Clean-up the SandboxSyscall interface

sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <errno.h>
 #include <pthread.h>
 #include <sched.h>
 #include <signal.h>
 #include <sys/prctl.h>
 #include <sys/ptrace.h>
@@ skipping 1186 matching lines @@
     // Reset args[arg_value.argno]. This is not technically needed, but it
     // makes it easier to reason about the correctness of our tests.
     args[arg_value.argno] = 0;
   }
 
   void VerifyErrno(int sysno, intptr_t* args, int err) {
     // We installed BPF filters that return different errno values
     // based on the system call number and the parameters that we decided
     // to pass in. Verify that this condition holds true.
     BPF_ASSERT(
-        SandboxSyscall(
+        Syscall::Call(
             sysno, args[0], args[1], args[2], args[3], args[4], args[5]) ==
         -err);
   }
 
   // Vector of ArgValue trees. These trees define all the possible boolean
   // expressions that we want to turn into a BPF filter program.
   std::vector<ArgValue*> arg_values_;
 
   // Don't increase these values. We are pushing the limits of the maximum
   // BPF program that the kernel will allow us to load. If the values are
@@ skipping 54 matching lines @@
                       ErrorCode::TP_64BIT,
                       ErrorCode::OP_EQUAL,
                       0x55555555AAAAAAAAULL,
                       ErrorCode(1),
                       ErrorCode(2)));
   }
   return ErrorCode(ErrorCode::ERR_ALLOWED);
 }
 
 BPF_TEST_C(SandboxBPF, EqualityArgumentWidth, EqualityArgumentWidthPolicy) {
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 0, 0x55555555) == -1);
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 0, 0xAAAAAAAA) == -2);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 0, 0x55555555) == -1);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 0, 0xAAAAAAAA) == -2);
 #if __SIZEOF_POINTER__ > 4
   // On 32bit machines, there is no way to pass a 64bit argument through the
   // syscall interface. So, we have to skip the part of the test that requires
   // 64bit arguments.
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 1, 0x55555555AAAAAAAAULL) == -1);
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 1, 0x5555555500000000ULL) == -2);
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 1, 0x5555555511111111ULL) == -2);
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 1, 0x11111111AAAAAAAAULL) == -2);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x55555555AAAAAAAAULL) == -1);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x5555555500000000ULL) == -2);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x5555555511111111ULL) == -2);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x11111111AAAAAAAAULL) == -2);
 #else
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 1, 0x55555555) == -2);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x55555555) == -2);
 #endif
 }
 
 #if __SIZEOF_POINTER__ > 4
 // On 32bit machines, there is no way to pass a 64bit argument through the
 // syscall interface. So, we have to skip the part of the test that requires
 // 64bit arguments.
 BPF_DEATH_TEST_C(SandboxBPF,
                  EqualityArgumentUnallowed64bit,
                  DEATH_MESSAGE("Unexpected 64bit argument detected"),
                  EqualityArgumentWidthPolicy) {
-  SandboxSyscall(__NR_uname, 0, 0x5555555555555555ULL);
+  Syscall::Call(__NR_uname, 0, 0x5555555555555555ULL);
 }
 #endif
 
 class EqualityWithNegativeArgumentsPolicy : public SandboxBPFPolicy {
  public:
   EqualityWithNegativeArgumentsPolicy() {}
   virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
                                     int sysno) const OVERRIDE {
     DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
     if (sysno == __NR_uname) {
       return sandbox->Cond(0,
                            ErrorCode::TP_32BIT,
                            ErrorCode::OP_EQUAL,
                            0xFFFFFFFF,
                            ErrorCode(1),
                            ErrorCode(2));
     }
     return ErrorCode(ErrorCode::ERR_ALLOWED);
   }
 
  private:
   DISALLOW_COPY_AND_ASSIGN(EqualityWithNegativeArgumentsPolicy);
 };
 
 BPF_TEST_C(SandboxBPF,
            EqualityWithNegativeArguments,
            EqualityWithNegativeArgumentsPolicy) {
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 0xFFFFFFFF) == -1);
-  BPF_ASSERT(SandboxSyscall(__NR_uname, -1) == -1);
-  BPF_ASSERT(SandboxSyscall(__NR_uname, -1LL) == -1);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 0xFFFFFFFF) == -1);
+  BPF_ASSERT(Syscall::Call(__NR_uname, -1) == -1);
+  BPF_ASSERT(Syscall::Call(__NR_uname, -1LL) == -1);
 }
 
