Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(162)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/codegen.h

Issue 576673003: Decouple CodeGen from ErrorCode (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/codegen.cc » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__ 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__
6 #define SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__ 6 #define SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__
7 7
8 #include <map> 8 #include <map>
9 #include <set> 9 #include <set>
10 #include <vector> 10 #include <vector>
(...skipping 25 matching lines...) Expand all
36 // 36 //
37 // CodeGen gen; 37 // CodeGen gen;
38 // Instruction *dag, *branch; 38 // Instruction *dag, *branch;
39 // dag = 39 // dag =
40 // gen.MakeInstruction(BPF_LD+BPF_W+BPF_ABS, 40 // gen.MakeInstruction(BPF_LD+BPF_W+BPF_ABS,
41 // offsetof(struct arch_seccomp_data, nr), 41 // offsetof(struct arch_seccomp_data, nr),
42 // branch = 42 // branch =
43 // gen.MakeInstruction(BPF_JMP+BPF_EQ+BPF_K, __NR_getpid, 43 // gen.MakeInstruction(BPF_JMP+BPF_EQ+BPF_K, __NR_getpid,
44 // Trap(GetPidHandler, NULL), NULL); 44 // Trap(GetPidHandler, NULL), NULL);
45 // gen.JoinInstructions(branch, 45 // gen.JoinInstructions(branch,
46 // gen.MakeInstruction(BPF_RET+BPF_K, ErrorCode(ErrorCode::ERR_ALLOWED))); 46 // gen.MakeInstruction(BPF_RET+BPF_K, ErrorCode(ErrorCode::ERR_ALLOWED)));
rickyz (no longer on Chrome) 2014/09/16 22:44:10 This is a little out of date now (though feel free
mdempsky 2014/09/16 22:47:44 Yep, fixed in patch set 3. :)
47 // 47 //
48 // // Simplified code follows; in practice, it is important to avoid calling 48 // // Simplified code follows; in practice, it is important to avoid calling
49 // // any C++ destructors after starting the sandbox. 49 // // any C++ destructors after starting the sandbox.
50 // SandboxBPF::Program program; 50 // SandboxBPF::Program program;
51 // gen.Compile(dag, program); 51 // gen.Compile(dag, program);
52 // const struct sock_fprog prog = { 52 // const struct sock_fprog prog = {
53 // static_cast<unsigned short>(program->size()), &program[0] }; 53 // static_cast<unsigned short>(program->size()), &program[0] };
54 // prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog); 54 // prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog);
55 // 55 //
56 class SANDBOX_EXPORT CodeGen { 56 class SANDBOX_EXPORT CodeGen {
57 public: 57 public:
58 CodeGen(); 58 CodeGen();
59 ~CodeGen(); 59 ~CodeGen();
60 60
61 // This is a helper method that can be used for debugging purposes. It is 61 // This is a helper method that can be used for debugging purposes. It is
62 // not normally called. 62 // not normally called.
63 static void PrintProgram(const SandboxBPF::Program& program); 63 static void PrintProgram(const SandboxBPF::Program& program);
64 64
65 // Create a new instruction. Instructions form a DAG. The instruction objects 65 // Create a new instruction. Instructions form a DAG. The instruction objects
66 // are owned by the CodeGen object. They do not need to be explicitly 66 // are owned by the CodeGen object. They do not need to be explicitly
67 // deleted. 67 // deleted.
68 // For details on the possible parameters refer to <linux/filter.h> 68 // For details on the possible parameters refer to <linux/filter.h>
69 Instruction* MakeInstruction(uint16_t code, 69 Instruction* MakeInstruction(uint16_t code,
70 uint32_t k, 70 uint32_t k,
71 Instruction* next = NULL); 71 Instruction* next = NULL);
72 Instruction* MakeInstruction(uint16_t code, const ErrorCode& err);
73 Instruction* MakeInstruction(uint16_t code, 72 Instruction* MakeInstruction(uint16_t code,
74 uint32_t k, 73 uint32_t k,
75 Instruction* jt, 74 Instruction* jt,
76 Instruction* jf); 75 Instruction* jf);
77 76
78 // Join two (sequences of) instructions. This is useful, if the "next" 77 // Join two (sequences of) instructions. This is useful, if the "next"
79 // parameter had not originally been given in the call to MakeInstruction(), 78 // parameter had not originally been given in the call to MakeInstruction(),
80 // or if a (conditional) jump still has an unsatisfied target. 79 // or if a (conditional) jump still has an unsatisfied target.
81 void JoinInstructions(Instruction* head, Instruction* tail); 80 void JoinInstructions(Instruction* head, Instruction* tail);
82 81
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
151 BasicBlocks basic_blocks_; 150 BasicBlocks basic_blocks_;
152 151
153 // Compile() must only ever be called once as it makes destructive changes 152 // Compile() must only ever be called once as it makes destructive changes
154 // to the DAG. 153 // to the DAG.
155 bool compiled_; 154 bool compiled_;
156 }; 155 };
157 156
158 } // namespace sandbox 157 } // namespace sandbox
159 158
160 #endif // SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__ 159 #endif // SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/codegen.cc » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698