Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(109)

Unified Diff: components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc

Issue 570763002: Remove more dependencies on sandbox/linux/seccomp-bpf (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc
diff --git a/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc
index 862b272bffaa4adefb134f081441f9723458ff76..20d6d1f57216d8c8c7964bba6d74138c6ef5bf4f 100644
--- a/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc
+++ b/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc
@@ -18,8 +18,7 @@
#include "base/logging.h"
#include "content/public/common/sandbox_init.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include "sandbox/linux/services/linux_syscalls.h"
#endif // defined(USE_SECCOMP_BPF)
@@ -30,27 +29,28 @@ namespace nacl {
namespace {
-class NaClBPFSandboxPolicy : public sandbox::SandboxBPFPolicy {
+using sandbox::bpf_dsl::Allow;
+using sandbox::bpf_dsl::Error;
+using sandbox::bpf_dsl::ResultExpr;
+
+class NaClBPFSandboxPolicy : public sandbox::bpf_dsl::SandboxBPFDSLPolicy {
public:
NaClBPFSandboxPolicy()
: baseline_policy_(content::GetBPFSandboxBaselinePolicy()) {}
virtual ~NaClBPFSandboxPolicy() {}
- virtual sandbox::ErrorCode EvaluateSyscall(
- sandbox::SandboxBPF* sandbox_compiler,
- int system_call_number) const OVERRIDE;
- virtual sandbox::ErrorCode InvalidSyscall(
- sandbox::SandboxBPF* sandbox_compiler) const OVERRIDE {
- return baseline_policy_->InvalidSyscall(sandbox_compiler);
+ virtual ResultExpr EvaluateSyscall(int system_call_number) const OVERRIDE;
+ virtual ResultExpr InvalidSyscall() const OVERRIDE {
+ return baseline_policy_->InvalidSyscall();
}
private:
- scoped_ptr<sandbox::SandboxBPFPolicy> baseline_policy_;
+ scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> baseline_policy_;
+
DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy);
};
-sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall(
- sandbox::SandboxBPF* sb, int sysno) const {
+ResultExpr NaClBPFSandboxPolicy::EvaluateSyscall(int sysno) const {
DCHECK(baseline_policy_);
switch (sysno) {
// TODO(jln): NaCl's GDB debug stub uses the following socket system calls,
@@ -98,16 +98,16 @@ sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall(
// See crbug.com/264856 for details.
case __NR_times:
case __NR_uname:
- return sandbox::ErrorCode(sandbox::ErrorCode::ERR_ALLOWED);
+ return Allow();
case __NR_ioctl:
case __NR_ptrace:
- return sandbox::ErrorCode(EPERM);
+ return Error(EPERM);
default:
- return baseline_policy_->EvaluateSyscall(sb, sysno);
+ return baseline_policy_->EvaluateSyscall(sysno);
}
NOTREACHED();
// GCC wants this.
- return sandbox::ErrorCode(EPERM);
+ return Error(EPERM);
}
void RunSandboxSanityChecks() {
@@ -130,7 +130,8 @@ void RunSandboxSanityChecks() {
bool InitializeBPFSandbox() {
#if defined(USE_SECCOMP_BPF)
bool sandbox_is_initialized = content::InitializeSandbox(
- scoped_ptr<sandbox::SandboxBPFPolicy>(new NaClBPFSandboxPolicy));
+ scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(
+ new NaClBPFSandboxPolicy));
if (sandbox_is_initialized) {
RunSandboxSanityChecks();
return true;

Powered by Google App Engine
This is Rietveld 408576698