Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(9141)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/nacl/loader/nonsfi/nonsfi_sandbox.cc

Issue 600583002: sandbox: Avoid ~(flag1 | flag2 | ...) expressions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Use uint64_t everywhere Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | sandbox/linux/bpf_dsl/bpf_dsl.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/nacl/loader/nonsfi/nonsfi_sandbox.cc
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
index 9a148275c53a282e984b1dcf4bbfbab55861785b..9d71ddb508057c773e33c645957040ea0ccac565 100644
--- a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
@@ -61,9 +61,9 @@ ResultExpr RestrictFcntlCommands() {
// libevent and SetNonBlocking. As the latter mix O_NONBLOCK to
// the return value of F_GETFL, so we need to allow O_ACCMODE in
// addition to O_NONBLOCK.
- const unsigned long denied_mask = ~(O_ACCMODE | O_NONBLOCK);
+ const uint64_t kAllowedMask = O_ACCMODE | O_NONBLOCK;
return If((cmd == F_SETFD && long_arg == FD_CLOEXEC) || cmd == F_GETFL ||
- (cmd == F_SETFL && (long_arg & denied_mask) == 0),
+ (cmd == F_SETFL && (long_arg & ~kAllowedMask) == 0),
Allow()).Else(CrashSIGSYS());
}
@@ -78,10 +78,9 @@ ResultExpr RestrictClone() {
ResultExpr RestrictFutexOperation() {
// TODO(hamaji): Allow only FUTEX_PRIVATE_FLAG futexes.
- const int kAllowedFutexFlags = FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME;
- const int kOperationMask = ~kAllowedFutexFlags;
+ const uint64_t kAllowedFutexFlags = FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME;
const Arg<int> op(1);
- return Switch(op & kOperationMask)
+ return Switch(op & ~kAllowedFutexFlags)
.CASES((FUTEX_WAIT,
FUTEX_WAKE,
FUTEX_REQUEUE,
@@ -113,20 +112,20 @@ ResultExpr RestrictSocketcall() {
ResultExpr RestrictMprotect() {
// TODO(jln, keescook, drewry): Limit the use of mprotect by adding
// some features to linux kernel.
- const uint32_t denied_mask = ~(PROT_READ | PROT_WRITE | PROT_EXEC);
+ const uint64_t kAllowedMask = PROT_READ | PROT_WRITE | PROT_EXEC;
const Arg<int> prot(2);
- return If((prot & denied_mask) == 0, Allow()).Else(CrashSIGSYS());
+ return If((prot & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS());
}
ResultExpr RestrictMmap() {
- const uint32_t denied_flag_mask = ~(MAP_SHARED | MAP_PRIVATE |
- MAP_ANONYMOUS | MAP_STACK | MAP_FIXED);
+ const uint64_t kAllowedFlagMask =
+ MAP_SHARED | MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK | MAP_FIXED;
// When PROT_EXEC is specified, IRT mmap of Non-SFI NaCl helper
// calls mmap without PROT_EXEC and then adds PROT_EXEC by mprotect,
// so we do not need to allow PROT_EXEC in mmap.
- const uint32_t denied_prot_mask = ~(PROT_READ | PROT_WRITE);
+ const uint64_t kAllowedProtMask = PROT_READ | PROT_WRITE;
const Arg<int> prot(2), flags(3);
- return If((prot & denied_prot_mask) == 0 && (flags & denied_flag_mask) == 0,
+ return If((prot & ~kAllowedProtMask) == 0 && (flags & ~kAllowedFlagMask) == 0,
Allow()).Else(CrashSIGSYS());
}
« no previous file with comments | « no previous file | sandbox/linux/bpf_dsl/bpf_dsl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698