| Index: sandbox/linux/bpf_dsl/policy_compiler.cc
|
| diff --git a/sandbox/linux/bpf_dsl/policy_compiler.cc b/sandbox/linux/bpf_dsl/policy_compiler.cc
|
| index bcfd21b77658d9abc8bb1abd4260b66b7f12fd23..18ed7be582a363367c23a39c10230aa42b4acd39 100644
|
| --- a/sandbox/linux/bpf_dsl/policy_compiler.cc
|
| +++ b/sandbox/linux/bpf_dsl/policy_compiler.cc
|
| @@ -20,6 +20,7 @@
|
| #include "sandbox/linux/bpf_dsl/syscall_set.h"
|
| #include "sandbox/linux/seccomp-bpf/die.h"
|
| #include "sandbox/linux/seccomp-bpf/errorcode.h"
|
| +#include "sandbox/linux/seccomp-bpf/syscall.h"
|
| #include "sandbox/linux/system_headers/linux_seccomp.h"
|
|
|
| namespace sandbox {
|
| @@ -85,7 +86,6 @@
|
| PolicyCompiler::PolicyCompiler(const Policy* policy, TrapRegistry* registry)
|
| : policy_(policy),
|
| registry_(registry),
|
| - escapepc_(0),
|
| conds_(),
|
| gen_(),
|
| has_unsafe_traps_(HasUnsafeTraps(policy_)) {
|
| @@ -106,8 +106,11 @@
|
| // measures that the sandbox provides, we print a big warning message --
|
| // and of course, we make sure to only ever enable this feature if it
|
| // is actually requested by the sandbox policy.
|
| -
|
| - CHECK_NE(0U, escapepc_) << "UnsafeTrap() requires a valid escape PC";
|
| + if (Syscall::Call(-1) == -1 && errno == ENOSYS) {
|
| + SANDBOX_DIE(
|
| + "Support for UnsafeTrap() has not yet been ported to this "
|
| + "architecture");
|
| + }
|
|
|
| for (int sysnum : kSyscallsRequiredForUnsafeTraps) {
|
| if (!policy_->EvaluateSyscall(sysnum)->IsAllow()) {
|
| @@ -131,10 +134,6 @@
|
| scoped_ptr<CodeGen::Program> program(new CodeGen::Program());
|
| gen_.Compile(AssemblePolicy(), program.get());
|
| return program.Pass();
|
| -}
|
| -
|
| -void PolicyCompiler::DangerousSetEscapePC(uint64_t escapepc) {
|
| - escapepc_ = escapepc;
|
| }
|
|
|
| CodeGen::Node PolicyCompiler::AssemblePolicy() {
|
| @@ -163,13 +162,12 @@
|
| return rest;
|
| }
|
|
|
| - // We already enabled unsafe traps in Compile, but enable them again to give
|
| - // the trap registry a second chance to complain before we add the backdoor.
|
| - CHECK(registry_->EnableUnsafeTraps());
|
| -
|
| - // Allow system calls, if they originate from our magic return address.
|
| - const uint32_t lopc = static_cast<uint32_t>(escapepc_);
|
| - const uint32_t hipc = static_cast<uint32_t>(escapepc_ >> 32);
|
| + // Allow system calls, if they originate from our magic return address
|
| + // (which we can query by calling Syscall::Call(-1)).
|
| + uint64_t syscall_entry_point =
|
| + static_cast<uint64_t>(static_cast<uintptr_t>(Syscall::Call(-1)));
|
| + uint32_t low = static_cast<uint32_t>(syscall_entry_point);
|
| + uint32_t hi = static_cast<uint32_t>(syscall_entry_point >> 32);
|
|
|
| // BPF cannot do native 64-bit comparisons, so we have to compare
|
| // both 32-bit halves of the instruction pointer. If they match what
|
| @@ -181,10 +179,10 @@
|
| return gen_.MakeInstruction(
|
| BPF_LD + BPF_W + BPF_ABS, SECCOMP_IP_LSB_IDX,
|
| gen_.MakeInstruction(
|
| - BPF_JMP + BPF_JEQ + BPF_K, lopc,
|
| + BPF_JMP + BPF_JEQ + BPF_K, low,
|
| gen_.MakeInstruction(
|
| BPF_LD + BPF_W + BPF_ABS, SECCOMP_IP_MSB_IDX,
|
| - gen_.MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, hipc,
|
| + gen_.MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, hi,
|
| CompileResult(Allow()), rest)),
|
| rest));
|
| }
|
|
|
Chromium Code Reviews
Issue 937303005:
Revert of bpf_dsl: decouple PolicyCompiler from Syscall (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master