| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 | 8 |
| 9 #include <limits> | 9 #include <limits> |
| 10 | 10 |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h" | 13 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h" |
| 14 #include "sandbox/linux/bpf_dsl/policy_compiler.h" | 14 #include "sandbox/linux/bpf_dsl/policy_compiler.h" |
| 15 #include "sandbox/linux/seccomp-bpf/errorcode.h" | 15 #include "sandbox/linux/seccomp-bpf/errorcode.h" |
| 16 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" | |
| 17 | 16 |
| 18 namespace sandbox { | 17 namespace sandbox { |
| 19 namespace bpf_dsl { | 18 namespace bpf_dsl { |
| 20 namespace { | 19 namespace { |
| 21 | 20 |
| 22 class AllowResultExprImpl : public internal::ResultExprImpl { | 21 class AllowResultExprImpl : public internal::ResultExprImpl { |
| 23 public: | 22 public: |
| 24 AllowResultExprImpl() {} | 23 AllowResultExprImpl() {} |
| 25 | 24 |
| 26 virtual ErrorCode Compile(PolicyCompiler* pc) const override { | 25 virtual ErrorCode Compile(PolicyCompiler* pc) const override { |
| (...skipping 343 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 370 expr = ResultExpr( | 369 expr = ResultExpr( |
| 371 new const IfThenResultExprImpl(clause.first, clause.second, expr)); | 370 new const IfThenResultExprImpl(clause.first, clause.second, expr)); |
| 372 } | 371 } |
| 373 return expr; | 372 return expr; |
| 374 } | 373 } |
| 375 | 374 |
| 376 ResultExpr SandboxBPFDSLPolicy::InvalidSyscall() const { | 375 ResultExpr SandboxBPFDSLPolicy::InvalidSyscall() const { |
| 377 return Error(ENOSYS); | 376 return Error(ENOSYS); |
| 378 } | 377 } |
| 379 | 378 |
| 380 ErrorCode SandboxBPFDSLPolicy::EvaluateSyscall(PolicyCompiler* pc, | |
| 381 int sysno) const { | |
| 382 return EvaluateSyscall(sysno)->Compile(pc); | |
| 383 } | |
| 384 | |
| 385 ErrorCode SandboxBPFDSLPolicy::InvalidSyscall(PolicyCompiler* pc) const { | |
| 386 return InvalidSyscall()->Compile(pc); | |
| 387 } | |
| 388 | |
| 389 bool SandboxBPFDSLPolicy::HasUnsafeTraps() const { | |
| 390 for (SyscallIterator iter(false); !iter.Done();) { | |
| 391 uint32_t sysnum = iter.Next(); | |
| 392 if (SyscallIterator::IsValid(sysnum) && | |
| 393 EvaluateSyscall(sysnum)->HasUnsafeTraps()) { | |
| 394 return true; | |
| 395 } | |
| 396 } | |
| 397 return InvalidSyscall()->HasUnsafeTraps(); | |
| 398 } | |
| 399 | |
| 400 ResultExpr SandboxBPFDSLPolicy::Trap(TrapRegistry::TrapFnc trap_func, | 379 ResultExpr SandboxBPFDSLPolicy::Trap(TrapRegistry::TrapFnc trap_func, |
| 401 const void* aux) { | 380 const void* aux) { |
| 402 return bpf_dsl::Trap(trap_func, aux); | 381 return bpf_dsl::Trap(trap_func, aux); |
| 403 } | 382 } |
| 404 | 383 |
| 405 } // namespace bpf_dsl | 384 } // namespace bpf_dsl |
| 406 } // namespace sandbox | 385 } // namespace sandbox |
| 407 | 386 |
| 408 template class scoped_refptr<const sandbox::bpf_dsl::internal::BoolExprImpl>; | 387 template class scoped_refptr<const sandbox::bpf_dsl::internal::BoolExprImpl>; |
| 409 template class scoped_refptr<const sandbox::bpf_dsl::internal::ResultExprImpl>; | 388 template class scoped_refptr<const sandbox::bpf_dsl::internal::ResultExprImpl>; |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 660153002:
bpf_dsl: move more implementation details out of bpf_dsl.h (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git/+/master