Added a new Verifier class to the BPF compiler.

sandbox/linux/seccomp-bpf/sandbox_bpf.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef SANDBOX_BPF_H__
 #define SANDBOX_BPF_H__
 
 #include <endian.h>
 #include <errno.h>
 #include <fcntl.h>
@@ skipping 90 matching lines @@
 struct arch_seccomp_data {
   int nr;
   uint32_t arch;
   uint64_t instruction_pointer;
   uint64_t args[6];
 };
 
 #ifdef SECCOMP_BPF_STANDALONE
 #define arraysize(x) sizeof(x)/sizeof(*(x)))
 #define HANDLE_EINTR TEMP_FAILURE_RETRY
+#define DISALLOW_IMPLICIT_CONSTRUCTORS(TypeName) \
+  TypeName();                                    \
+  TypeName(const TypeName&);                     \
+  void operator=(const TypeName&)

[Chris Evans, 2012/06/11 19:20:41]

Does this work? The prototype for the assignment operator returns TypeName& (no
const)

[Markus (顧孟勤), 2012/06/11 20:58:43]

Dunno. I am not the C++ expert here :-)

But this is what we do in basictypes.h -- so, hopefully it works correctly.

[jln (very slow on Chromium), 2012/06/12 20:52:14]

Indeed, return value types are not part of a function's signature for
overloading purposes.

 #endif
 
 
 namespace playground2 {
 
 class Sandbox {
   friend class Util;
+  friend class Verifier;
 
  public:
   enum SandboxStatus {
     STATUS_UNKNOWN,      // Status prior to calling supportsSeccompSandbox()
     STATUS_UNSUPPORTED,  // The kernel does not appear to support sandboxing
     STATUS_UNAVAILABLE,  // Currently unavailable but might work again later
     STATUS_AVAILABLE,    // Sandboxing is available but not currently active
     STATUS_ENABLED       // The sandbox is now active
   };
 
@@ skipping 18 matching lines @@
     bool      is32bit;
     Operation op;
     uint32_t  value;
     ErrorCode passed;
     ErrorCode failed;
   };
 
   typedef ErrorCode (*EvaluateSyscall)(int sysno);
   typedef int       (*EvaluateArguments)(int sysno, int arg,
                                          Constraint *constraint);
+  typedef std::vector<std::pair<EvaluateSyscall,EvaluateArguments> >Evaluators;

[Chris Evans, 2012/06/11 19:20:41]

Missing spaces?

[Markus (顧孟勤), 2012/06/11 20:58:43]

If I add the space, I need to wrap the line; and it's already hard to read as
is.

Any preference how you would prefer to format this line? Or is this the best we
can do.

 
   // There are a lot of reasons why the Seccomp sandbox might not be available.
   // This could be because the kernel does not support Seccomp mode, or it
   // could be because another sandbox is already active.
   // "proc_fd" should be a file descriptor for "/proc", or -1 if not
   // provided by the caller.
   static SandboxStatus supportsSeccompSandbox(int proc_fd);
 
   // The sandbox needs to be able to access files in "/proc/self". If this
   // directory is not accessible when "startSandbox()" gets called, the caller
@@ skipping 62 matching lines @@
   static bool      kernelSupportSeccompBPF(int proc_fd);
 
   static bool    isSingleThreaded(int proc_fd);
   static bool    disableFilesystem();
   static void    installFilter();
   static void    sigSys(int nr, siginfo_t *info, void *void_context);
 
   static bool          suppressLogging_;
   static SandboxStatus status_;
   static int           proc_fd_;
-  static std::vector<std::pair<EvaluateSyscall,
-                               EvaluateArguments> > evaluators_;
+  static Evaluators    evaluators_;
 };
 
 }  // namespace
 
 #endif  // SANDBOX_BPF_H__