| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/policy_compiler.h" | 5 #include "sandbox/linux/bpf_dsl/policy_compiler.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <linux/filter.h> | 8 #include <linux/filter.h> |
| 9 #include <sys/syscall.h> | 9 #include <sys/syscall.h> |
| 10 | 10 |
| 11 #include <limits> | 11 #include <limits> |
| 12 | 12 |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/macros.h" | 14 #include "base/macros.h" |
| 15 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 15 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 16 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h" | 16 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h" |
| 17 #include "sandbox/linux/bpf_dsl/codegen.h" | 17 #include "sandbox/linux/bpf_dsl/codegen.h" |
| 18 #include "sandbox/linux/bpf_dsl/dump_bpf.h" |
| 18 #include "sandbox/linux/bpf_dsl/policy.h" | 19 #include "sandbox/linux/bpf_dsl/policy.h" |
| 19 #include "sandbox/linux/bpf_dsl/seccomp_macros.h" | 20 #include "sandbox/linux/bpf_dsl/seccomp_macros.h" |
| 20 #include "sandbox/linux/bpf_dsl/syscall_set.h" | 21 #include "sandbox/linux/bpf_dsl/syscall_set.h" |
| 22 #include "sandbox/linux/bpf_dsl/verifier.h" |
| 21 #include "sandbox/linux/seccomp-bpf/errorcode.h" | 23 #include "sandbox/linux/seccomp-bpf/errorcode.h" |
| 22 #include "sandbox/linux/system_headers/linux_seccomp.h" | 24 #include "sandbox/linux/system_headers/linux_seccomp.h" |
| 23 | 25 |
| 24 namespace sandbox { | 26 namespace sandbox { |
| 25 namespace bpf_dsl { | 27 namespace bpf_dsl { |
| 26 | 28 |
| 27 namespace { | 29 namespace { |
| 28 | 30 |
| 29 #if defined(__i386__) || defined(__x86_64__) | 31 #if defined(__i386__) || defined(__x86_64__) |
| 30 const bool kIsIntel = true; | 32 const bool kIsIntel = true; |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 87 escapepc_(0), | 89 escapepc_(0), |
| 88 conds_(), | 90 conds_(), |
| 89 gen_(), | 91 gen_(), |
| 90 has_unsafe_traps_(HasUnsafeTraps(policy_)) { | 92 has_unsafe_traps_(HasUnsafeTraps(policy_)) { |
| 91 DCHECK(policy); | 93 DCHECK(policy); |
| 92 } | 94 } |
| 93 | 95 |
| 94 PolicyCompiler::~PolicyCompiler() { | 96 PolicyCompiler::~PolicyCompiler() { |
| 95 } | 97 } |
| 96 | 98 |
| 97 scoped_ptr<CodeGen::Program> PolicyCompiler::Compile() { | 99 scoped_ptr<CodeGen::Program> PolicyCompiler::Compile(bool verify) { |
| 98 CHECK(policy_->InvalidSyscall()->IsDeny()) | 100 CHECK(policy_->InvalidSyscall()->IsDeny()) |
| 99 << "Policies should deny invalid system calls"; | 101 << "Policies should deny invalid system calls"; |
| 100 | 102 |
| 101 // If our BPF program has unsafe traps, enable support for them. | 103 // If our BPF program has unsafe traps, enable support for them. |
| 102 if (has_unsafe_traps_) { | 104 if (has_unsafe_traps_) { |
| 103 CHECK_NE(0U, escapepc_) << "UnsafeTrap() requires a valid escape PC"; | 105 CHECK_NE(0U, escapepc_) << "UnsafeTrap() requires a valid escape PC"; |
| 104 | 106 |
| 105 for (int sysnum : kSyscallsRequiredForUnsafeTraps) { | 107 for (int sysnum : kSyscallsRequiredForUnsafeTraps) { |
| 106 CHECK(policy_->EvaluateSyscall(sysnum)->IsAllow()) | 108 CHECK(policy_->EvaluateSyscall(sysnum)->IsAllow()) |
| 107 << "Policies that use UnsafeTrap() must unconditionally allow all " | 109 << "Policies that use UnsafeTrap() must unconditionally allow all " |
| 108 "required system calls"; | 110 "required system calls"; |
| 109 } | 111 } |
| 110 | 112 |
| 111 CHECK(registry_->EnableUnsafeTraps()) | 113 CHECK(registry_->EnableUnsafeTraps()) |
| 112 << "We'd rather die than enable unsafe traps"; | 114 << "We'd rather die than enable unsafe traps"; |
| 113 } | 115 } |
| 114 | 116 |
| 115 // Assemble the BPF filter program. | 117 // Assemble the BPF filter program. |
| 116 scoped_ptr<CodeGen::Program> program(new CodeGen::Program()); | 118 scoped_ptr<CodeGen::Program> program(new CodeGen::Program()); |
| 117 gen_.Compile(AssemblePolicy(), program.get()); | 119 gen_.Compile(AssemblePolicy(), program.get()); |
| 120 |
| 121 // Make sure compilation resulted in a BPF program that executes |
| 122 // correctly. Otherwise, there is an internal error in our BPF compiler. |
| 123 // There is really nothing the caller can do until the bug is fixed. |
| 124 if (verify) { |
| 125 const char* err = nullptr; |
| 126 if (!Verifier::VerifyBPF(this, *program, *policy_, &err)) { |
| 127 DumpBPF::PrintProgram(*program); |
| 128 LOG(FATAL) << err; |
| 129 } |
| 130 } |
| 131 |
| 118 return program.Pass(); | 132 return program.Pass(); |
| 119 } | 133 } |
| 120 | 134 |
| 121 void PolicyCompiler::DangerousSetEscapePC(uint64_t escapepc) { | 135 void PolicyCompiler::DangerousSetEscapePC(uint64_t escapepc) { |
| 122 escapepc_ = escapepc; | 136 escapepc_ = escapepc; |
| 123 } | 137 } |
| 124 | 138 |
| 125 CodeGen::Node PolicyCompiler::AssemblePolicy() { | 139 CodeGen::Node PolicyCompiler::AssemblePolicy() { |
| 126 // A compiled policy consists of three logical parts: | 140 // A compiled policy consists of three logical parts: |
| 127 // 1. Check that the "arch" field matches the expected architecture. | 141 // 1. Check that the "arch" field matches the expected architecture. |
| (...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 475 return ErrorCode(argno, | 489 return ErrorCode(argno, |
| 476 width, | 490 width, |
| 477 mask, | 491 mask, |
| 478 value, | 492 value, |
| 479 &*conds_.insert(passed).first, | 493 &*conds_.insert(passed).first, |
| 480 &*conds_.insert(failed).first); | 494 &*conds_.insert(failed).first); |
| 481 } | 495 } |
| 482 | 496 |
| 483 } // namespace bpf_dsl | 497 } // namespace bpf_dsl |
| 484 } // namespace sandbox | 498 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 935743003:
bpf_dsl: move Verifier into PolicyCompiler (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master