Chromium Code Reviews Chromium Code Reviews
Issue 10546041:
Added a new Verifier class to the BPF compiler. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: sandbox/linux/seccomp-bpf/verifier.h |
| diff --git a/sandbox/linux/seccomp-bpf/verifier.h b/sandbox/linux/seccomp-bpf/verifier.h |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..f189251a0c763358d3499675a03554b5533d73bf |
| --- /dev/null |
| +++ b/sandbox/linux/seccomp-bpf/verifier.h |
| @@ -0,0 +1,49 @@ |
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#ifndef VERIFIER_H__ |
| +#define VERIFIER_H__ |
| + |
| +#include <linux/filter.h> |
| + |
| +#include <utility> |
| +#include <vector> |
| + |
| +#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| + |
| + |
| +namespace playground2 { |
| + |
| +class Verifier { |
| + public: |
|
jln (very slow on Chromium)
2012/06/07 22:55:17
I would really prefer if this returned a bool or a
|
| + static void verifyBPF(const std::vector<struct sock_filter>& program, |
| + const Sandbox::Evaluators& evaluators); |
| + |
| + private: |
| + struct State { |
| + State(const std::vector<struct sock_filter>& p, |
| + int s, Sandbox::ErrorCode e) : |
| + program(p), |
| + sysnum(s), |
| + err(e), |
| + ip(0), |
| + accumulator(0), |
| + accIsValid(false) { |
| + } |
| + const std::vector<struct sock_filter>& program; |
| + int sysnum; |
| + Sandbox::ErrorCode err; |
| + unsigned int ip; |
| + uint32_t accumulator; |
| + bool accIsValid; |
| + }; |
| + |
| + static void ld (State *state, const struct sock_filter& insn); |
| + static void jmp(State *state, const struct sock_filter& insn); |
| + static void ret(State *state, const struct sock_filter& insn); |
|
jln (very slow on Chromium)
2012/06/07 22:55:17
Looks like Verifier is not meant to be instanciate
|
| +}; |
| + |
| +} // namespace |
| + |
| +#endif // VERIFIER_H__ |
