Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1274)

Unified Diff: sandbox/linux/bpf_dsl/bpf_dsl.cc

Issue 761903003: Update from https://crrev.com/306655 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/BUILD.gn ('k') | sandbox/linux/bpf_dsl/bpf_dsl_impl.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/bpf_dsl/bpf_dsl.cc
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl.cc b/sandbox/linux/bpf_dsl/bpf_dsl.cc
index 0d5aa553efa4c2b41ac72ec5be851bb5195b641f..3a35903ec91a3a7f7690dce1471b81b41bffacef 100644
--- a/sandbox/linux/bpf_dsl/bpf_dsl.cc
+++ b/sandbox/linux/bpf_dsl/bpf_dsl.cc
@@ -10,12 +10,17 @@
#include "base/memory/ref_counted.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
#include "sandbox/linux/bpf_dsl/policy_compiler.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
#include "sandbox/linux/seccomp-bpf/errorcode.h"
namespace sandbox {
namespace bpf_dsl {
namespace {
+intptr_t BPFFailure(const struct arch_seccomp_data&, void* aux) {
+ SANDBOX_DIE(static_cast<char*>(aux));
+}
+
class AllowResultExprImpl : public internal::ResultExprImpl {
public:
AllowResultExprImpl() {}
@@ -24,6 +29,8 @@ class AllowResultExprImpl : public internal::ResultExprImpl {
return ErrorCode(ErrorCode::ERR_ALLOWED);
}
+ bool IsAllow() const override { return true; }
+
private:
~AllowResultExprImpl() override {}
@@ -40,6 +47,8 @@ class ErrorResultExprImpl : public internal::ResultExprImpl {
return pc->Error(err_);
}
+ bool IsDeny() const override { return true; }
+
private:
~ErrorResultExprImpl() override {}
@@ -48,22 +57,6 @@ class ErrorResultExprImpl : public internal::ResultExprImpl {
DISALLOW_COPY_AND_ASSIGN(ErrorResultExprImpl);
};
-class KillResultExprImpl : public internal::ResultExprImpl {
- public:
- explicit KillResultExprImpl(const char* msg) : msg_(msg) { DCHECK(msg_); }
-
- ErrorCode Compile(PolicyCompiler* pc) const override {
- return pc->Kill(msg_);
- }
-
- private:
- ~KillResultExprImpl() override {}
-
- const char* msg_;
-
- DISALLOW_COPY_AND_ASSIGN(KillResultExprImpl);
-};
-
class TraceResultExprImpl : public internal::ResultExprImpl {
public:
TraceResultExprImpl(uint16_t aux) : aux_(aux) {}
@@ -82,44 +75,27 @@ class TraceResultExprImpl : public internal::ResultExprImpl {
class TrapResultExprImpl : public internal::ResultExprImpl {
public:
- TrapResultExprImpl(TrapRegistry::TrapFnc func, const void* arg)
- : func_(func), arg_(arg) {
+ TrapResultExprImpl(TrapRegistry::TrapFnc func, const void* arg, bool safe)
+ : func_(func), arg_(arg), safe_(safe) {
DCHECK(func_);
}
ErrorCode Compile(PolicyCompiler* pc) const override {
- return pc->Trap(func_, arg_);
+ return pc->Trap(func_, arg_, safe_);
}
- private:
- ~TrapResultExprImpl() override {}
+ bool HasUnsafeTraps() const override { return safe_ == false; }
- TrapRegistry::TrapFnc func_;
- const void* arg_;
-
- DISALLOW_COPY_AND_ASSIGN(TrapResultExprImpl);
-};
-
-class UnsafeTrapResultExprImpl : public internal::ResultExprImpl {
- public:
- UnsafeTrapResultExprImpl(TrapRegistry::TrapFnc func, const void* arg)
- : func_(func), arg_(arg) {
- DCHECK(func_);
- }
-
- ErrorCode Compile(PolicyCompiler* pc) const override {
- return pc->UnsafeTrap(func_, arg_);
- }
-
- bool HasUnsafeTraps() const override { return true; }
+ bool IsDeny() const override { return true; }
private:
- ~UnsafeTrapResultExprImpl() override {}
+ ~TrapResultExprImpl() override {}
TrapRegistry::TrapFnc func_;
const void* arg_;
+ bool safe_;
- DISALLOW_COPY_AND_ASSIGN(UnsafeTrapResultExprImpl);
+ DISALLOW_COPY_AND_ASSIGN(TrapResultExprImpl);
};
class IfThenResultExprImpl : public internal::ResultExprImpl {
@@ -258,6 +234,14 @@ bool ResultExprImpl::HasUnsafeTraps() const {
return false;
}
+bool ResultExprImpl::IsAllow() const {
+ return false;
+}
+
+bool ResultExprImpl::IsDeny() const {
+ return false;
+}
+
uint64_t DefaultMask(size_t size) {
switch (size) {
case 4:
@@ -291,7 +275,7 @@ ResultExpr Error(int err) {
}
ResultExpr Kill(const char* msg) {
- return ResultExpr(new const KillResultExprImpl(msg));
+ return Trap(BPFFailure, msg);
}
ResultExpr Trace(uint16_t aux) {
@@ -299,11 +283,13 @@ ResultExpr Trace(uint16_t aux) {
}
ResultExpr Trap(TrapRegistry::TrapFnc trap_func, const void* aux) {
- return ResultExpr(new const TrapResultExprImpl(trap_func, aux));
+ return ResultExpr(
+ new const TrapResultExprImpl(trap_func, aux, true /* safe */));
}
ResultExpr UnsafeTrap(TrapRegistry::TrapFnc trap_func, const void* aux) {
- return ResultExpr(new const UnsafeTrapResultExprImpl(trap_func, aux));
+ return ResultExpr(
+ new const TrapResultExprImpl(trap_func, aux, false /* unsafe */));
}
BoolExpr BoolConst(bool value) {
« no previous file with comments | « sandbox/linux/BUILD.gn ('k') | sandbox/linux/bpf_dsl/bpf_dsl_impl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698