sandbox/linux/seccomp-bpf/codegen.cc - Issue 11363212: Added support for greylisting of system calls.

Side by Side Diff: sandbox/linux/seccomp-bpf/codegen.cc

Issue 11363212: Added support for greylisting of system calls. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Now with more meat Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/linux/seccomp-bpf/codegen.h"	5 #include "sandbox/linux/seccomp-bpf/codegen.h"

6	6

7	7

8 namespace playground2 {	8 namespace playground2 {

9	9

10 CodeGen::CodeGen()	10 CodeGen::CodeGen()

(...skipping 127 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
138 } else if (BPF_CLASS(head->code) == BPF_RET) {	138 } else if (BPF_CLASS(head->code) == BPF_RET) {

139 SANDBOX_DIE("Cannot append instructions after a return statement");	139 SANDBOX_DIE("Cannot append instructions after a return statement");

140 } else if (head->next) {	140 } else if (head->next) {

141 SANDBOX_DIE("Cannot append instructions in the middle of a sequence");	141 SANDBOX_DIE("Cannot append instructions in the middle of a sequence");

142 } else {	142 } else {

143 head->next = tail;	143 head->next = tail;

144 }	144 }

145 return;	145 return;

146 }	146 }

147	147

	148 void CodeGen::TraverseRecursively(std::set<Instruction > visited,
	jln (very slow on Chromium) 2012/11/15 01:51:52 Does this really need to be a class method ? It l Does this really need to be a class method ? It looks like it would work without being declared in codegen.h and you can put it directly in this file in the anonymous namespace (don't forget to add a comment explaining it though).
	149 Instruction *instruction) {

	150 if (visited->find(instruction) == visited->end()) {

	151 visited->insert(instruction);

	152 switch (BPF_CLASS(instruction->code)) {

	153 case BPF_JMP:

	154 if (BPF_OP(instruction->code) != BPF_JA) {

	155 TraverseRecursively(visited, instruction->jf_ptr);

	156 }

	157 TraverseRecursively(visited, instruction->jt_ptr);

	158 break;

	159 default:
	jln (very slow on Chromium) 2012/11/15 01:51:52 Please put default at the end of the switch. Please put default at the end of the switch.
	160 TraverseRecursively(visited, instruction->next);

	161 break;

	162 case BPF_RET:

	163 break;

	164 }

	165 }

	166 }

	167

	168 void CodeGen::Traverse(Instruction *instruction,

	169 void (fnc)(Instruction , void ), void aux) {

	170 std::set<Instruction *> visited;

	171 TraverseRecursively(&visited, instruction);

	172 for (std::set<Instruction *>::const_iterator iter = visited.begin();

	173 iter != visited.end();

	174 ++iter) {

	175 fnc(*iter, aux);

	176 }

	177 }

	178

148 void CodeGen::FindBranchTargets(const Instruction& instructions,	179 void CodeGen::FindBranchTargets(const Instruction& instructions,

149 BranchTargets *branch_targets) {	180 BranchTargets *branch_targets) {

150 // Follow all possible paths through the "instructions" graph and compute	181 // Follow all possible paths through the "instructions" graph and compute

151 // a list of branch targets. This will later be needed to compute the	182 // a list of branch targets. This will later be needed to compute the

152 // boundaries of basic blocks.	183 // boundaries of basic blocks.

153 // We maintain a set of all instructions that we have previously seen. This	184 // We maintain a set of all instructions that we have previously seen. This

154 // set ultimately converges on all instructions in the program.	185 // set ultimately converges on all instructions in the program.

155 std::set<const Instruction *> seen_instructions;	186 std::set<const Instruction *> seen_instructions;

156 Instructions stack;	187 Instructions stack;

157 for (const Instruction *insn = &instructions; insn; ) {	188 for (const Instruction *insn = &instructions; insn; ) {

(...skipping 490 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
648 CutGraphIntoBasicBlocks(instructions, branch_targets, &all_blocks);	679 CutGraphIntoBasicBlocks(instructions, branch_targets, &all_blocks);

649 MergeTails(&all_blocks);	680 MergeTails(&all_blocks);

650 BasicBlocks basic_blocks;	681 BasicBlocks basic_blocks;

651 TopoSortBasicBlocks(first_block, all_blocks, &basic_blocks);	682 TopoSortBasicBlocks(first_block, all_blocks, &basic_blocks);

652 ComputeRelativeJumps(&basic_blocks, all_blocks);	683 ComputeRelativeJumps(&basic_blocks, all_blocks);

653 ConcatenateBasicBlocks(basic_blocks, program);	684 ConcatenateBasicBlocks(basic_blocks, program);

654 return;	685 return;

655 }	686 }

656	687

657 } // namespace	688 } // namespace

OLD	NEW

« sandbox/linux/seccomp-bpf/codegen.h ('K') | « sandbox/linux/seccomp-bpf/codegen.h ('k') | sandbox/linux/seccomp-bpf/die.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.h » ('J')