| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" | 5 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/macros.h" | 8 #include "base/macros.h" |
| 9 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" | 9 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" |
| 10 | 10 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 32 {MIN_SYSCALL, MAX_PUBLIC_SYSCALL}, | 32 {MIN_SYSCALL, MAX_PUBLIC_SYSCALL}, |
| 33 #if defined(__arm__) | 33 #if defined(__arm__) |
| 34 // ARM EABI includes "ARM private" system calls starting at | 34 // ARM EABI includes "ARM private" system calls starting at |
| 35 // MIN_PRIVATE_SYSCALL, and a "ghost syscall private to the kernel" at | 35 // MIN_PRIVATE_SYSCALL, and a "ghost syscall private to the kernel" at |
| 36 // MIN_GHOST_SYSCALL. | 36 // MIN_GHOST_SYSCALL. |
| 37 {MIN_PRIVATE_SYSCALL, MAX_PRIVATE_SYSCALL}, | 37 {MIN_PRIVATE_SYSCALL, MAX_PRIVATE_SYSCALL}, |
| 38 {MIN_GHOST_SYSCALL, MAX_SYSCALL}, | 38 {MIN_GHOST_SYSCALL, MAX_SYSCALL}, |
| 39 #endif | 39 #endif |
| 40 }; | 40 }; |
| 41 | 41 |
| 42 // NextSyscall returns the next system call in the specified system | |
| 43 // call set after |cur|, or 0 if no such system call exists. | |
| 44 uint32_t NextSyscall(uint32_t cur, bool invalid_only) { | |
| 45 for (const SyscallRange& range : kValidSyscallRanges) { | |
| 46 if (range.first > 0 && cur < range.first - 1) { | |
| 47 return range.first - 1; | |
| 48 } | |
| 49 if (cur <= range.last) { | |
| 50 if (invalid_only) { | |
| 51 return range.last + 1; | |
| 52 } | |
| 53 return cur + 1; | |
| 54 } | |
| 55 } | |
| 56 | |
| 57 // BPF programs only ever operate on unsigned quantities. So, that's how | |
| 58 // we iterate; we return values from 0..0xFFFFFFFFu. But there are places, | |
| 59 // where the kernel might interpret system call numbers as signed | |
| 60 // quantities, so the boundaries between signed and unsigned values are | |
| 61 // potential problem cases. We want to explicitly return these values from | |
| 62 // our iterator. | |
| 63 if (cur < 0x7FFFFFFFu) | |
| 64 return 0x7FFFFFFFu; | |
| 65 if (cur < 0x80000000u) | |
| 66 return 0x80000000u; | |
| 67 | |
| 68 if (cur < 0xFFFFFFFFu) | |
| 69 return 0xFFFFFFFFu; | |
| 70 return 0; | |
| 71 } | |
| 72 | |
| 73 } // namespace | 42 } // namespace |
| 74 | 43 |
| 75 SyscallSet::Iterator SyscallSet::begin() const { | 44 SyscallSet::Iterator SyscallSet::begin() const { |
| 76 return Iterator(set_, false); | 45 return Iterator(set_, false); |
| 77 } | 46 } |
| 78 | 47 |
| 79 SyscallSet::Iterator SyscallSet::end() const { | 48 SyscallSet::Iterator SyscallSet::end() const { |
| 80 return Iterator(set_, true); | 49 return Iterator(set_, true); |
| 81 } | 50 } |
| 82 | 51 |
| 83 bool SyscallSet::IsValid(uint32_t num) { | 52 bool SyscallSet::IsValid(uint32_t num) { |
| 84 for (const SyscallRange& range : kValidSyscallRanges) { | 53 for (const SyscallRange& range : kValidSyscallRanges) { |
| 85 if (num >= range.first && num <= range.last) { | 54 if (num >= range.first && num <= range.last) { |
| 86 return true; | 55 return true; |
| 87 } | 56 } |
| 88 } | 57 } |
| 89 return false; | 58 return false; |
| 90 } | 59 } |
| 91 | 60 |
| 92 bool operator==(const SyscallSet& lhs, const SyscallSet& rhs) { | 61 bool operator==(const SyscallSet& lhs, const SyscallSet& rhs) { |
| 93 return (lhs.set_ == rhs.set_); | 62 return (lhs.set_ == rhs.set_); |
| 94 } | 63 } |
| 95 | 64 |
| 96 SyscallSet::Iterator::Iterator(Set set, bool done) | 65 SyscallSet::Iterator::Iterator(Set set, bool done) |
| 97 : set_(set), done_(done), num_(0) { | 66 : set_(set), done_(done), num_(0) { |
