| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| 7 | 7 |
| 8 #include "sandbox/linux/seccomp-bpf/trap.h" | 8 #include "sandbox/linux/seccomp-bpf/trap.h" |
| 9 #include "sandbox/sandbox_export.h" | 9 #include "sandbox/sandbox_export.h" |
| 10 | 10 |
| 11 namespace sandbox { | 11 namespace sandbox { |
| 12 namespace bpf_dsl { | 12 namespace bpf_dsl { |
| 13 class PolicyCompiler; | 13 class PolicyCompiler; |
| 14 } | 14 } |
| 15 | 15 |
| 16 // This class holds all the possible values that can be returned by a sandbox | 16 // This class holds all the possible values that can be returned by a sandbox |
| 17 // policy. | 17 // policy. |
| 18 // We can either wrap a symbolic ErrorCode (i.e. ERR_XXX enum values), an | 18 // We can either wrap a symbolic ErrorCode (i.e. ERR_XXX enum values), an |
| 19 // errno value (in the range 0..4095), a pointer to a TrapFnc callback | 19 // errno value (in the range 0..4095), a pointer to a TrapFnc callback |
| 20 // handling a SECCOMP_RET_TRAP trap, or a complex constraint. | 20 // handling a SECCOMP_RET_TRAP trap, or a complex constraint. |
| 21 // All of the commonly used values are stored in the "err_" field. So, code | 21 // All of the commonly used values are stored in the "err_" field. So, code |
| 22 // that is using the ErrorCode class typically operates on a single 32bit | 22 // that is using the ErrorCode class typically operates on a single 32bit |
| 23 // field. | 23 // field. |
| 24 // |
| 25 // TODO(mdempsky): Nuke from orbit. The only reason this class still |
| 26 // exists is for Verifier, which will eventually be replaced by a true |
| 27 // BPF symbolic evaluator and constraint solver. |
| 24 class SANDBOX_EXPORT ErrorCode { | 28 class SANDBOX_EXPORT ErrorCode { |
| 25 public: | 29 public: |
| 26 enum { | 30 enum { |
| 27 // Allow this system call. The value of ERR_ALLOWED is pretty much | 31 // Allow this system call. The value of ERR_ALLOWED is pretty much |
| 28 // completely arbitrary. But we want to pick it so that is is unlikely | 32 // completely arbitrary. But we want to pick it so that is is unlikely |
| 29 // to be passed in accidentally, when the user intended to return an | 33 // to be passed in accidentally, when the user intended to return an |
| 30 // "errno" (see below) value instead. | 34 // "errno" (see below) value instead. |
| 31 ERR_ALLOWED = 0x04000000, | 35 ERR_ALLOWED = 0x04000000, |
| 32 | 36 |
| 33 // If the progress is being ptraced with PTRACE_O_TRACESECCOMP, then the | 37 // If the progress is being ptraced with PTRACE_O_TRACESECCOMP, then the |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 190 | 194 |
| 191 // 32bit field used for all possible types of ErrorCode values. This is | 195 // 32bit field used for all possible types of ErrorCode values. This is |
| 192 // the value that uniquely identifies any ErrorCode and it (typically) can | 196 // the value that uniquely identifies any ErrorCode and it (typically) can |
| 193 // be emitted directly into a BPF filter program. | 197 // be emitted directly into a BPF filter program. |
| 194 uint32_t err_; | 198 uint32_t err_; |
| 195 }; | 199 }; |
| 196 | 200 |
| 197 } // namespace sandbox | 201 } // namespace sandbox |
| 198 | 202 |
| 199 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ | 203 #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 761903003:
Update from https://crrev.com/306655 (Closed)
Base URL: git@github.com:domokit/mojo.git@master