, const BoolExpr& rhs)
223 : lhs_(lhs), rhs_(rhs) {} 224 : lhs_(lhs), rhs_(rhs) {}
224 225
225 ErrorCode Compile(PolicyCompiler* pc, 226 CodeGen::Node Compile(PolicyCompiler* pc,
226 ErrorCode true_ec, 227 CodeGen::Node then_node,
227 ErrorCode false_ec) const override { 228 CodeGen::Node else_node) const override {
228 return lhs_->Compile(pc, true_ec, rhs_->Compile(pc, true_ec, false_ec)); 229 return lhs_->Compile(pc, then_node,
230 rhs_->Compile(pc, then_node, else_node));
229 } 231 }
230 232
231 private: 233 private:
232 ~OrBoolExprImpl() override {} 234 ~OrBoolExprImpl() override {}
233 235
234 BoolExpr lhs_; 236 BoolExpr lhs_;
235 BoolExpr rhs_; 237 BoolExpr rhs_;
236 238
237 DISALLOW_COPY_AND_ASSIGN(OrBoolExprImpl); 239 DISALLOW_COPY_AND_ASSIGN(OrBoolExprImpl);
238 }; 240 };
(...skipping 24 matching lines...) Expand all
263 CHECK(false) << "Unimplemented DefaultMask case"; 265 CHECK(false) << "Unimplemented DefaultMask case";
264 return 0; 266 return 0;
265 } 267 }
266 } 268 }
267 269
268 BoolExpr ArgEq(int num, size_t size, uint64_t mask, uint64_t val) { 270 BoolExpr ArgEq(int num, size_t size, uint64_t mask, uint64_t val) {
269 // If this is changed, update Arg<T>::EqualTo's static_cast rules 271 // If this is changed, update Arg<T>::EqualTo's static_cast rules
270 // accordingly. 272 // accordingly.
271 CHECK(size == 4 || size == 8); 273 CHECK(size == 4 || size == 8);
272 274
273 // TODO(mdempsky): Should we just always use TP_64BIT? 275 return BoolExpr(new const MaskedEqualBoolExprImpl(num, size, mask, val));
274 const ErrorCode::ArgType arg_type =
275 (size == 4) ? ErrorCode::TP_32BIT : ErrorCode::TP_64BIT;
276
277 return BoolExpr(new const PrimitiveBoolExprImpl(num, arg_type, mask, val));
278 } 276 }
279 277
280 } // namespace internal 278 } // namespace internal
281 279
282 ResultExpr Allow() { 280 ResultExpr Allow() {
283 return ResultExpr(new const AllowResultExprImpl()); 281 return ResultExpr(new const AllowResultExprImpl());
284 } 282 }
285 283
286 ResultExpr Error(int err) { 284 ResultExpr Error(int err) {
287 return ResultExpr(new const ErrorResultExprImpl(err)); 285 return ResultExpr(new const ErrorResultExprImpl(err));
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
367 new const IfThenResultExprImpl(clause.first, clause.second, expr)); 365 new const IfThenResultExprImpl(clause.first, clause.second, expr));
368 } 366 }
369 return expr; 367 return expr;
370 } 368 }
371 369
372 } // namespace bpf_dsl 370 } // namespace bpf_dsl
373 } // namespace sandbox 371 } // namespace sandbox
374 372
375 template class scoped_refptr<const sandbox::bpf_dsl::internal::BoolExprImpl>; 373 template class scoped_refptr<const sandbox::bpf_dsl::internal::BoolExprImpl>;
376 template class scoped_refptr<const sandbox::bpf_dsl::internal::ResultExprImpl>; 374 template class scoped_refptr<const sandbox::bpf_dsl::internal::ResultExprImpl>;
OLDNEW
« no previous file with comments | « sandbox/linux/BUILD.gn ('k') | sandbox/linux/bpf_dsl/bpf_dsl_impl.h » ('j') | sandbox/linux/bpf_dsl/policy_compiler.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698