SECCOMP-BPF: Refactor the BPF sandbox API to use fewer "static" fields and methods.

sandbox/linux/seccomp-bpf/demo.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/unistd.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
@@ skipping 119 matching lines @@
 
   ptr = strrchr(ptr, '\000');
   strncat(ptr, msg1, sizeof(buf) - (ptr - buf));
 
   ptr = strrchr(ptr, '\000');
   if (HANDLE_EINTR(write(2, buf, ptr - buf))) { }
 
   return -ERR;
 }
 
-static ErrorCode evaluator(int sysno, void *) {
+static ErrorCode evaluator(Sandbox *sandbox, int sysno, void *) {
   switch (sysno) {
 #if defined(__NR_accept)
   case __NR_accept: case __NR_accept4:
 #endif
   case __NR_alarm:
   case __NR_brk:
   case __NR_clock_gettime:
   case __NR_close:
   case __NR_dup: case __NR_dup2:
   case __NR_epoll_create: case __NR_epoll_ctl: case __NR_epoll_wait:
@@ skipping 68 matching lines @@
 #if defined(__NR_socketpair)
   case __NR_socketpair:
 #endif
   case __NR_time:
   case __NR_uname:
   case __NR_write: case __NR_writev:
     return ErrorCode(ErrorCode::ERR_ALLOWED);
 
   case __NR_prctl:
     // Allow PR_SET_DUMPABLE and PR_GET_DUMPABLE. Do not allow anything else.
-    return Sandbox::Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
+    return sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
                          PR_SET_DUMPABLE,
                          ErrorCode(ErrorCode::ERR_ALLOWED),
-           Sandbox::Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
+           sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
                          PR_GET_DUMPABLE,
                          ErrorCode(ErrorCode::ERR_ALLOWED),
-           Sandbox::Trap(defaultHandler, NULL)));
+           sandbox->Trap(defaultHandler, NULL)));
 
   // The following system calls are temporarily permitted. This must be
   // tightened later. But we currently don't implement enough of the sandboxing
   // API to do so.
   // As is, this sandbox isn't exactly safe :-/
 #if defined(__NR_sendmsg)
   case __NR_sendmsg: case __NR_sendto:
   case __NR_recvmsg: case __NR_recvfrom:
   case __NR_getsockopt: case __NR_setsockopt:
 #elif defined(__NR_socketcall)
@@ skipping 14 matching lines @@
 #endif
   case __NR_getrlimit:
   case __NR_ioctl:
   case __NR_clone:
   case __NR_munmap: case __NR_mprotect: case __NR_madvise:
   case __NR_remap_file_pages:
     return ErrorCode(ErrorCode::ERR_ALLOWED);
 
   // Everything that isn't explicitly allowed is denied.
   default:
-    return Sandbox::Trap(defaultHandler, NULL);
+    return sandbox->Trap(defaultHandler, NULL);
   }
 }
 
 static void *threadFnc(void *arg) {
   return arg;
 }
 
 static void *sendmsgStressThreadFnc(void *arg) {
   if (arg) { }
   static const int repetitions = 100;
@@ skipping 28 matching lines @@
 
 int main(int argc, char *argv[]) {
   if (argc) { }
   if (argv) { }
   int proc_fd = open("/proc", O_RDONLY|O_DIRECTORY);
   if (Sandbox::SupportsSeccompSandbox(proc_fd) !=
       Sandbox::STATUS_AVAILABLE) {
     perror("sandbox");
     _exit(1);
   }
-  Sandbox::set_proc_fd(proc_fd);
-  Sandbox::SetSandboxPolicy(evaluator, NULL);
-  Sandbox::StartSandbox();
+  Sandbox sandbox;
+  sandbox.set_proc_fd(proc_fd);
+  sandbox.SetSandboxPolicy(evaluator, NULL);
+  sandbox.StartSandbox();
 
   // Check that we can create threads
   pthread_t thr;
   if (!pthread_create(&thr, NULL, threadFnc,
                       reinterpret_cast<void *>(0x1234))) {
     void *ret;
     pthread_join(thr, &ret);
     if (ret != reinterpret_cast<void *>(0x1234)) {
       perror("clone() failed");
       _exit(1);
@@ skipping 82 matching lines @@
       perror("pthread_create");
       _exit(1);
     }
   }
   for (int i = 0; i < kSendmsgStressNumThreads; ++i) {
     pthread_join(sendmsgStressThreads[i], NULL);
   }
 
   return 0;
 }