sandbox/linux/bpf_dsl: remove ErrorCode intermediary representation

sandbox/linux/bpf_dsl/errorcode.h

Index: sandbox/linux/bpf_dsl/errorcode.h
diff --git a/sandbox/linux/bpf_dsl/errorcode.h b/sandbox/linux/bpf_dsl/errorcode.h
index 15f8339e51bdc5ce243b66af8fcb51461aee5afc..611c27dd80712e51689c18e3a6bad8ff0526dc2c 100644
--- a/sandbox/linux/bpf_dsl/errorcode.h
+++ b/sandbox/linux/bpf_dsl/errorcode.h
@@ -5,46 +5,17 @@
 #ifndef SANDBOX_LINUX_BPF_DSL_ERRORCODE_H__
 #define SANDBOX_LINUX_BPF_DSL_ERRORCODE_H__
 
-#include "sandbox/linux/bpf_dsl/trap_registry.h"
+#include "base/macros.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {
 namespace bpf_dsl {
 
-// This class holds all the possible values that can be returned by a sandbox
-// policy.
-// We can either wrap a symbolic ErrorCode (i.e. ERR_XXX enum values), an
-// errno value (in the range 0..4095), a pointer to a TrapFnc callback
-// handling a SECCOMP_RET_TRAP trap, or a complex constraint.
-// All of the commonly used values are stored in the "err_" field. So, code
-// that is using the ErrorCode class typically operates on a single 32bit
-// field.
-//
-// TODO(mdempsky): Nuke from orbit. The only reason this class still
-// exists is for Verifier, which will eventually be replaced by a true
-// BPF symbolic evaluator and constraint solver.
+// TODO(mdempsky): Find a proper home for ERR_{MIN,MAX}_ERRNO and
+// remove this header.
 class SANDBOX_EXPORT ErrorCode {
  public:
   enum {
-    // Allow this system call. The value of ERR_ALLOWED is pretty much
-    // completely arbitrary. But we want to pick it so that is is unlikely
-    // to be passed in accidentally, when the user intended to return an
-    // "errno" (see below) value instead.
-    ERR_ALLOWED = 0x04000000,
-
-    // If the progress is being ptraced with PTRACE_O_TRACESECCOMP, then the
-    // tracer will be notified of a PTRACE_EVENT_SECCOMP and allowed to change
-    // or skip the system call.  The lower 16 bits of err will be available to
-    // the tracer via PTRACE_GETEVENTMSG.
-    ERR_TRACE = 0x08000000,
-
-    // Kill the process immediately.
-    ERR_KILL = 0x10000000,
-
-    // Deny the system call with a particular "errno" value.
-    // N.B.: It is also possible to return "0" here. That would normally
-    //       indicate success, but it won't actually run the system call.
-    //       This is very different from return ERR_ALLOWED.
     ERR_MIN_ERRNO = 0,
 #if defined(__mips__)
     // MIPS only supports errno up to 1133
@@ -56,147 +27,8 @@ class SANDBOX_EXPORT ErrorCode {
 #endif
   };
 
