Decouple Trap from ErrorCode

sandbox/linux/seccomp-bpf/sandbox_bpf.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
 
 #include <stddef.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
 #include <algorithm>
 #include <limits>
 #include <map>
 #include <set>
 #include <utility>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
 #include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
+#include "sandbox/linux/seccomp-bpf/trap.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {
 
-// This must match the kernel's seccomp_data structure.
-struct arch_seccomp_data {
-  int nr;
-  uint32_t arch;
-  uint64_t instruction_pointer;
-  uint64_t args[6];
-};
-
-struct arch_sigsys {
-  void* ip;
-  int nr;
-  unsigned int arch;
-};
-
 class CodeGen;
 class SandboxBPFPolicy;
 class SandboxUnittestHelper;
 struct Instruction;
 
 class SANDBOX_EXPORT SandboxBPF {
  public:
   enum SandboxStatus {
     STATUS_UNKNOWN,      // Status prior to calling supportsSeccompSandbox()
     STATUS_UNSUPPORTED,  // The kernel does not appear to support sandboxing
@@ skipping 57 matching lines @@
   // Set the BPF policy as |policy|. Ownership of |policy| is transfered here
   // to the sandbox object.
   void SetSandboxPolicy(SandboxBPFPolicy* policy);
 
   // We can use ErrorCode to request calling of a trap handler. This method
   // performs the required wrapping of the callback function into an
   // ErrorCode object.
   // The "aux" field can carry a pointer to arbitrary data. See EvaluateSyscall
   // for a description of how to pass data from SetSandboxPolicy() to a Trap()
   // handler.
-  ErrorCode Trap(Trap::TrapFnc fnc, const void* aux);
+  static ErrorCode Trap(Trap::TrapFnc fnc, const void* aux);
 
   // Calls a user-space trap handler and disables all sandboxing for system
   // calls made from this trap handler.
   // This feature is available only if explicitly enabled by the user having
   // set the CHROME_SANDBOX_DEBUGGING environment variable.
   // Returns an ET_INVALID ErrorCode, if called when not enabled.
   // NOTE: This feature, by definition, disables all security features of
   //   the sandbox. It should never be used in production, but it can be
   //   very useful to diagnose code that is incompatible with the sandbox.
   //   If even a single system call returns "UnsafeTrap", the security of
   //   entire sandbox should be considered compromised.
-  ErrorCode UnsafeTrap(Trap::TrapFnc fnc, const void* aux);
+  static ErrorCode UnsafeTrap(Trap::TrapFnc fnc, const void* aux);
 
   // UnsafeTraps require some syscalls to always be allowed.
   // This helper function returns true for these calls.
   static bool IsRequiredForUnsafeTrap(int sysno);
 
   // From within an UnsafeTrap() it is often useful to be able to execute
   // the system call that triggered the trap. The ForwardSyscall() method
   // makes this easy. It is more efficient than calling glibc's syscall()
   // function, as it avoid the extra round-trip to the signal handler. And
   // it automatically does the correct thing to report kernel-style error
@@ skipping 21 matching lines @@
   // Legacy variant of CondMaskedEqual that supports a few comparison
   // operations, which get converted into masked-equality comparisons.
   ErrorCode Cond(int argno,
                  ErrorCode::ArgType is_32bit,
                  ErrorCode::Operation op,
                  uint64_t value,
                  const ErrorCode& passed,
                  const ErrorCode& failed);
 
   // Kill the program and print an error message.
-  ErrorCode Kill(const char* msg);
+  static ErrorCode Kill(const char* msg);
 
   // This is the main public entry point. It finds all system calls that
   // need rewriting, sets up the resources needed by the sandbox, and
   // enters Seccomp mode.
   // The calling process must specify its current SandboxThreadState, as a way
   // to tell the sandbox which type of kernel support it should engage.
   // It is possible to stack multiple sandboxes by creating separate "Sandbox"
   // objects and calling "StartSandbox()" on each of them. Please note, that
   // this requires special care, though, as newly stacked sandboxes can never
   // relax restrictions imposed by earlier sandboxes. Furthermore, installing
   // a new policy requires making system calls, that might already be
   // disallowed.
   // Finally, stacking does add more kernel overhead than having a single
   // combined policy. So, it should only be used if there are no alternatives.
   bool StartSandbox(SandboxThreadState thread_state) WARN_UNUSED_RESULT;
 
   // Assembles a BPF filter program from the current policy. After calling this
   // function, you must not call any other sandboxing function.
   // Typically, AssembleFilter() is only used by unit tests and by sandbox
   // internals. It should not be used by production code.
   // For performance reasons, we normally only run the assembled BPF program
   // through the verifier, iff the program was built in debug mode.
   // But by setting "force_verification", the caller can request that the
   // verifier is run unconditionally. This is useful for unittests.
   Program* AssembleFilter(bool force_verification);
 
   // Returns the fatal ErrorCode that is used to indicate that somebody
   // attempted to pass a 64bit value in a 32bit system call argument.
   // This method is primarily needed for testing purposes.
-  ErrorCode Unexpected64bitArgument();
+  static ErrorCode Unexpected64bitArgument();
 
  private:
   friend class CodeGen;
   friend class SandboxUnittestHelper;
   friend class ErrorCode;
 
   struct Range {
     Range(uint32_t f, uint32_t t, const ErrorCode& e)
         : from(f), to(t), err(e) {}
     uint32_t from, to;
@@ skipping 77 matching lines @@
   scoped_ptr<const SandboxBPFPolicy> policy_;
   Conds* conds_;
   bool sandbox_has_started_;
 
   DISALLOW_COPY_AND_ASSIGN(SandboxBPF);
 };
 
 }  // namespace sandbox
 
 #endif  // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__