 #if __SIZEOF_POINTER__ > 4
 BPF_DEATH_TEST_C(SandboxBPF,
                  EqualityWithNegative64bitArguments,
                  DEATH_MESSAGE("Unexpected 64bit argument detected"),
                  EqualityWithNegativeArgumentsPolicy) {
   // When expecting a 32bit system call argument, we look at the MSB of the
   // 64bit value and allow both "0" and "-1". But the latter is allowed only
   // iff the LSB was negative. So, this death test should error out.
-  BPF_ASSERT(SandboxSyscall(__NR_uname, 0xFFFFFFFF00000000LL) == -1);
+  BPF_ASSERT(Syscall::Call(__NR_uname, 0xFFFFFFFF00000000LL) == -1);
 }
 #endif
 class AllBitTestPolicy : public SandboxBPFPolicy {
  public:
   AllBitTestPolicy() {}
   virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
                                     int sysno) const OVERRIDE;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(AllBitTestPolicy);
@@ skipping 69 matching lines @@
 }
 
 // Define a macro that performs tests using our test policy.
 // NOTE: Not all of the arguments in this macro are actually used!
 //       They are here just to serve as documentation of the conditions
 //       implemented in the test policy.
 //       Most notably, "op" and "mask" are unused by the macro. If you want
 //       to make changes to these values, you will have to edit the
 //       test policy instead.
 #define BITMASK_TEST(testcase, arg, op, mask, expected_value) \
-  BPF_ASSERT(SandboxSyscall(__NR_uname, (testcase), (arg)) == (expected_value))
+  BPF_ASSERT(Syscall::Call(__NR_uname, (testcase), (arg)) == (expected_value))
 
 // Our uname() system call returns ErrorCode(1) for success and
-// ErrorCode(0) for failure. SandboxSyscall() turns this into an
+// ErrorCode(0) for failure. Syscall::Call() turns this into an
 // exit code of -1 or 0.
 #define EXPECT_FAILURE 0
 #define EXPECT_SUCCESS -1
 
 // A couple of our tests behave differently on 32bit and 64bit systems, as
 // there is no way for a 32bit system call to pass in a 64bit system call
 // argument "arg".
 // We expect these tests to succeed on 64bit systems, but to tail on 32bit
 // systems.
 #define EXPT64_SUCCESS (sizeof(void*) > 4 ? EXPECT_SUCCESS : EXPECT_FAILURE)
@@ skipping 409 matching lines @@
                          ErrorCode(ErrorCode::ERR_ALLOWED))),
                          sandbox->Trap(PthreadTrapHandler,
                                        "Missing mandatory CLONE_XXX flags "
                                        "when creating new thread")));
   }
   return ErrorCode(ErrorCode::ERR_ALLOWED);
 }
 
 static void* ThreadFnc(void* arg) {
   ++*reinterpret_cast<int*>(arg);
-  SandboxSyscall(__NR_futex, arg, FUTEX_WAKE, 1, 0, 0, 0);
+  Syscall::Call(__NR_futex, arg, FUTEX_WAKE, 1, 0, 0, 0);
   return NULL;
 }
 
 static void PthreadTest() {
   // Attempt to start a joinable thread. This should succeed.
   pthread_t thread;
   int thread_ran = 0;
   BPF_ASSERT(!pthread_create(&thread, NULL, ThreadFnc, &thread_ran));
   BPF_ASSERT(!pthread_join(thread, NULL));
   BPF_ASSERT(thread_ran);
 
   // Attempt to start a detached thread. This should succeed.
   thread_ran = 0;
   pthread_attr_t attr;
   BPF_ASSERT(!pthread_attr_init(&attr));
   BPF_ASSERT(!pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED));
   BPF_ASSERT(!pthread_create(&thread, &attr, ThreadFnc, &thread_ran));
   BPF_ASSERT(!pthread_attr_destroy(&attr));
-  while (SandboxSyscall(__NR_futex, &thread_ran, FUTEX_WAIT, 0, 0, 0, 0) ==
+  while (Syscall::Call(__NR_futex, &thread_ran, FUTEX_WAIT, 0, 0, 0, 0) ==
          -EINTR) {
   }
   BPF_ASSERT(thread_ran);
 
   // Attempt to fork() a process using clone(). This should fail. We use the
   // same flags that glibc uses when calling fork(). But we don't actually
   // try calling the fork() implementation in the C run-time library, as
   // run-time libraries other than glibc might call __NR_fork instead of
   // __NR_clone, and that would introduce a bogus test failure.
   int pid;
-  BPF_ASSERT(SandboxSyscall(__NR_clone,
-                            CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD,
-                            0,
-                            0,
-                            &pid) == -EPERM);
+  BPF_ASSERT(Syscall::Call(__NR_clone,
+                           CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD,
+                           0,
+                           0,
+                           &pid) == -EPERM);
 }
 
 BPF_TEST_C(SandboxBPF, PthreadEquality, PthreadPolicyEquality) {
   PthreadTest();
 }
 
 BPF_TEST_C(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) {
   PthreadTest();
 }
 
@@ skipping 109 matching lines @@
         break;
     }
 
     BPF_ASSERT_NE(-1, ptrace(PTRACE_CONT, pid, NULL, NULL));
   }
 }
 
 }  // namespace
 
 }  // namespace sandbox