| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 | 8 |
| 9 #include <limits> | 9 #include <limits> |
| 10 | 10 |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "sandbox/linux/seccomp-bpf/errorcode.h" | 13 #include "sandbox/linux/seccomp-bpf/errorcode.h" |
| 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 15 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
| 15 | 16 |
| 16 namespace sandbox { | 17 namespace sandbox { |
| 17 namespace bpf_dsl { | 18 namespace bpf_dsl { |
| 18 namespace { | 19 namespace { |
| 19 | 20 |
| 20 class AllowResultExprImpl : public internal::ResultExprImpl { | 21 class AllowResultExprImpl : public internal::ResultExprImpl { |
| 21 public: | 22 public: |
| 22 AllowResultExprImpl() {} | 23 AllowResultExprImpl() {} |
| 23 | 24 |
| 24 virtual ErrorCode Compile(SandboxBPF* sb) const override { | 25 virtual ErrorCode Compile(SandboxBPF* sb) const override { |
| 25 return ErrorCode(ErrorCode::ERR_ALLOWED); | 26 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 26 } | 27 } |
| 27 | 28 |
| 28 private: | 29 private: |
| 29 virtual ~AllowResultExprImpl() {} | 30 virtual ~AllowResultExprImpl() {} |
| 30 | 31 |
| 31 DISALLOW_COPY_AND_ASSIGN(AllowResultExprImpl); | 32 DISALLOW_COPY_AND_ASSIGN(AllowResultExprImpl); |
| 32 }; | 33 }; |
| 33 | 34 |
| 34 class ErrorResultExprImpl : public internal::ResultExprImpl { | 35 class ErrorResultExprImpl : public internal::ResultExprImpl { |
| 35 public: | 36 public: |
| 36 explicit ErrorResultExprImpl(int err) : err_(err) { | 37 explicit ErrorResultExprImpl(int err) : err_(err) { |
| 37 CHECK(err_ >= ErrorCode::ERR_MIN_ERRNO && err_ <= ErrorCode::ERR_MAX_ERRNO); | 38 CHECK(err_ >= ErrorCode::ERR_MIN_ERRNO && err_ <= ErrorCode::ERR_MAX_ERRNO); |
| 38 } | 39 } |
| 39 | 40 |
| 40 virtual ErrorCode Compile(SandboxBPF* sb) const override { | 41 virtual ErrorCode Compile(SandboxBPF* sb) const override { |
| 41 return ErrorCode(err_); | 42 return sb->Error(err_); |
| 42 } | 43 } |
| 43 | 44 |
| 44 private: | 45 private: |
| 45 virtual ~ErrorResultExprImpl() {} | 46 virtual ~ErrorResultExprImpl() {} |
| 46 | 47 |
| 47 int err_; | 48 int err_; |
| 48 | 49 |
| 49 DISALLOW_COPY_AND_ASSIGN(ErrorResultExprImpl); | 50 DISALLOW_COPY_AND_ASSIGN(ErrorResultExprImpl); |
| 50 }; | 51 }; |
| 51 | 52 |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 105 public: | 106 public: |
| 106 UnsafeTrapResultExprImpl(Trap::TrapFnc func, const void* arg) | 107 UnsafeTrapResultExprImpl(Trap::TrapFnc func, const void* arg) |
| 107 : func_(func), arg_(arg) { | 108 : func_(func), arg_(arg) { |
| 108 DCHECK(func_); | 109 DCHECK(func_); |
| 109 } | 110 } |
| 110 | 111 |
| 111 virtual ErrorCode Compile(SandboxBPF* sb) const override { | 112 virtual ErrorCode Compile(SandboxBPF* sb) const override { |
| 112 return sb->UnsafeTrap(func_, arg_); | 113 return sb->UnsafeTrap(func_, arg_); |
| 113 } | 114 } |
| 114 | 115 |
| 116 virtual bool HasUnsafeTraps() const override { return true; } |
| 117 |
| 115 private: | 118 private: |
| 116 virtual ~UnsafeTrapResultExprImpl() {} | 119 virtual ~UnsafeTrapResultExprImpl() {} |
| 117 | 120 |
| 118 Trap::TrapFnc func_; | 121 Trap::TrapFnc func_; |
| 119 const void* arg_; | 122 const void* arg_; |
| 120 | 123 |
| 121 DISALLOW_COPY_AND_ASSIGN(UnsafeTrapResultExprImpl); | 124 DISALLOW_COPY_AND_ASSIGN(UnsafeTrapResultExprImpl); |
| 122 }; | 125 }; |
| 123 | 126 |
| 124 class IfThenResultExprImpl : public internal::ResultExprImpl { | 127 class IfThenResultExprImpl : public internal::ResultExprImpl { |
| 125 public: | 128 public: |
| 126 IfThenResultExprImpl(const BoolExpr& cond, | 129 IfThenResultExprImpl(const BoolExpr& cond, |
| 127 const ResultExpr& then_result, | 130 const ResultExpr& then_result, |
| 128 const ResultExpr& else_result) | 131 const ResultExpr& else_result) |
