| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_ | 5 #ifndef SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_ |
| 6 #define SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_ | 6 #define SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 // PolicyCompiler implements the bpf_dsl compiler, allowing users to | 25 // PolicyCompiler implements the bpf_dsl compiler, allowing users to |
| 26 // transform bpf_dsl policies into BPF programs to be executed by the | 26 // transform bpf_dsl policies into BPF programs to be executed by the |
| 27 // Linux kernel. | 27 // Linux kernel. |
| 28 class SANDBOX_EXPORT PolicyCompiler { | 28 class SANDBOX_EXPORT PolicyCompiler { |
| 29 public: | 29 public: |
| 30 PolicyCompiler(const Policy* policy, TrapRegistry* registry); | 30 PolicyCompiler(const Policy* policy, TrapRegistry* registry); |
| 31 ~PolicyCompiler(); | 31 ~PolicyCompiler(); |
| 32 | 32 |
| 33 // Compile registers any trap handlers needed by the policy and | 33 // Compile registers any trap handlers needed by the policy and |
| 34 // compiles the policy to a BPF program, which it returns. | 34 // compiles the policy to a BPF program, which it returns. |
| 35 scoped_ptr<CodeGen::Program> Compile(); | 35 scoped_ptr<CodeGen::Program> Compile(bool verify); |
| 36 | 36 |
| 37 // DangerousSetEscapePC sets the "escape PC" that is allowed to issue any | 37 // DangerousSetEscapePC sets the "escape PC" that is allowed to issue any |
| 38 // system calls, regardless of policy. | 38 // system calls, regardless of policy. |
| 39 void DangerousSetEscapePC(uint64_t escapepc); | 39 void DangerousSetEscapePC(uint64_t escapepc); |
| 40 | 40 |
| 41 // Error returns an ErrorCode to indicate the system call should fail with | 41 // Error returns an ErrorCode to indicate the system call should fail with |
| 42 // the specified error number. | 42 // the specified error number. |
| 43 ErrorCode Error(int err); | 43 ErrorCode Error(int err); |
| 44 | 44 |
| 45 // Trap returns an ErrorCode to indicate the system call should | 45 // Trap returns an ErrorCode to indicate the system call should |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 CodeGen gen_; | 150 CodeGen gen_; |
| 151 bool has_unsafe_traps_; | 151 bool has_unsafe_traps_; |
| 152 | 152 |
| 153 DISALLOW_COPY_AND_ASSIGN(PolicyCompiler); | 153 DISALLOW_COPY_AND_ASSIGN(PolicyCompiler); |
| 154 }; | 154 }; |
| 155 | 155 |
| 156 } // namespace bpf_dsl | 156 } // namespace bpf_dsl |
| 157 } // namespace sandbox | 157 } // namespace sandbox |
| 158 | 158 |
| 159 #endif // SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_ | 159 #endif // SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 935743003:
bpf_dsl: move Verifier into PolicyCompiler (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master