Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(162)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/bpf_dsl/bpf_dsl.cc

Issue 391043003: Revert of Add domain-specific language for BPF policies (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl.h ('k') | sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/bpf_dsl/bpf_dsl.cc
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl.cc b/sandbox/linux/bpf_dsl/bpf_dsl.cc
deleted file mode 100644
index 66cd09c22027902a5e7d4ed057a24d0883911365..0000000000000000000000000000000000000000
--- a/sandbox/linux/bpf_dsl/bpf_dsl.cc
+++ /dev/null
@@ -1,278 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-
-#include <errno.h>
-
-#include "base/logging.h"
-#include "base/memory/ref_counted.h"
-#include "sandbox/linux/seccomp-bpf/errorcode.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-
-using namespace sandbox::bpf_dsl::internal;
-typedef ::sandbox::Trap::TrapFnc TrapFnc;
-
-namespace sandbox {
-namespace bpf_dsl {
-namespace {
-
-class AllowResultExprImpl : public ResultExprImpl {
- public:
- AllowResultExprImpl() {}
- virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
- return ErrorCode(ErrorCode::ERR_ALLOWED);
- }
-
- private:
- virtual ~AllowResultExprImpl() {}
- DISALLOW_COPY_AND_ASSIGN(AllowResultExprImpl);
-};
-
-class ErrorResultExprImpl : public ResultExprImpl {
- public:
- explicit ErrorResultExprImpl(int err) : err_(err) {
- CHECK(err_ >= ErrorCode::ERR_MIN_ERRNO && err_ <= ErrorCode::ERR_MAX_ERRNO);
- }
- virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
- return ErrorCode(err_);
- }
-
- private:
- virtual ~ErrorResultExprImpl() {}
- int err_;
- DISALLOW_COPY_AND_ASSIGN(ErrorResultExprImpl);
-};
-
-class TrapResultExprImpl : public ResultExprImpl {
- public:
- TrapResultExprImpl(TrapFnc func, void* arg) : func_(func), arg_(arg) {
- DCHECK(func_);
- }
- virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
- return sb->Trap(func_, arg_);
- }
-
- private:
- virtual ~TrapResultExprImpl() {}
- TrapFnc func_;
- void* arg_;
- DISALLOW_COPY_AND_ASSIGN(TrapResultExprImpl);
-};
-
-class IfThenResultExprImpl : public ResultExprImpl {
- public:
- IfThenResultExprImpl(BoolExpr cond,
- ResultExpr then_result,
- ResultExpr else_result)
- : cond_(cond), then_result_(then_result), else_result_(else_result) {}
- virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
- return cond_->Compile(
- sb, then_result_->Compile(sb), else_result_->Compile(sb));
- }
-
- private:
- virtual ~IfThenResultExprImpl() {}
- BoolExpr cond_;
- ResultExpr then_result_;
- ResultExpr else_result_;
- DISALLOW_COPY_AND_ASSIGN(IfThenResultExprImpl);
-};
-
-class PrimitiveBoolExprImpl : public BoolExprImpl {
- public:
- PrimitiveBoolExprImpl(int argno,
- ErrorCode::ArgType is_32bit,
- ErrorCode::Operation op,
- uint64_t value)
- : argno_(argno), is_32bit_(is_32bit), op_(op), value_(value) {}
- virtual ErrorCode Compile(SandboxBPF* sb,
- ErrorCode true_ec,
- ErrorCode false_ec) const OVERRIDE {
- return sb->Cond(argno_, is_32bit_, op_, value_, true_ec, false_ec);
- }
-
- private:
- virtual ~PrimitiveBoolExprImpl() {}
- int argno_;
- ErrorCode::ArgType is_32bit_;
- ErrorCode::Operation op_;
- uint64_t value_;
- DISALLOW_COPY_AND_ASSIGN(PrimitiveBoolExprImpl);
-};
-
-class NegateBoolExprImpl : public BoolExprImpl {
- public:
- explicit NegateBoolExprImpl(BoolExpr cond) : cond_(cond) {}
- virtual ErrorCode Compile(SandboxBPF* sb,
- ErrorCode true_ec,
- ErrorCode false_ec) const OVERRIDE {
- return cond_->Compile(sb, false_ec, true_ec);
- }
-
- private:
- virtual ~NegateBoolExprImpl() {}
- BoolExpr cond_;
- DISALLOW_COPY_AND_ASSIGN(NegateBoolExprImpl);
-};
-
-class AndBoolExprImpl : public BoolExprImpl {
- public:
- AndBoolExprImpl(BoolExpr lhs, BoolExpr rhs) : lhs_(lhs), rhs_(rhs) {}
- virtual ErrorCode Compile(SandboxBPF* sb,
- ErrorCode true_ec,
- ErrorCode false_ec) const OVERRIDE {
- return lhs_->Compile(sb, rhs_->Compile(sb, true_ec, false_ec), false_ec);
- }
-
- private:
- virtual ~AndBoolExprImpl() {}
- BoolExpr lhs_, rhs_;
- DISALLOW_COPY_AND_ASSIGN(AndBoolExprImpl);
-};
-
-class OrBoolExprImpl : public BoolExprImpl {
- public:
- OrBoolExprImpl(BoolExpr lhs, BoolExpr rhs) : lhs_(lhs), rhs_(rhs) {}
- virtual ErrorCode Compile(SandboxBPF* sb,
- ErrorCode true_ec,
- ErrorCode false_ec) const OVERRIDE {
- return lhs_->Compile(sb, true_ec, rhs_->Compile(sb, true_ec, false_ec));
- }
-
- private:
- virtual ~OrBoolExprImpl() {}
- BoolExpr lhs_, rhs_;
- DISALLOW_COPY_AND_ASSIGN(OrBoolExprImpl);
-};
-
-} // namespace
-
-namespace internal {
-
-BoolExpr ArgEq(int num, size_t size, uint64_t mask, uint64_t val) {
- CHECK(num >= 0 && num < 6);
- CHECK(size >= 1 && size <= 8);
- CHECK_NE(0U, mask) << "zero mask doesn't make sense";
- CHECK_EQ(val, val & mask) << "val contains masked out bits";
-
- // TODO(mdempsky): Should we just always use TP_64BIT?
- const ErrorCode::ArgType arg_type =
- (size <= 4) ? ErrorCode::TP_32BIT : ErrorCode::TP_64BIT;
-
- if (mask == static_cast<uint64_t>(-1)) {
- // Arg == Val
- return BoolExpr(new const PrimitiveBoolExprImpl(
- num, arg_type, ErrorCode::OP_EQUAL, val));
- } else if (mask == val) {
- // (Arg & Mask) == Mask
- return BoolExpr(new const PrimitiveBoolExprImpl(
- num, arg_type, ErrorCode::OP_HAS_ALL_BITS, mask));
- } else if (val == 0) {
- // (Arg & Mask) == 0, which is semantically equivalent to !((arg & mask) !=
- // 0).
- return !BoolExpr(new const PrimitiveBoolExprImpl(
- num, arg_type, ErrorCode::OP_HAS_ANY_BITS, mask));
- } else {
- CHECK(false) << "Unimplemented ArgEq case";
- return BoolExpr();
- }
-}
-
-} // namespace internal
-
-ResultExpr Allow() {
- return ResultExpr(new const AllowResultExprImpl());
-}
-
-ResultExpr Error(int err) {
- return ResultExpr(new const ErrorResultExprImpl(err));
-}
-
-ResultExpr Trap(TrapFnc trap_func, void* aux) {
- return ResultExpr(new const TrapResultExprImpl(trap_func, aux));
-}
-
-BoolExpr operator!(BoolExpr cond) {
- return BoolExpr(new const NegateBoolExprImpl(cond));
-}
-
-BoolExpr operator&&(BoolExpr lhs, BoolExpr rhs) {
- return BoolExpr(new const AndBoolExprImpl(lhs, rhs));
-}
-
-BoolExpr operator||(BoolExpr lhs, BoolExpr rhs) {
- return BoolExpr(new const OrBoolExprImpl(lhs, rhs));
-}
-
-Elser If(BoolExpr cond, ResultExpr then_result) {
- return Elser(Cons<Elser::Clause>::List()).ElseIf(cond, then_result);
-}
-
-Elser::Elser(Cons<Clause>::List clause_list) : clause_list_(clause_list) {
-}
-
-Elser::Elser(const Elser& elser) : clause_list_(elser.clause_list_) {
-}
-
-Elser::~Elser() {
-}
-
-Elser Elser::ElseIf(BoolExpr cond, ResultExpr then_result) const {
- return Elser(
- Cons<Clause>::Make(std::make_pair(cond, then_result), clause_list_));
-}
-
-ResultExpr Elser::Else(ResultExpr else_result) const {
- // We finally have the default result expression for this
- // if/then/else sequence. Also, we've already accumulated all
- // if/then pairs into a list of reverse order (i.e., lower priority
- // conditions are listed before higher priority ones). E.g., an
- // expression like
- //
- // If(b1, e1).ElseIf(b2, e2).ElseIf(b3, e3).Else(e4)
- //
- // will have built up a list like
- //
- // [(b3, e3), (b2, e2), (b1, e1)].
- //
- // Now that we have e4, we can walk the list and create a ResultExpr
- // tree like:
- //
- // expr = e4
- // expr = (b3 ? e3 : expr) = (b3 ? e3 : e4)
- // expr = (b2 ? e2 : expr) = (b2 ? e2 : (b3 ? e3 : e4))
- // expr = (b1 ? e1 : expr) = (b1 ? e1 : (b2 ? e2 : (b3 ? e3 : e4)))
- //
- // and end up with an appropriately chained tree.
-
- ResultExpr expr = else_result;
- for (Cons<Clause>::List it = clause_list_; it; it = it->tail()) {
- Clause clause = it->head();
- expr = ResultExpr(
- new const IfThenResultExprImpl(clause.first, clause.second, expr));
- }
- return expr;
-}
-
-ResultExpr SandboxBPFDSLPolicy::InvalidSyscall() const {
- return Error(ENOSYS);
-}
-
-ErrorCode SandboxBPFDSLPolicy::EvaluateSyscall(SandboxBPF* sb,
- int sysno) const {
- return EvaluateSyscall(sysno)->Compile(sb);
-}
-
-ErrorCode SandboxBPFDSLPolicy::InvalidSyscall(SandboxBPF* sb) const {
- return InvalidSyscall()->Compile(sb);
-}
-
-ResultExpr SandboxBPFDSLPolicy::Trap(::sandbox::Trap::TrapFnc trap_func,
- void* aux) {
- return bpf_dsl::Trap(trap_func, aux);
-}
-
-} // namespace bpf_dsl
-} // namespace sandbox
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl.h ('k') | sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698