Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(222)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

Issue 572753002: Decouple Trap from ErrorCode (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf.h ('k') | sandbox/linux/seccomp-bpf/trap.h » ('j') | sandbox/linux/seccomp-bpf/trap.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
6 6
7 // Some headers on Android are missing cdefs: crbug.com/172337. 7 // Some headers on Android are missing cdefs: crbug.com/172337.
8 // (We can't use OS_ANDROID here since build_config.h is not included). 8 // (We can't use OS_ANDROID here since build_config.h is not included).
9 #if defined(ANDROID) 9 #if defined(ANDROID)
10 #include <sys/cdefs.h> 10 #include <sys/cdefs.h>
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after
137 } 137 }
138 138
139 // Function that can be passed as a callback function to CodeGen::Traverse(). 139 // Function that can be passed as a callback function to CodeGen::Traverse().
140 // Checks whether the "insn" returns an UnsafeTrap() ErrorCode. If so, it 140 // Checks whether the "insn" returns an UnsafeTrap() ErrorCode. If so, it
141 // sets the "bool" variable pointed to by "aux". 141 // sets the "bool" variable pointed to by "aux".
142 void CheckForUnsafeErrorCodes(Instruction* insn, void* aux) { 142 void CheckForUnsafeErrorCodes(Instruction* insn, void* aux) {
143 bool* is_unsafe = static_cast<bool*>(aux); 143 bool* is_unsafe = static_cast<bool*>(aux);
144 if (!*is_unsafe) { 144 if (!*is_unsafe) {
145 if (BPF_CLASS(insn->code) == BPF_RET && insn->k > SECCOMP_RET_TRAP && 145 if (BPF_CLASS(insn->code) == BPF_RET && insn->k > SECCOMP_RET_TRAP &&
146 insn->k - SECCOMP_RET_TRAP <= SECCOMP_RET_DATA) { 146 insn->k - SECCOMP_RET_TRAP <= SECCOMP_RET_DATA) {
147 const ErrorCode& err = 147 if (!Trap::IsSafeTrapId(insn->k & SECCOMP_RET_DATA)) {
148 Trap::ErrorCodeFromTrapId(insn->k & SECCOMP_RET_DATA);
149 if (err.error_type() != ErrorCode::ET_INVALID && !err.safe()) {
150 *is_unsafe = true; 148 *is_unsafe = true;
151 } 149 }
152 } 150 }
153 } 151 }
154 } 152 }
155 153
156 // A Trap() handler that returns an "errno" value. The value is encoded 154 // A Trap() handler that returns an "errno" value. The value is encoded
157 // in the "aux" parameter. 155 // in the "aux" parameter.
158 intptr_t ReturnErrno(const struct arch_seccomp_data&, void* aux) { 156 intptr_t ReturnErrno(const struct arch_seccomp_data&, void* aux) {
159 // TrapFnc functions report error by following the native kernel convention 157 // TrapFnc functions report error by following the native kernel convention
(...skipping 853 matching lines...) Expand 10 before | Expand all | Expand 10 after
1013 mask, 1011 mask,
1014 gen->MakeInstruction( 1012 gen->MakeInstruction(
1015 BPF_JMP + BPF_JEQ + BPF_K, value, passed, failed))); 1013 BPF_JMP + BPF_JEQ + BPF_K, value, passed, failed)));
1016 } 1014 }
1017 1015
1018 ErrorCode SandboxBPF::Unexpected64bitArgument() { 1016 ErrorCode SandboxBPF::Unexpected64bitArgument() {
1019 return Kill("Unexpected 64bit argument detected"); 1017 return Kill("Unexpected 64bit argument detected");
1020 } 1018 }
1021 1019
1022 ErrorCode SandboxBPF::Trap(Trap::TrapFnc fnc, const void* aux) { 1020 ErrorCode SandboxBPF::Trap(Trap::TrapFnc fnc, const void* aux) {
1023 return Trap::MakeTrap(fnc, aux, true /* Safe Trap */); 1021 return ErrorCode(fnc, aux, true /* Safe Trap */);
1024 } 1022 }
1025 1023
1026 ErrorCode SandboxBPF::UnsafeTrap(Trap::TrapFnc fnc, const void* aux) { 1024 ErrorCode SandboxBPF::UnsafeTrap(Trap::TrapFnc fnc, const void* aux) {
1027 return Trap::MakeTrap(fnc, aux, false /* Unsafe Trap */); 1025 return ErrorCode(fnc, aux, false /* Unsafe Trap */);
1028 } 1026 }
1029 1027
1030 bool SandboxBPF::IsRequiredForUnsafeTrap(int sysno) { 1028 bool SandboxBPF::IsRequiredForUnsafeTrap(int sysno) {
1031 return (sysno == __NR_rt_sigprocmask || sysno == __NR_rt_sigreturn 1029 return (sysno == __NR_rt_sigprocmask || sysno == __NR_rt_sigreturn
1032 #if defined(__NR_sigprocmask) 1030 #if defined(__NR_sigprocmask)
1033 || 1031 ||
1034 sysno == __NR_sigprocmask 1032 sysno == __NR_sigprocmask
1035 #endif 1033 #endif
1036 #if defined(__NR_sigreturn) 1034 #if defined(__NR_sigreturn)
1037 || 1035 ||
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
1105 } 1103 }
1106 } 1104 }
1107 1105
1108 ErrorCode SandboxBPF::Kill(const char* msg) { 1106 ErrorCode SandboxBPF::Kill(const char* msg) {
1109 return Trap(BPFFailure, const_cast<char*>(msg)); 1107 return Trap(BPFFailure, const_cast<char*>(msg));
1110 } 1108 }
1111 1109
1112 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN; 1110 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN;
1113 1111
1114 } // namespace sandbox 1112 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf.h ('k') | sandbox/linux/seccomp-bpf/trap.h » ('j') | sandbox/linux/seccomp-bpf/trap.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698