Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(391)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl.h

Issue 628823003: sandbox_bpf: rework how unsafe traps are compiled/verified (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@policies
Patch Set: Sync Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/linux/bpf_dsl/bpf_dsl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 5 #ifndef SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
6 #define SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 6 #define SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <utility> 10 #include <utility>
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
105 // Optional overload for specifying alternate behavior for invalid 105 // Optional overload for specifying alternate behavior for invalid
106 // system calls. The default is to return ENOSYS. 106 // system calls. The default is to return ENOSYS.
107 virtual ResultExpr InvalidSyscall() const; 107 virtual ResultExpr InvalidSyscall() const;
108 108
109 // Override implementations from SandboxBPFPolicy. Marked as final 109 // Override implementations from SandboxBPFPolicy. Marked as final
110 // to prevent mixups with child classes accidentally overloading 110 // to prevent mixups with child classes accidentally overloading
111 // these instead of the above methods. 111 // these instead of the above methods.
112 virtual ErrorCode EvaluateSyscall(SandboxBPF* sb, 112 virtual ErrorCode EvaluateSyscall(SandboxBPF* sb,
113 int sysno) const override final; 113 int sysno) const override final;
114 virtual ErrorCode InvalidSyscall(SandboxBPF* sb) const override final; 114 virtual ErrorCode InvalidSyscall(SandboxBPF* sb) const override final;
115 virtual bool HasUnsafeTraps() const override final;
115 116
116 // Helper method so policies can just write Trap(func, aux). 117 // Helper method so policies can just write Trap(func, aux).
117 static ResultExpr Trap(Trap::TrapFnc trap_func, const void* aux); 118 static ResultExpr Trap(Trap::TrapFnc trap_func, const void* aux);
118 119
119 private: 120 private:
120 DISALLOW_COPY_AND_ASSIGN(SandboxBPFDSLPolicy); 121 DISALLOW_COPY_AND_ASSIGN(SandboxBPFDSLPolicy);
121 }; 122 };
122 123
123 // Allow specifies a result that the system call should be allowed to 124 // Allow specifies a result that the system call should be allowed to
124 // execute normally. 125 // execute normally.
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after
318 private: 319 private:
319 friend class base::RefCounted<BoolExprImpl>; 320 friend class base::RefCounted<BoolExprImpl>;
320 DISALLOW_COPY_AND_ASSIGN(BoolExprImpl); 321 DISALLOW_COPY_AND_ASSIGN(BoolExprImpl);
321 }; 322 };
322 323
323 // Internal interface implemented by ResultExpr implementations. 324 // Internal interface implemented by ResultExpr implementations.
324 class SANDBOX_EXPORT ResultExprImpl : public base::RefCounted<ResultExprImpl> { 325 class SANDBOX_EXPORT ResultExprImpl : public base::RefCounted<ResultExprImpl> {
325 public: 326 public:
326 ResultExprImpl() {} 327 ResultExprImpl() {}
327 virtual ErrorCode Compile(SandboxBPF* sb) const = 0; 328 virtual ErrorCode Compile(SandboxBPF* sb) const = 0;
329 virtual bool HasUnsafeTraps() const;
328 330
329 protected: 331 protected:
330 virtual ~ResultExprImpl() {} 332 virtual ~ResultExprImpl() {}
331 333
332 private: 334 private:
333 friend class base::RefCounted<ResultExprImpl>; 335 friend class base::RefCounted<ResultExprImpl>;
334 DISALLOW_COPY_AND_ASSIGN(ResultExprImpl); 336 DISALLOW_COPY_AND_ASSIGN(ResultExprImpl);
335 }; 337 };
336 338
337 } // namespace internal 339 } // namespace internal
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
380 382
381 template <typename T> 383 template <typename T>
382 ResultExpr Caser<T>::Default(ResultExpr result) const { 384 ResultExpr Caser<T>::Default(ResultExpr result) const {
383 return elser_.Else(result); 385 return elser_.Else(result);
384 } 386 }
385 387
386 } // namespace bpf_dsl 388 } // namespace bpf_dsl
387 } // namespace sandbox 389 } // namespace sandbox
388 390
389 #endif // SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_ 391 #endif // SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/bpf_dsl/bpf_dsl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698