sandbox/linux/seccomp-bpf/verifier.cc - Issue 293463002: Add SandboxBPFPolicy::InvalidSyscall() to simplify writing policies

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/linux/seccomp-bpf/verifier.cc

Issue 293463002: Add SandboxBPFPolicy::InvalidSyscall() to simplify writing policies (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <string.h>	5 #include <string.h>

6	6

7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"	7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"

8 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"	8 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"

9 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"	9 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"

10 #include "sandbox/linux/seccomp-bpf/verifier.h"	10 #include "sandbox/linux/seccomp-bpf/verifier.h"

(...skipping 369 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
380 #if defined(__x86_64__) && defined(__ILP32__)	380 #if defined(__x86_64__) && defined(__ILP32__)

381 if (!(sysnum & 0x40000000u)) {	381 if (!(sysnum & 0x40000000u)) {

382 continue;	382 continue;

383 }	383 }

384 #else	384 #else

385 if (sysnum & 0x40000000u) {	385 if (sysnum & 0x40000000u) {

386 continue;	386 continue;

387 }	387 }

388 #endif	388 #endif

389 #endif	389 #endif

390 ErrorCode code = policy.EvaluateSyscall(sandbox, sysnum);	390 ErrorCode code = iter.IsValid(sysnum)

	391 ? policy.EvaluateSyscall(sandbox, sysnum)

	392 : policy.InvalidSyscall(sandbox);

391 if (!VerifyErrorCode(sandbox, program, &data, code, code, err)) {	393 if (!VerifyErrorCode(sandbox, program, &data, code, code, err)) {

392 return false;	394 return false;

393 }	395 }

394 }	396 }

395 return true;	397 return true;

396 }	398 }

397	399

398 uint32_t Verifier::EvaluateBPF(const std::vector<struct sock_filter>& program,	400 uint32_t Verifier::EvaluateBPF(const std::vector<struct sock_filter>& program,

399 const struct arch_seccomp_data& data,	401 const struct arch_seccomp_data& data,

400 const char** err) {	402 const char** err) {

(...skipping 36 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
437 break;	439 break;

438 default:	440 default:

439 *err = "Unexpected instruction in BPF program";	441 *err = "Unexpected instruction in BPF program";

440 break;	442 break;

441 }	443 }

442 }	444 }

443 return 0;	445 return 0;

444 }	446 }

445	447

446 } // namespace sandbox	448 } // namespace sandbox

OLD	NEW

« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc ('k') | no next file » | no next file with comments »