SyscallIterator: support C++11 range-based for loops

sandbox/linux/bpf_dsl/policy_compiler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
 
 #include <errno.h>
 #include <linux/filter.h>
 #include <sys/syscall.h>
 
@@ skipping 58 matching lines @@
   // ultimately do so for us.
   int err = reinterpret_cast<intptr_t>(aux) & SECCOMP_RET_DATA;
   return -err;
 }
 
 intptr_t BPFFailure(const struct arch_seccomp_data&, void* aux) {
   SANDBOX_DIE(static_cast<char*>(aux));
 }
 
 bool HasUnsafeTraps(const SandboxBPFDSLPolicy* policy) {
-  for (SyscallIterator iter(false); !iter.Done();) {
-    uint32_t sysnum = iter.Next();
-    if (SyscallIterator::IsValid(sysnum) &&
+  for (uint32_t sysnum : SyscallSet::All()) {
+    if (SyscallSet::IsValid(sysnum) &&
         policy->EvaluateSyscall(sysnum)->HasUnsafeTraps()) {
       return true;
     }
   }
   return policy->InvalidSyscall()->HasUnsafeTraps();
 }
 
 }  // namespace
 
 struct PolicyCompiler::Range {
-  Range(uint32_t f, uint32_t t, const ErrorCode& e) : from(f), to(t), err(e) {}
-  uint32_t from, to;
+  Range(uint32_t f, const ErrorCode& e) : from(f), err(e) {}
+  uint32_t from;
   ErrorCode err;
 };
 
 PolicyCompiler::PolicyCompiler(const SandboxBPFDSLPolicy* policy,
                                TrapRegistry* registry)
     : policy_(policy),
       registry_(registry),
       conds_(),
       gen_(),
       has_unsafe_traps_(HasUnsafeTraps(policy_)) {
@@ skipping 141 matching lines @@
 }
 
 void PolicyCompiler::FindRanges(Ranges* ranges) {
   // Please note that "struct seccomp_data" defines system calls as a signed
   // int32_t, but BPF instructions always operate on unsigned quantities. We
   // deal with this disparity by enumerating from MIN_SYSCALL to MAX_SYSCALL,
   // and then verifying that the rest of the number range (both positive and
   // negative) all return the same ErrorCode.
   const ErrorCode invalid_err = policy_->InvalidSyscall()->Compile(this);
   uint32_t old_sysnum = 0;
-  ErrorCode old_err = SyscallIterator::IsValid(old_sysnum)
+  ErrorCode old_err = SyscallSet::IsValid(old_sysnum)
                           ? policy_->EvaluateSyscall(old_sysnum)->Compile(this)
                           : invalid_err;
 
-  for (SyscallIterator iter(false); !iter.Done();) {
-    uint32_t sysnum = iter.Next();
+  for (uint32_t sysnum : SyscallSet::All()) {
     ErrorCode err =
-        SyscallIterator::IsValid(sysnum)
+        SyscallSet::IsValid(sysnum)
             ? policy_->EvaluateSyscall(static_cast<int>(sysnum))->Compile(this)
             : invalid_err;
-    if (!err.Equals(old_err) || iter.Done()) {
-      ranges->push_back(Range(old_sysnum, sysnum - 1, old_err));
+    if (!err.Equals(old_err)) {
+      ranges->push_back(Range(old_sysnum, old_err));
       old_sysnum = sysnum;
       old_err = err;
     }
   }
+  ranges->push_back(Range(old_sysnum, old_err));
 }
 
 Instruction* PolicyCompiler::AssembleJumpTable(Ranges::const_iterator start,
                                                Ranges::const_iterator stop) {
   // We convert the list of system call ranges into jump table that performs
   // a binary search over the ranges.
   // As a sanity check, we need to have at least one distinct ranges for us
   // to be able to build a jump table.
   if (stop - start <= 0) {
     SANDBOX_DIE("Invalid set of system call ranges");
@@ skipping 234 matching lines @@
                    &*conds_.insert(passed).first,
                    &*conds_.insert(failed).first);
 }
 
 ErrorCode PolicyCompiler::Kill(const char* msg) {
   return Trap(BPFFailure, const_cast<char*>(msg));
 }
 
 }  // namespace bpf_dsl
 }  // namespace sandbox