Permission message rules: Each rule must have >= 1 required permissions
[chromium-blink-merge.git] / sandbox / linux / bpf_dsl / syscall_set.h
blobb9f076d9321a392b5a6f85b99430ccbe1bd008e3
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__
6 #define SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__
8 #include <stdint.h>
10 #include <iterator>
12 #include "base/macros.h"
13 #include "sandbox/sandbox_export.h"
15 namespace sandbox {
17 // Iterates over the entire system call range from 0..0xFFFFFFFFu. This
18 // iterator is aware of how system calls look like and will skip quickly
19 // over ranges that can't contain system calls. It iterates more slowly
20 // whenever it reaches a range that is potentially problematic, returning
21 // the last invalid value before a valid range of system calls, and the
22 // first invalid value after a valid range of syscalls. It iterates over
23 // individual values whenever it is in the normal range for system calls
24 // (typically MIN_SYSCALL..MAX_SYSCALL).
26 // Example usage:
27 // for (uint32_t sysnum : SyscallSet::All()) {
28 // // Do something with sysnum.
29 // }
30 class SANDBOX_EXPORT SyscallSet {
31 public:
32 class Iterator;
34 SyscallSet(const SyscallSet& ss) : set_(ss.set_) {}
35 ~SyscallSet() {}
37 Iterator begin() const;
38 Iterator end() const;
40 // All returns a SyscallSet that contains both valid and invalid
41 // system call numbers.
42 static SyscallSet All() { return SyscallSet(Set::ALL); }
44 // ValidOnly returns a SyscallSet that contains only valid system
45 // call numbers.
46 static SyscallSet ValidOnly() { return SyscallSet(Set::VALID_ONLY); }
48 // InvalidOnly returns a SyscallSet that contains only invalid
49 // system call numbers, but still omits numbers in the middle of a
50 // range of invalid system call numbers.
51 static SyscallSet InvalidOnly() { return SyscallSet(Set::INVALID_ONLY); }
53 // IsValid returns whether |num| specifies a valid system call
54 // number.
55 static bool IsValid(uint32_t num);
57 private:
58 enum class Set { ALL, VALID_ONLY, INVALID_ONLY };
60 explicit SyscallSet(Set set) : set_(set) {}
62 Set set_;
64 friend bool operator==(const SyscallSet&, const SyscallSet&);
65 DISALLOW_ASSIGN(SyscallSet);
68 SANDBOX_EXPORT bool operator==(const SyscallSet& lhs, const SyscallSet& rhs);
70 // Iterator provides C++ input iterator semantics for traversing a
71 // SyscallSet.
72 class SyscallSet::Iterator
73 : public std::iterator<std::input_iterator_tag, uint32_t> {
74 public:
75 Iterator(const Iterator& it)
76 : set_(it.set_), done_(it.done_), num_(it.num_) {}
77 ~Iterator() {}
79 uint32_t operator*() const;
80 Iterator& operator++();
82 private:
83 Iterator(Set set, bool done);
85 uint32_t NextSyscall() const;
87 Set set_;
88 bool done_;
89 uint32_t num_;
91 friend SyscallSet;
92 friend bool operator==(const Iterator&, const Iterator&);
93 DISALLOW_ASSIGN(Iterator);
96 SANDBOX_EXPORT bool operator==(const SyscallSet::Iterator& lhs,
97 const SyscallSet::Iterator& rhs);
98 SANDBOX_EXPORT bool operator!=(const SyscallSet::Iterator& lhs,
99 const SyscallSet::Iterator& rhs);
101 } // namespace sandbox
103 #endif // SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__