-  // While BPF filter programs always operate on 32bit quantities, the kernel
-  // always sees system call arguments as 64bit values. This statement is true
-  // no matter whether the host system is natively operating in 32bit or 64bit.
-  // The BPF compiler hides the fact that BPF instructions cannot directly
-  // access 64bit quantities. But policies are still advised to specify whether
-  // a system call expects a 32bit or a 64bit quantity.
-  enum ArgType {
-    // When passed as an argument to SandboxBPF::Cond(), TP_32BIT requests that
-    // the conditional test should operate on the 32bit part of the system call
-    // argument.
-    // On 64bit architectures, this verifies that user space did not pass
-    // a 64bit value as an argument to the system call. If it did, that will be
-    // interpreted as an attempt at breaking the sandbox and results in the
-    // program getting terminated.
-    // In other words, only perform a 32bit test, if you are sure this
-    // particular system call would never legitimately take a 64bit
-    // argument.
-    // Implementation detail: TP_32BIT does two things. 1) it restricts the
-    // conditional test to operating on the LSB only, and 2) it adds code to
-    // the BPF filter program verifying that the MSB  the kernel received from
-    // user space is either 0, or 0xFFFFFFFF; the latter is acceptable, iff bit
-    // 31 was set in the system call argument. It deals with 32bit arguments
-    // having been sign extended.
-    TP_32BIT,
-
-    // When passed as an argument to SandboxBPF::Cond(), TP_64BIT requests that
-    // the conditional test should operate on the full 64bit argument. It is
-    // generally harmless to perform a 64bit test on 32bit systems, as the
-    // kernel will always see the top 32 bits of all arguments as zero'd out.
-    // This approach has the desirable property that for tests of pointer
-    // values, we can always use TP_64BIT no matter the host architecture.
-    // But of course, that also means, it is possible to write conditional
-    // policies that turn into no-ops on 32bit systems; this is by design.
-    TP_64BIT,
-  };
-
-  // Deprecated.
-  enum Operation {
-    // Test whether the system call argument is equal to the operand.
-    OP_EQUAL,
-
-    // Tests a system call argument against a bit mask.
-    // The "ALL_BITS" variant performs this test: "arg & mask == mask"
-    // This implies that a mask of zero always results in a passing test.
-    // The "ANY_BITS" variant performs this test: "arg & mask != 0"
-    // This implies that a mask of zero always results in a failing test.
-    OP_HAS_ALL_BITS,
-    OP_HAS_ANY_BITS,
-  };
-
-  enum ErrorType {
-    ET_INVALID,
-    ET_SIMPLE,
-    ET_TRAP,
-    ET_COND,
-  };
-
-  // We allow the default constructor, as it makes the ErrorCode class
-  // much easier to use. But if we ever encounter an invalid ErrorCode
-  // when compiling a BPF filter, we deliberately generate an invalid
-  // program that will get flagged both by our Verifier class and by
-  // the Linux kernel.
-  ErrorCode();
-  explicit ErrorCode(int err);
-
-  // For all practical purposes, ErrorCodes are treated as if they were
-  // structs. The copy constructor and assignment operator are trivial and
-  // we do not need to explicitly specify them.
-  // Most notably, it is in fact perfectly OK to directly copy the passed_ and
-  // failed_ field. They only ever get set by our private constructor, and the
-  // callers handle life-cycle management for these objects.
-
-  // Destructor
-  ~ErrorCode() {}
-
-  bool Equals(const ErrorCode& err) const;
-  bool LessThan(const ErrorCode& err) const;
-
-  uint32_t err() const { return err_; }
-  ErrorType error_type() const { return error_type_; }
-
-  bool safe() const { return safe_; }
-
-  uint64_t mask() const { return mask_; }
-  uint64_t value() const { return value_; }
-  int argno() const { return argno_; }
-  ArgType width() const { return width_; }
-  const ErrorCode* passed() const { return passed_; }
-  const ErrorCode* failed() const { return failed_; }
-
-  struct LessThan {
-    bool operator()(const ErrorCode& a, const ErrorCode& b) const {
-      return a.LessThan(b);
-    }
-  };
-
  private:
-  friend class PolicyCompiler;
-
-  // If we are wrapping a callback, we must assign a unique id. This id is
-  // how the kernel tells us which one of our different SECCOMP_RET_TRAP
-  // cases has been triggered.
-  ErrorCode(uint16_t trap_id,
-            TrapRegistry::TrapFnc fnc,
-            const void* aux,
-            bool safe);
-
-  // Some system calls require inspection of arguments. This constructor
-  // allows us to specify additional constraints.
-  ErrorCode(int argno,
-            ArgType width,
-            uint64_t mask,
-            uint64_t value,
-            const ErrorCode* passed,
-            const ErrorCode* failed);
-
-  ErrorType error_type_;
-
-  union {
-    // Fields needed for SECCOMP_RET_TRAP callbacks
-    struct {
-      TrapRegistry::TrapFnc fnc_;  // Callback function and arg, if trap was
-      void* aux_;                  //   triggered by the kernel's BPF filter.
-      bool safe_;                  // Keep sandbox active while calling fnc_()
-    };
-
-    // Fields needed when inspecting additional arguments.
-    struct {
-      uint64_t mask_;            // Mask that we are comparing under.
-      uint64_t value_;           // Value that we are comparing with.
-      int argno_;                // Syscall arg number that we are inspecting.
-      ArgType width_;            // Whether we are looking at a 32/64bit value.
-      const ErrorCode* passed_;  // Value to be returned if comparison passed,
-      const ErrorCode* failed_;  //   or if it failed.
-    };
-  };
-
-  // 32bit field used for all possible types of ErrorCode values. This is
-  // the value that uniquely identifies any ErrorCode and it (typically) can
-  // be emitted directly into a BPF filter program.
-  uint32_t err_;
+  DISALLOW_IMPLICIT_CONSTRUCTORS(ErrorCode);
 };
 
 }  // namespace bpf_dsl