Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

Issue 628233002: replace OVERRIDE and FINAL with override and final in sandbox/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
6 6
7 // Some headers on Android are missing cdefs: crbug.com/172337. 7 // Some headers on Android are missing cdefs: crbug.com/172337.
8 // (We can't use OS_ANDROID here since build_config.h is not included). 8 // (We can't use OS_ANDROID here since build_config.h is not included).
9 #if defined(ANDROID) 9 #if defined(ANDROID)
10 #include <sys/cdefs.h> 10 #include <sys/cdefs.h>
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after
95 } 95 }
96 #endif // !defined(NDEBUG) 96 #endif // !defined(NDEBUG)
97 97
98 // We define a really simple sandbox policy. It is just good enough for us 98 // We define a really simple sandbox policy. It is just good enough for us
99 // to tell that the sandbox has actually been activated. 99 // to tell that the sandbox has actually been activated.
100 class ProbePolicy : public SandboxBPFDSLPolicy { 100 class ProbePolicy : public SandboxBPFDSLPolicy {
101 public: 101 public:
102 ProbePolicy() {} 102 ProbePolicy() {}
103 virtual ~ProbePolicy() {} 103 virtual ~ProbePolicy() {}
104 104
105 virtual ResultExpr EvaluateSyscall(int sysnum) const OVERRIDE { 105 virtual ResultExpr EvaluateSyscall(int sysnum) const override {
106 switch (sysnum) { 106 switch (sysnum) {
107 case __NR_getpid: 107 case __NR_getpid:
108 // Return EPERM so that we can check that the filter actually ran. 108 // Return EPERM so that we can check that the filter actually ran.
109 return Error(EPERM); 109 return Error(EPERM);
110 case __NR_exit_group: 110 case __NR_exit_group:
111 // Allow exit() with a non-default return code. 111 // Allow exit() with a non-default return code.
112 return Allow(); 112 return Allow();
113 default: 113 default:
114 // Make everything else fail in an easily recognizable way. 114 // Make everything else fail in an easily recognizable way.
115 return Error(EINVAL); 115 return Error(EINVAL);
116 } 116 }
117 } 117 }
118 118
119 private: 119 private:
120 DISALLOW_COPY_AND_ASSIGN(ProbePolicy); 120 DISALLOW_COPY_AND_ASSIGN(ProbePolicy);
121 }; 121 };
122 122
123 void ProbeProcess(void) { 123 void ProbeProcess(void) {
124 if (syscall(__NR_getpid) < 0 && errno == EPERM) { 124 if (syscall(__NR_getpid) < 0 && errno == EPERM) {
125 syscall(__NR_exit_group, static_cast<intptr_t>(kExpectedExitCode)); 125 syscall(__NR_exit_group, static_cast<intptr_t>(kExpectedExitCode));
126 } 126 }
127 } 127 }
128 128
129 class AllowAllPolicy : public SandboxBPFDSLPolicy { 129 class AllowAllPolicy : public SandboxBPFDSLPolicy {
130 public: 130 public:
131 AllowAllPolicy() {} 131 AllowAllPolicy() {}
132 virtual ~AllowAllPolicy() {} 132 virtual ~AllowAllPolicy() {}
133 133
134 virtual ResultExpr EvaluateSyscall(int sysnum) const OVERRIDE { 134 virtual ResultExpr EvaluateSyscall(int sysnum) const override {
135 DCHECK(SandboxBPF::IsValidSyscallNumber(sysnum)); 135 DCHECK(SandboxBPF::IsValidSyscallNumber(sysnum));
136 return Allow(); 136 return Allow();
137 } 137 }
138 138
139 private: 139 private:
140 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy); 140 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy);
141 }; 141 };
142 142
143 void TryVsyscallProcess(void) { 143 void TryVsyscallProcess(void) {
144 time_t current_time; 144 time_t current_time;
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
230 // TODO(markus): document the code inside better. 230 // TODO(markus): document the code inside better.
231 class RedirectToUserSpacePolicyWrapper : public SandboxBPFPolicy { 231 class RedirectToUserSpacePolicyWrapper : public SandboxBPFPolicy {
232 public: 232 public:
233 explicit RedirectToUserSpacePolicyWrapper( 233 explicit RedirectToUserSpacePolicyWrapper(
234 const SandboxBPFPolicy* wrapped_policy) 234 const SandboxBPFPolicy* wrapped_policy)
235 : wrapped_policy_(wrapped_policy) { 235 : wrapped_policy_(wrapped_policy) {
236 DCHECK(wrapped_policy_); 236 DCHECK(wrapped_policy_);
237 } 237 }
238 238
239 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, 239 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
240 int system_call_number) const OVERRIDE { 240 int system_call_number) const override {
241 ErrorCode err = 241 ErrorCode err =
242 wrapped_policy_->EvaluateSyscall(sandbox_compiler, system_call_number); 242 wrapped_policy_->EvaluateSyscall(sandbox_compiler, system_call_number);
243 ChangeErrnoToTraps(&err, sandbox_compiler); 243 ChangeErrnoToTraps(&err, sandbox_compiler);
244 return err; 244 return err;
245 } 245 }
246 246
247 virtual ErrorCode InvalidSyscall( 247 virtual ErrorCode InvalidSyscall(
248 SandboxBPF* sandbox_compiler) const OVERRIDE { 248 SandboxBPF* sandbox_compiler) const override {
249 return ReturnErrnoViaTrap(sandbox_compiler, ENOSYS); 249 return ReturnErrnoViaTrap(sandbox_compiler, ENOSYS);
250 } 250 }
251 251
252 private: 252 private:
253 ErrorCode ReturnErrnoViaTrap(SandboxBPF* sandbox_compiler, int err) const { 253 ErrorCode ReturnErrnoViaTrap(SandboxBPF* sandbox_compiler, int err) const {
254 return sandbox_compiler->Trap(ReturnErrno, reinterpret_cast<void*>(err)); 254 return sandbox_compiler->Trap(ReturnErrno, reinterpret_cast<void*>(err));
255 } 255 }
256 256
257 // ChangeErrnoToTraps recursivly iterates through the ErrorCode 257 // ChangeErrnoToTraps recursivly iterates through the ErrorCode
258 // converting any ERRNO to a userspace trap 258 // converting any ERRNO to a userspace trap
(...skipping 884 matching lines...) Expand 10 before | Expand all | Expand 10 after
1143 } 1143 }
1144 } 1144 }
1145 1145
1146 ErrorCode SandboxBPF::Kill(const char* msg) { 1146 ErrorCode SandboxBPF::Kill(const char* msg) {
1147 return Trap(BPFFailure, const_cast<char*>(msg)); 1147 return Trap(BPFFailure, const_cast<char*>(msg));
1148 } 1148 }
1149 1149
1150 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN; 1150 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN;
1151 1151
1152 } // namespace sandbox 1152 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698