| 129 : cond_(cond), then_result_(then_result), else_result_(else_result) {} | 132 : cond_(cond), then_result_(then_result), else_result_(else_result) {} |
| 130 | 133 |
| 131 virtual ErrorCode Compile(SandboxBPF* sb) const override { | 134 virtual ErrorCode Compile(SandboxBPF* sb) const override { |
| 132 return cond_->Compile( | 135 return cond_->Compile( |
| 133 sb, then_result_->Compile(sb), else_result_->Compile(sb)); | 136 sb, then_result_->Compile(sb), else_result_->Compile(sb)); |
| 134 } | 137 } |
| 135 | 138 |
| 139 virtual bool HasUnsafeTraps() const override { |
| 140 return then_result_->HasUnsafeTraps() || else_result_->HasUnsafeTraps(); |
| 141 } |
| 142 |
| 136 private: | 143 private: |
| 137 virtual ~IfThenResultExprImpl() {} | 144 virtual ~IfThenResultExprImpl() {} |
| 138 | 145 |
| 139 BoolExpr cond_; | 146 BoolExpr cond_; |
| 140 ResultExpr then_result_; | 147 ResultExpr then_result_; |
| 141 ResultExpr else_result_; | 148 ResultExpr else_result_; |
| 142 | 149 |
| 143 DISALLOW_COPY_AND_ASSIGN(IfThenResultExprImpl); | 150 DISALLOW_COPY_AND_ASSIGN(IfThenResultExprImpl); |
| 144 }; | 151 }; |
| 145 | 152 |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 242 BoolExpr lhs_; | 249 BoolExpr lhs_; |
| 243 BoolExpr rhs_; | 250 BoolExpr rhs_; |
| 244 | 251 |
| 245 DISALLOW_COPY_AND_ASSIGN(OrBoolExprImpl); | 252 DISALLOW_COPY_AND_ASSIGN(OrBoolExprImpl); |
| 246 }; | 253 }; |
| 247 | 254 |
| 248 } // namespace | 255 } // namespace |
| 249 | 256 |
| 250 namespace internal { | 257 namespace internal { |
| 251 | 258 |
| 259 bool ResultExprImpl::HasUnsafeTraps() const { |
| 260 return false; |
| 261 } |
| 262 |
| 252 uint64_t DefaultMask(size_t size) { | 263 uint64_t DefaultMask(size_t size) { |
| 253 switch (size) { | 264 switch (size) { |
| 254 case 4: | 265 case 4: |
| 255 return std::numeric_limits<uint32_t>::max(); | 266 return std::numeric_limits<uint32_t>::max(); |
| 256 case 8: | 267 case 8: |
| 257 return std::numeric_limits<uint64_t>::max(); | 268 return std::numeric_limits<uint64_t>::max(); |
| 258 default: | 269 default: |
| 259 CHECK(false) << "Unimplemented DefaultMask case"; | 270 CHECK(false) << "Unimplemented DefaultMask case"; |
| 260 return 0; | 271 return 0; |
| 261 } | 272 } |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 369 | 380 |
| 370 ErrorCode SandboxBPFDSLPolicy::EvaluateSyscall(SandboxBPF* sb, | 381 ErrorCode SandboxBPFDSLPolicy::EvaluateSyscall(SandboxBPF* sb, |
| 371 int sysno) const { | 382 int sysno) const { |
| 372 return EvaluateSyscall(sysno)->Compile(sb); | 383 return EvaluateSyscall(sysno)->Compile(sb); |
| 373 } | 384 } |
| 374 | 385 |
| 375 ErrorCode SandboxBPFDSLPolicy::InvalidSyscall(SandboxBPF* sb) const { | 386 ErrorCode SandboxBPFDSLPolicy::InvalidSyscall(SandboxBPF* sb) const { |
| 376 return InvalidSyscall()->Compile(sb); | 387 return InvalidSyscall()->Compile(sb); |
| 377 } | 388 } |
| 378 | 389 |
| 390 bool SandboxBPFDSLPolicy::HasUnsafeTraps() const { |
| 391 for (SyscallIterator iter(false); !iter.Done();) { |
| 392 uint32_t sysnum = iter.Next(); |
| 393 if (SyscallIterator::IsValid(sysnum) && |
| 394 EvaluateSyscall(sysnum)->HasUnsafeTraps()) { |
| 395 return true; |
| 396 } |
| 397 } |
| 398 return InvalidSyscall()->HasUnsafeTraps(); |
| 399 } |
| 400 |
| 379 ResultExpr SandboxBPFDSLPolicy::Trap(Trap::TrapFnc trap_func, const void* aux) { | 401 ResultExpr SandboxBPFDSLPolicy::Trap(Trap::TrapFnc trap_func, const void* aux) { |
| 380 return bpf_dsl::Trap(trap_func, aux); | 402 return bpf_dsl::Trap(trap_func, aux); |
| 381 } | 403 } |
| 382 | 404 |
| 383 } // namespace bpf_dsl | 405 } // namespace bpf_dsl |
| 384 } // namespace sandbox | 406 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 628823003:
sandbox_bpf: rework how unsafe traps are compiled/verified (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@policies