Chromium Code Reviews Chromium Code Reviews
Issue 559653004:
Convert sandbox_bpf_unittest.cc to use bpf_dsl (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: sandbox/linux/bpf_dsl/bpf_dsl.h |
| diff --git a/sandbox/linux/bpf_dsl/bpf_dsl.h b/sandbox/linux/bpf_dsl/bpf_dsl.h |
| index b73e65db54847cf5166f970409ee8f9353a83708..cfa4add013178321721a125b6eb6e52de7caf43b 100644 |
| --- a/sandbox/linux/bpf_dsl/bpf_dsl.h |
| +++ b/sandbox/linux/bpf_dsl/bpf_dsl.h |
| @@ -60,11 +60,12 @@ class SandboxBPF; |
| // |
| // More generally, the DSL currently supports the following grammar: |
| // |
| -// result = Allow() | Error(errno) | Trap(trap_func, aux) |
| +// result = Allow() | Error(errno) | Kill(msg) | Trace(aux) |
| +// | Trap(trap_func, aux) | UnsafeTrap(trap_func, aux) |
| // | If(bool, result)[.ElseIf(bool, result)].Else(result) |
| // | Switch(arg)[.Case(val, result)].Default(result) |
| // bool = BoolConst(boolean) | !bool | bool && bool | bool || bool |
| -// | arg == val |
| +// | arg == val | arg != val |
|
jln (very slow on Chromium)
2014/09/12 23:52:57
Please add a small test for this one.
mdempsky
2014/09/13 00:20:24
Done.
|
| // arg = Arg<T>(num) | arg & mask |
| // |
| // The semantics of each function and operator are intended to be |
| @@ -113,7 +114,7 @@ class SANDBOX_EXPORT SandboxBPFDSLPolicy : public SandboxBPFPolicy { |
| virtual ErrorCode InvalidSyscall(SandboxBPF* sb) const OVERRIDE FINAL; |
| // Helper method so policies can just write Trap(func, aux). |
| - static ResultExpr Trap(Trap::TrapFnc trap_func, void* aux); |
| + static ResultExpr Trap(Trap::TrapFnc trap_func, const void* aux); |
| private: |
| DISALLOW_COPY_AND_ASSIGN(SandboxBPFDSLPolicy); |
| @@ -129,10 +130,37 @@ SANDBOX_EXPORT ResultExpr Allow(); |
| // side effects. |
| SANDBOX_EXPORT ResultExpr Error(int err); |
| +// Kill specifies a result to kill the program and print an error message. |
| +SANDBOX_EXPORT ResultExpr Kill(const char* msg); |
| + |
| +// Trace specifies a result to notify a tracing process via the |
| +// PTRACE_EVENT_SECCOMP event and allow it to change or skip the system call. |
| +// The value of |aux| will be available to the tracer via PTRACE_GETEVENTMSG. |
| +SANDBOX_EXPORT ResultExpr Trace(uint16_t aux); |
| + |
| // Trap specifies a result that the system call should be handled by |
| // trapping back into userspace and invoking |trap_func|, passing |
| // |aux| as the second parameter. |
| -SANDBOX_EXPORT ResultExpr Trap(Trap::TrapFnc trap_func, void* aux); |
| +SANDBOX_EXPORT ResultExpr Trap(Trap::TrapFnc trap_func, const void* aux); |
| + |
| +// UnsafeTrap is like Trap, except the policy is marked as "unsafe" |
| +// and allowed to use SandboxSyscall to invoke any system call. |
| +// |
| +// NOTE: This feature, by definition, disables all security features of |
| +// the sandbox. It should never be used in production, but it can be |
| +// very useful to diagnose code that is incompatible with the sandbox. |
| +// If even a single system call returns "UnsafeTrap", the security of |
| +// entire sandbox should be considered compromised. |
| +SANDBOX_EXPORT ResultExpr UnsafeTrap(Trap::TrapFnc trap_func, const void* aux); |
| + |
| +// BoolConst converts a bool value into a BoolExpr. |
| +SANDBOX_EXPORT BoolExpr BoolConst(bool value); |
| + |
| +// Various ways to combine boolean expressions into more complex expressions. |
| +// They follow standard boolean algebra laws. |
| +SANDBOX_EXPORT BoolExpr operator!(const BoolExpr& cond); |
| +SANDBOX_EXPORT BoolExpr operator&&(const BoolExpr& lhs, const BoolExpr& rhs); |
| +SANDBOX_EXPORT BoolExpr operator||(const BoolExpr& lhs, const BoolExpr& rhs); |
| template <typename T> |
| class SANDBOX_EXPORT Arg { |
| @@ -149,10 +177,14 @@ class SANDBOX_EXPORT Arg { |
| return Arg(lhs.num_, lhs.mask_ & rhs); |
| } |
| - // Returns a boolean expression comparing whether the system call |
| - // argument (after applying any bitmasks, if appropriate) equals |rhs|. |
| + // Returns a boolean expression comparing whether the system call argument |
| + // (after applying any bitmasks, if appropriate) equals |rhs|. |
| friend BoolExpr operator==(const Arg& lhs, T rhs) { return lhs.EqualTo(rhs); } |
| + // Returns a boolean expression comparing whether the system call argument |
| + // (after applying any bitmasks, if appropriate) does not equal |rhs|. |
| + friend BoolExpr operator!=(const Arg& lhs, T rhs) { return !(lhs == rhs); } |
| + |
| private: |
| Arg(int num, uint64_t mask) : num_(num), mask_(mask) {} |
| @@ -164,15 +196,6 @@ class SANDBOX_EXPORT Arg { |
| DISALLOW_ASSIGN(Arg); |
| }; |
| -// Convert a bool value into a BoolExpr. |
| -SANDBOX_EXPORT BoolExpr BoolConst(bool value); |
| - |
| -// Various ways to combine boolean expressions into more complex expressions. |
| -// They follow standard boolean algebra laws. |
| -SANDBOX_EXPORT BoolExpr operator!(const BoolExpr& cond); |
| -SANDBOX_EXPORT BoolExpr operator&&(const BoolExpr& lhs, const BoolExpr& rhs); |
| -SANDBOX_EXPORT BoolExpr operator||(const BoolExpr& lhs, const BoolExpr& rhs); |
| - |
| // If begins a conditional result expression predicated on the |
| // specified boolean expression. |
| SANDBOX_EXPORT Elser If(const BoolExpr& cond, const ResultExpr& then_result); |
