content/common/sandbox_linux/sandbox_bpf_base_policy_linux.cc - Issue 299683004: Rewrite all BPF policies to use DSL API

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: content/common/sandbox_linux/sandbox_bpf_base_policy_linux.cc

Issue 299683004: Rewrite all BPF policies to use DSL API Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Overhaul of DSL and implementation Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"	5 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8	8

9 #include "base/logging.h"	9 #include "base/logging.h"

10 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"	10 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"

	11 #include "sandbox/linux/seccomp-bpf-helpers/bpf_dsl.h"

11	12

12 namespace content {	13 namespace content {

13	14

14 namespace {	15 namespace {

15	16

16 // The errno used for denied file system access system calls, such as open(2).	17 // The errno used for denied file system access system calls, such as open(2).

17 static const int kFSDeniedErrno = EPERM;	18 static const int kFSDeniedErrno = EPERM;

18	19

19 } // namespace.	20 } // namespace.

20	21

21 SandboxBPFBasePolicy::SandboxBPFBasePolicy()	22 SandboxBPFBasePolicy::SandboxBPFBasePolicy()

22 : baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {}	23 : baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {}

23 SandboxBPFBasePolicy::~SandboxBPFBasePolicy() {}	24 SandboxBPFBasePolicy::~SandboxBPFBasePolicy() {}

24	25

25 ErrorCode SandboxBPFBasePolicy::EvaluateSyscall(SandboxBPF* sandbox_compiler,	26 sandbox::bpf_dsl::ResultExpr SandboxBPFBasePolicy::EvaluateSyscall(

26 int system_call_number) const {	27 int system_call_number) const {

27 DCHECK(baseline_policy_);	28 DCHECK(baseline_policy_);

28 return baseline_policy_->EvaluateSyscall(sandbox_compiler,	29 return baseline_policy_->EvaluateSyscall(system_call_number);

29 system_call_number);

30 }	30 }

31	31

32 bool SandboxBPFBasePolicy::PreSandboxHook() {	32 bool SandboxBPFBasePolicy::PreSandboxHook() {

33 return true;	33 return true;

34 }	34 }

35	35

36 int SandboxBPFBasePolicy::GetFSDeniedErrno() {	36 int SandboxBPFBasePolicy::GetFSDeniedErrno() {

37 return kFSDeniedErrno;	37 return kFSDeniedErrno;

38 }	38 }

39	39

40 } // namespace content.	40 } // namespace content.

OLD	NEW