Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(453)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl.h

Issue 660153002: bpf_dsl: move more implementation details out of bpf_dsl.h (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git/+/master
Patch Set: IWYU Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/linux/bpf_dsl/bpf_dsl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 5 #ifndef SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
6 #define SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 6 #define SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <utility> 10 #include <utility>
11 #include <vector> 11 #include <vector>
12 12
13 #include "base/macros.h" 13 #include "base/macros.h"
14 #include "base/memory/ref_counted.h" 14 #include "base/memory/ref_counted.h"
15 #include "sandbox/linux/bpf_dsl/cons.h" 15 #include "sandbox/linux/bpf_dsl/cons.h"
16 #include "sandbox/linux/bpf_dsl/trap_registry.h" 16 #include "sandbox/linux/bpf_dsl/trap_registry.h"
17 #include "sandbox/sandbox_export.h" 17 #include "sandbox/sandbox_export.h"
18 18
19 namespace sandbox {
20 class ErrorCode;
21 class Verifier;
22 namespace bpf_dsl {
23 class PolicyCompiler;
24 }
25 }
26
27 // The sandbox::bpf_dsl namespace provides a domain-specific language 19 // The sandbox::bpf_dsl namespace provides a domain-specific language
28 // to make writing BPF policies more expressive. In general, the 20 // to make writing BPF policies more expressive. In general, the
29 // object types all have value semantics (i.e., they can be copied 21 // object types all have value semantics (i.e., they can be copied
30 // around, returned from or passed to function calls, etc. without any 22 // around, returned from or passed to function calls, etc. without any
31 // surprising side effects), though not all support assignment. 23 // surprising side effects), though not all support assignment.
32 // 24 //
33 // An idiomatic and demonstrative (albeit silly) example of this API 25 // An idiomatic and demonstrative (albeit silly) example of this API
34 // would be: 26 // would be:
35 // 27 //
36 // #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 28 // #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
120 virtual ResultExpr EvaluateSyscall(int sysno) const = 0; 112 virtual ResultExpr EvaluateSyscall(int sysno) const = 0;
121 113
122 // Optional overload for specifying alternate behavior for invalid 114 // Optional overload for specifying alternate behavior for invalid
123 // system calls. The default is to return ENOSYS. 115 // system calls. The default is to return ENOSYS.
124 virtual ResultExpr InvalidSyscall() const; 116 virtual ResultExpr InvalidSyscall() const;
125 117
126 // Helper method so policies can just write Trap(func, aux). 118 // Helper method so policies can just write Trap(func, aux).
127 static ResultExpr Trap(TrapRegistry::TrapFnc trap_func, const void* aux); 119 static ResultExpr Trap(TrapRegistry::TrapFnc trap_func, const void* aux);
128 120
129 private: 121 private:
130 friend PolicyCompiler;
131 friend Verifier;
132
133 // Private methods used for compiling and verifying policies.
134 ErrorCode EvaluateSyscall(PolicyCompiler* pc, int sysno) const;
135 ErrorCode InvalidSyscall(PolicyCompiler* pc) const;
136 bool HasUnsafeTraps() const;
137
138 DISALLOW_COPY_AND_ASSIGN(SandboxBPFDSLPolicy); 122 DISALLOW_COPY_AND_ASSIGN(SandboxBPFDSLPolicy);
139 }; 123 };
140 124
141 // Allow specifies a result that the system call should be allowed to 125 // Allow specifies a result that the system call should be allowed to
142 // execute normally. 126 // execute normally.
143 SANDBOX_EXPORT ResultExpr Allow(); 127 SANDBOX_EXPORT ResultExpr Allow();
144 128
145 // Error specifies a result that the system call should fail with 129 // Error specifies a result that the system call should fail with
146 // error number |err|. As a special case, Error(0) will result in the 130 // error number |err|. As a special case, Error(0) will result in the
147 // system call appearing to have succeeded, but without having any 131 // system call appearing to have succeeded, but without having any
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after
367 351
368 template <typename T> 352 template <typename T>
369 ResultExpr Caser<T>::Default(ResultExpr result) const { 353 ResultExpr Caser<T>::Default(ResultExpr result) const {
370 return elser_.Else(result); 354 return elser_.Else(result);
371 } 355 }
372 356
373 } // namespace bpf_dsl 357 } // namespace bpf_dsl
374 } // namespace sandbox 358 } // namespace sandbox
375 359
376 #endif // SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 360 #endif // SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/bpf_dsl/bpf_dsl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698