diff options
Diffstat (limited to 'chromium/sandbox/linux/seccomp-bpf/errorcode.h')
-rw-r--r-- | chromium/sandbox/linux/seccomp-bpf/errorcode.h | 61 |
1 files changed, 33 insertions, 28 deletions
diff --git a/chromium/sandbox/linux/seccomp-bpf/errorcode.h b/chromium/sandbox/linux/seccomp-bpf/errorcode.h index 61ec11013da..625d123513f 100644 --- a/chromium/sandbox/linux/seccomp-bpf/errorcode.h +++ b/chromium/sandbox/linux/seccomp-bpf/errorcode.h @@ -8,7 +8,7 @@ #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/trap.h" -namespace playground2 { +namespace sandbox { struct arch_seccomp_data; @@ -27,7 +27,7 @@ class ErrorCode { // completely arbitrary. But we want to pick it so that is is unlikely // to be passed in accidentally, when the user intended to return an // "errno" (see below) value instead. - ERR_ALLOWED = 0x04000000, + ERR_ALLOWED = 0x04000000, // Deny the system call with a particular "errno" value. // N.B.: It is also possible to return "0" here. That would normally @@ -46,7 +46,7 @@ class ErrorCode { // access 64bit quantities. But policies are still advised to specify whether // a system call expects a 32bit or a 64bit quantity. enum ArgType { - // When passed as an argument to Sandbox::Cond(), TP_32BIT requests that + // When passed as an argument to SandboxBPF::Cond(), TP_32BIT requests that // the conditional test should operate on the 32bit part of the system call // argument. // On 64bit architectures, this verifies that user space did not pass @@ -64,7 +64,7 @@ class ErrorCode { // having been sign extended. TP_32BIT, - // When passed as an argument to Sandbox::Cond(), TP_64BIT requests that + // When passed as an argument to SandboxBPF::Cond(), TP_64BIT requests that // the conditional test should operate on the full 64bit argument. It is // generally harmless to perform a 64bit test on 32bit systems, as the // kernel will always see the top 32 bits of all arguments as zero'd out. @@ -85,21 +85,26 @@ class ErrorCode { // need. // TODO(markus): Check whether we should automatically emulate signed // operations. - OP_GREATER_UNSIGNED, OP_GREATER_EQUAL_UNSIGNED, + OP_GREATER_UNSIGNED, + OP_GREATER_EQUAL_UNSIGNED, // Tests a system call argument against a bit mask. // The "ALL_BITS" variant performs this test: "arg & mask == mask" // This implies that a mask of zero always results in a passing test. // The "ANY_BITS" variant performs this test: "arg & mask != 0" // This implies that a mask of zero always results in a failing test. - OP_HAS_ALL_BITS, OP_HAS_ANY_BITS, + OP_HAS_ALL_BITS, + OP_HAS_ANY_BITS, // Total number of operations. OP_NUM_OPS, }; enum ErrorType { - ET_INVALID, ET_SIMPLE, ET_TRAP, ET_COND, + ET_INVALID, + ET_SIMPLE, + ET_TRAP, + ET_COND, }; // We allow the default constructor, as it makes the ErrorCode class @@ -107,10 +112,7 @@ class ErrorCode { // when compiling a BPF filter, we deliberately generate an invalid // program that will get flagged both by our Verifier class and by // the Linux kernel. - ErrorCode() : - error_type_(ET_INVALID), - err_(SECCOMP_RET_INVALID) { - } + ErrorCode() : error_type_(ET_INVALID), err_(SECCOMP_RET_INVALID) {} explicit ErrorCode(int err); // For all practical purposes, ErrorCodes are treated as if they were @@ -121,7 +123,7 @@ class ErrorCode { // callers handle life-cycle management for these objects. // Destructor - ~ErrorCode() { } + ~ErrorCode() {} bool Equals(const ErrorCode& err) const; bool LessThan(const ErrorCode& err) const; @@ -135,8 +137,8 @@ class ErrorCode { int argno() const { return argno_; } ArgType width() const { return width_; } Operation op() const { return op_; } - const ErrorCode *passed() const { return passed_; } - const ErrorCode *failed() const { return failed_; } + const ErrorCode* passed() const { return passed_; } + const ErrorCode* failed() const { return failed_; } struct LessThan { bool operator()(const ErrorCode& a, const ErrorCode& b) const { @@ -146,37 +148,41 @@ class ErrorCode { private: friend class CodeGen; - friend class Sandbox; + friend class SandboxBPF; friend class Trap; // If we are wrapping a callback, we must assign a unique id. This id is // how the kernel tells us which one of our different SECCOMP_RET_TRAP // cases has been triggered. - ErrorCode(Trap::TrapFnc fnc, const void *aux, bool safe, uint16_t id); + ErrorCode(Trap::TrapFnc fnc, const void* aux, bool safe, uint16_t id); // Some system calls require inspection of arguments. This constructor // allows us to specify additional constraints. - ErrorCode(int argno, ArgType width, Operation op, uint64_t value, - const ErrorCode *passed, const ErrorCode *failed); + ErrorCode(int argno, + ArgType width, + Operation op, + uint64_t value, + const ErrorCode* passed, + const ErrorCode* failed); ErrorType error_type_; union { // Fields needed for SECCOMP_RET_TRAP callbacks struct { - Trap::TrapFnc fnc_; // Callback function and arg, if trap was - void *aux_; // triggered by the kernel's BPF filter. - bool safe_; // Keep sandbox active while calling fnc_() + Trap::TrapFnc fnc_; // Callback function and arg, if trap was + void* aux_; // triggered by the kernel's BPF filter. + bool safe_; // Keep sandbox active while calling fnc_() }; // Fields needed when inspecting additional arguments. struct { - uint64_t value_; // Value that we are comparing with. - int argno_; // Syscall arg number that we are inspecting. - ArgType width_; // Whether we are looking at a 32/64bit value. + uint64_t value_; // Value that we are comparing with. + int argno_; // Syscall arg number that we are inspecting. + ArgType width_; // Whether we are looking at a 32/64bit value. Operation op_; // Comparison operation. - const ErrorCode *passed_; // Value to be returned if comparison passed, - const ErrorCode *failed_; // or if it failed. + const ErrorCode* passed_; // Value to be returned if comparison passed, + const ErrorCode* failed_; // or if it failed. }; }; @@ -184,9 +190,8 @@ class ErrorCode { // the value that uniquely identifies any ErrorCode and it (typically) can // be emitted directly into a BPF filter program. uint32_t err_; - }; -} // namespace +} // namespace sandbox #endif // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ |