| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| 7 | 7 |
| 8 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" | 8 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" |
| 9 #include "sandbox/linux/seccomp-bpf/trap.h" | 9 #include "sandbox/linux/seccomp-bpf/trap.h" |
| 10 #include "sandbox/sandbox_export.h" | 10 #include "sandbox/sandbox_export.h" |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 80 // the conditional test should operate on the full 64bit argument. It is | 80 // the conditional test should operate on the full 64bit argument. It is |
| 81 // generally harmless to perform a 64bit test on 32bit systems, as the | 81 // generally harmless to perform a 64bit test on 32bit systems, as the |
| 82 // kernel will always see the top 32 bits of all arguments as zero'd out. | 82 // kernel will always see the top 32 bits of all arguments as zero'd out. |
| 83 // This approach has the desirable property that for tests of pointer | 83 // This approach has the desirable property that for tests of pointer |
| 84 // values, we can always use TP_64BIT no matter the host architecture. | 84 // values, we can always use TP_64BIT no matter the host architecture. |
| 85 // But of course, that also means, it is possible to write conditional | 85 // But of course, that also means, it is possible to write conditional |
| 86 // policies that turn into no-ops on 32bit systems; this is by design. | 86 // policies that turn into no-ops on 32bit systems; this is by design. |
| 87 TP_64BIT, | 87 TP_64BIT, |
| 88 }; | 88 }; |
| 89 | 89 |
| 90 // Deprecated. |
| 90 enum Operation { | 91 enum Operation { |
| 91 // Test whether the system call argument is equal to the operand. | 92 // Test whether the system call argument is equal to the operand. |
| 92 OP_EQUAL, | 93 OP_EQUAL, |
| 93 | 94 |
| 94 // Test whether the system call argument is greater (or equal) to the | |
| 95 // operand. Please note that all tests always operate on unsigned | |
| 96 // values. You can generally emulate signed tests, if that's what you | |
| 97 // need. | |
| 98 // TODO(markus): Check whether we should automatically emulate signed | |
| 99 // operations. | |
| 100 OP_GREATER_UNSIGNED, | |
| 101 OP_GREATER_EQUAL_UNSIGNED, | |
| 102 | |
| 103 // Tests a system call argument against a bit mask. | 95 // Tests a system call argument against a bit mask. |
| 104 // The "ALL_BITS" variant performs this test: "arg & mask == mask" | 96 // The "ALL_BITS" variant performs this test: "arg & mask == mask" |
| 105 // This implies that a mask of zero always results in a passing test. | 97 // This implies that a mask of zero always results in a passing test. |
| 106 // The "ANY_BITS" variant performs this test: "arg & mask != 0" | 98 // The "ANY_BITS" variant performs this test: "arg & mask != 0" |
| 107 // This implies that a mask of zero always results in a failing test. | 99 // This implies that a mask of zero always results in a failing test. |
| 108 OP_HAS_ALL_BITS, | 100 OP_HAS_ALL_BITS, |
| 109 OP_HAS_ANY_BITS, | 101 OP_HAS_ANY_BITS, |
| 110 | |
| 111 // Total number of operations. | |
| 112 OP_NUM_OPS, | |
| 113 }; | 102 }; |
| 114 | 103 |
| 115 enum ErrorType { | 104 enum ErrorType { |
| 116 ET_INVALID, | 105 ET_INVALID, |
| 117 ET_SIMPLE, | 106 ET_SIMPLE, |
| 118 ET_TRAP, | 107 ET_TRAP, |
| 119 ET_COND, | 108 ET_COND, |
| 120 }; | 109 }; |
| 121 | 110 |
| 122 // We allow the default constructor, as it makes the ErrorCode class | 111 // We allow the default constructor, as it makes the ErrorCode class |
| (...skipping 15 matching lines...) Expand all Loading... |
| 138 ~ErrorCode() {} | 127 ~ErrorCode() {} |
| 139 | 128 |
| 140 bool Equals(const ErrorCode& err) const; | 129 bool Equals(const ErrorCode& err) const; |
| 141 bool LessThan(const ErrorCode& err) const; | 130 bool LessThan(const ErrorCode& err) const; |
| 142 | 131 |
| 143 uint32_t err() const { return err_; } | 132 uint32_t err() const { return err_; } |
| 144 ErrorType error_type() const { return error_type_; } | 133 ErrorType error_type() const { return error_type_; } |
| 145 | 134 |
| 146 bool safe() const { return safe_; } | 135 bool safe() const { return safe_; } |
| 147 | 136 |
| 137 uint64_t mask() const { return mask_; } |
| 148 uint64_t value() const { return value_; } | 138 uint64_t value() const { return value_; } |
| 149 int argno() const { return argno_; } | 139 int argno() const { return argno_; } |
| 150 ArgType width() const { return width_; } | 140 ArgType width() const { return width_; } |
| 151 Operation op() const { return op_; } | |
| 152 const ErrorCode* passed() const { return passed_; } | 141 const ErrorCode* passed() const { return passed_; } |
| 153 const ErrorCode* failed() const { return failed_; } | 142 const ErrorCode* failed() const { return failed_; } |
| 154 | 143 |
| 155 struct LessThan { | 144 struct LessThan { |
| 156 bool operator()(const ErrorCode& a, const ErrorCode& b) const { | 145 bool operator()(const ErrorCode& a, const ErrorCode& b) const { |
| 157 return a.LessThan(b); | 146 return a.LessThan(b); |
| 158 } | 147 } |
| 159 }; | 148 }; |
| 160 | 149 |
| 161 private: | 150 private: |
| 162 friend class CodeGen; | 151 friend class CodeGen; |
| 163 friend class SandboxBPF; | 152 friend class SandboxBPF; |
| 164 friend class Trap; | 153 friend class Trap; |
| 165 | 154 |
| 166 // If we are wrapping a callback, we must assign a unique id. This id is | 155 // If we are wrapping a callback, we must assign a unique id. This id is |
| 167 // how the kernel tells us which one of our different SECCOMP_RET_TRAP | 156 // how the kernel tells us which one of our different SECCOMP_RET_TRAP |
| 168 // cases has been triggered. | 157 // cases has been triggered. |
| 169 ErrorCode(Trap::TrapFnc fnc, const void* aux, bool safe, uint16_t id); | 158 ErrorCode(Trap::TrapFnc fnc, const void* aux, bool safe, uint16_t id); |
| 170 | 159 |
| 171 // Some system calls require inspection of arguments. This constructor | 160 // Some system calls require inspection of arguments. This constructor |
| 172 // allows us to specify additional constraints. | 161 // allows us to specify additional constraints. |
| 173 ErrorCode(int argno, | 162 ErrorCode(int argno, |
| 174 ArgType width, | 163 ArgType width, |
| 175 Operation op, | 164 uint64_t mask, |
| 176 uint64_t value, | 165 uint64_t value, |
| 177 const ErrorCode* passed, | 166 const ErrorCode* passed, |
| 178 const ErrorCode* failed); | 167 const ErrorCode* failed); |
| 179 | 168 |
| 180 ErrorType error_type_; | 169 ErrorType error_type_; |
| 181 | 170 |
| 182 union { | 171 union { |
| 183 // Fields needed for SECCOMP_RET_TRAP callbacks | 172 // Fields needed for SECCOMP_RET_TRAP callbacks |
| 184 struct { | 173 struct { |
| 185 Trap::TrapFnc fnc_; // Callback function and arg, if trap was | 174 Trap::TrapFnc fnc_; // Callback function and arg, if trap was |
| 186 void* aux_; // triggered by the kernel's BPF filter. | 175 void* aux_; // triggered by the kernel's BPF filter. |
| 187 bool safe_; // Keep sandbox active while calling fnc_() | 176 bool safe_; // Keep sandbox active while calling fnc_() |
| 188 }; | 177 }; |
| 189 | 178 |
| 190 // Fields needed when inspecting additional arguments. | 179 // Fields needed when inspecting additional arguments. |
| 191 struct { | 180 struct { |
| 181 uint64_t mask_; // Mask that we are comparing under. |
| 192 uint64_t value_; // Value that we are comparing with. | 182 uint64_t value_; // Value that we are comparing with. |
| 193 int argno_; // Syscall arg number that we are inspecting. | 183 int argno_; // Syscall arg number that we are inspecting. |
| 194 ArgType width_; // Whether we are looking at a 32/64bit value. | 184 ArgType width_; // Whether we are looking at a 32/64bit value. |
| 195 Operation op_; // Comparison operation. | |
| 196 const ErrorCode* passed_; // Value to be returned if comparison passed, | 185 const ErrorCode* passed_; // Value to be returned if comparison passed, |
| 197 const ErrorCode* failed_; // or if it failed. | 186 const ErrorCode* failed_; // or if it failed. |
| 198 }; | 187 }; |
| 199 }; | 188 }; |
| 200 | 189 |
| 201 // 32bit field used for all possible types of ErrorCode values. This is | 190 // 32bit field used for all possible types of ErrorCode values. This is |
| 202 // the value that uniquely identifies any ErrorCode and it (typically) can | 191 // the value that uniquely identifies any ErrorCode and it (typically) can |
| 203 // be emitted directly into a BPF filter program. | 192 // be emitted directly into a BPF filter program. |
| 204 uint32_t err_; | 193 uint32_t err_; |
| 205 }; | 194 }; |
| 206 | 195 |
| 207 } // namespace sandbox | 196 } // namespace sandbox |
| 208 | 197 |
| 209 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 198 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 530133003:
bpf_dsl: support arbitrary (arg & mask) == val expressions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master