Chromium Code Reviews Chromium Code Reviews
Issue 939943002:
bpf_dsl: decouple PolicyCompiler from Syscall (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: sandbox/linux/bpf_dsl/policy_compiler.h |
| diff --git a/sandbox/linux/bpf_dsl/policy_compiler.h b/sandbox/linux/bpf_dsl/policy_compiler.h |
| index faf6be5c36257eef1723621fedee40430b9e9f99..4a062e27f1e7aab2a97829ff3b5257bd62848617 100644 |
| --- a/sandbox/linux/bpf_dsl/policy_compiler.h |
| +++ b/sandbox/linux/bpf_dsl/policy_compiler.h |
| @@ -27,7 +27,9 @@ class Policy; |
| // Linux kernel. |
| class SANDBOX_EXPORT PolicyCompiler { |
| public: |
| - PolicyCompiler(const Policy* policy, TrapRegistry* registry); |
| + PolicyCompiler(const Policy* policy, |
| + TrapRegistry* registry, |
| + uint64_t escapepc = 0); |
|
jln (very slow on Chromium)
2015/02/19 19:49:14
I'm worried about making it too easy to inject a b
mdempsky
2015/02/20 03:20:32
FWIW, this just lets the "user" control what PC is
|
| ~PolicyCompiler(); |
| // Compile registers any trap handlers needed by the policy and |
| @@ -88,7 +90,7 @@ class SANDBOX_EXPORT PolicyCompiler { |
| CodeGen::Node CheckArch(CodeGen::Node passed); |
| // If |has_unsafe_traps_| is true, returns an instruction sequence |
| - // that allows all system calls from Syscall::Call(), and otherwise |
| + // that allows all system calls from |escapepc_|, and otherwise |
| // passes control to |rest|. Otherwise, simply returns |rest|. |
| CodeGen::Node MaybeAddEscapeHatch(CodeGen::Node rest); |
| @@ -140,6 +142,7 @@ class SANDBOX_EXPORT PolicyCompiler { |
| const Policy* policy_; |
| TrapRegistry* registry_; |
| + uint64_t escapepc_; |
| Conds conds_; |
| CodeGen gen_; |