| 98 if (set_ == Set::INVALID_ONLY && !done_ && IsValid(num_)) { | 67 // If the set doesn't contain 0, we need to skip to the next element. |
| 68 if (!done && set_ == (IsValid(num_) ? Set::INVALID_ONLY : Set::VALID_ONLY)) { |
| 99 ++*this; | 69 ++*this; |
| 100 } | 70 } |
| 101 } | 71 } |
| 102 | 72 |
| 103 uint32_t SyscallSet::Iterator::operator*() const { | 73 uint32_t SyscallSet::Iterator::operator*() const { |
| 104 DCHECK(!done_); | 74 DCHECK(!done_); |
| 105 return num_; | 75 return num_; |
| 106 } | 76 } |
| 107 | 77 |
| 108 SyscallSet::Iterator& SyscallSet::Iterator::operator++() { | 78 SyscallSet::Iterator& SyscallSet::Iterator::operator++() { |
| 109 DCHECK(!done_); | 79 DCHECK(!done_); |
| 110 | 80 |
| 111 num_ = NextSyscall(num_, set_ == Set::INVALID_ONLY); | 81 num_ = NextSyscall(); |
| 112 if (num_ == 0) { | 82 if (num_ == 0) { |
| 113 done_ = true; | 83 done_ = true; |
| 114 } | 84 } |
| 115 | 85 |
| 116 return *this; | 86 return *this; |
| 117 } | 87 } |
| 118 | 88 |
| 89 // NextSyscall returns the next system call in the iterated system |
| 90 // call set after |num_|, or 0 if no such system call exists. |
| 91 uint32_t SyscallSet::Iterator::NextSyscall() const { |
| 92 const bool want_valid = (set_ != Set::INVALID_ONLY); |
| 93 const bool want_invalid = (set_ != Set::VALID_ONLY); |
| 94 |
| 95 for (const SyscallRange& range : kValidSyscallRanges) { |
| 96 if (want_invalid && range.first > 0 && num_ < range.first - 1) { |
| 97 // Even when iterating invalid syscalls, we only include the end points; |
| 98 // so skip directly to just before the next (valid) range. |
| 99 return range.first - 1; |
| 100 } |
| 101 if (want_valid && num_ < range.first) { |
| 102 return range.first; |
| 103 } |
| 104 if (want_valid && num_ < range.last) { |
| 105 return num_ + 1; |
| 106 } |
| 107 if (want_invalid && num_ <= range.last) { |
| 108 return range.last + 1; |
| 109 } |
| 110 } |
| 111 |
| 112 if (want_invalid) { |
| 113 // BPF programs only ever operate on unsigned quantities. So, |
| 114 // that's how we iterate; we return values from |
| 115 // 0..0xFFFFFFFFu. But there are places, where the kernel might |
| 116 // interpret system call numbers as signed quantities, so the |
| 117 // boundaries between signed and unsigned values are potential |
| 118 // problem cases. We want to explicitly return these values from |
| 119 // our iterator. |
| 120 if (num_ < 0x7FFFFFFFu) |
| 121 return 0x7FFFFFFFu; |
| 122 if (num_ < 0x80000000u) |
| 123 return 0x80000000u; |
| 124 |
| 125 if (num_ < 0xFFFFFFFFu) |
| 126 return 0xFFFFFFFFu; |
| 127 } |
| 128 |
| 129 return 0; |
| 130 } |
| 131 |
| 119 bool operator==(const SyscallSet::Iterator& lhs, | 132 bool operator==(const SyscallSet::Iterator& lhs, |
| 120 const SyscallSet::Iterator& rhs) { | 133 const SyscallSet::Iterator& rhs) { |
| 121 DCHECK(lhs.set_ == rhs.set_); | 134 DCHECK(lhs.set_ == rhs.set_); |
| 122 return (lhs.done_ == rhs.done_) && (lhs.num_ == rhs.num_); | 135 return (lhs.done_ == rhs.done_) && (lhs.num_ == rhs.num_); |
| 123 } | 136 } |
| 124 | 137 |
| 125 bool operator!=(const SyscallSet::Iterator& lhs, | 138 bool operator!=(const SyscallSet::Iterator& lhs, |
| 126 const SyscallSet::Iterator& rhs) { | 139 const SyscallSet::Iterator& rhs) { |
| 127 return !(lhs == rhs); | 140 return !(lhs == rhs); |
| 128 } | 141 } |
| 129 | 142 |
| 130 } // namespace sandbox | 143 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 657893006:
SyscallSet: add ValidOnly (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master