From ce4c9f14d7e5efb61c2eab7d695f0f4b831543e7 Mon Sep 17 00:00:00 2001 From: mdempsky Date: Wed, 4 Feb 2015 22:23:05 -0800 Subject: [PATCH] sandbox: move SyscallSet into bpf_dsl BUG=449357 Review URL: https://codereview.chromium.org/896093002 Cr-Commit-Position: refs/heads/master@{#314766} --- sandbox/linux/BUILD.gn | 6 +++--- sandbox/linux/bpf_dsl/policy_compiler.cc | 2 +- .../syscall_iterator.cc => bpf_dsl/syscall_set.cc} | 2 +- .../syscall_iterator.h => bpf_dsl/syscall_set.h} | 8 +++----- .../syscall_set_unittest.cc} | 14 +++++++------- sandbox/linux/sandbox_linux.gypi | 4 ++-- sandbox/linux/sandbox_linux_test_sources.gypi | 2 +- sandbox/linux/seccomp-bpf/sandbox_bpf.cc | 2 +- sandbox/linux/seccomp-bpf/verifier.cc | 2 +- 9 files changed, 20 insertions(+), 22 deletions(-) rename sandbox/linux/{seccomp-bpf/syscall_iterator.cc => bpf_dsl/syscall_set.cc} (98%) rename sandbox/linux/{seccomp-bpf/syscall_iterator.h => bpf_dsl/syscall_set.h} (93%) rename sandbox/linux/{seccomp-bpf/syscall_iterator_unittest.cc => bpf_dsl/syscall_set_unittest.cc} (88%) diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn index dd16cb2cdbb3..64940f1455a6 100644 --- a/sandbox/linux/BUILD.gn +++ b/sandbox/linux/BUILD.gn @@ -105,12 +105,12 @@ test("sandbox_linux_unittests") { "bpf_dsl/bpf_dsl_unittest.cc", "bpf_dsl/codegen_unittest.cc", "bpf_dsl/cons_unittest.cc", + "bpf_dsl/syscall_set_unittest.cc", "seccomp-bpf-helpers/baseline_policy_unittest.cc", "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc", "seccomp-bpf/bpf_tests_unittest.cc", "seccomp-bpf/errorcode_unittest.cc", "seccomp-bpf/sandbox_bpf_unittest.cc", - "seccomp-bpf/syscall_iterator_unittest.cc", "seccomp-bpf/syscall_unittest.cc", ] } @@ -158,6 +158,8 @@ component("seccomp_bpf") { "bpf_dsl/policy.h", "bpf_dsl/policy_compiler.cc", "bpf_dsl/policy_compiler.h", + "bpf_dsl/syscall_set.cc", + "bpf_dsl/syscall_set.h", "bpf_dsl/trap_registry.h", "seccomp-bpf/die.cc", "seccomp-bpf/die.h", @@ -168,8 +170,6 @@ component("seccomp_bpf") { "seccomp-bpf/sandbox_bpf.h", "seccomp-bpf/syscall.cc", "seccomp-bpf/syscall.h", - "seccomp-bpf/syscall_iterator.cc", - "seccomp-bpf/syscall_iterator.h", "seccomp-bpf/trap.cc", "seccomp-bpf/trap.h", "seccomp-bpf/verifier.cc", diff --git a/sandbox/linux/bpf_dsl/policy_compiler.cc b/sandbox/linux/bpf_dsl/policy_compiler.cc index 2134ddab870f..2b72f3b7752c 100644 --- a/sandbox/linux/bpf_dsl/policy_compiler.cc +++ b/sandbox/linux/bpf_dsl/policy_compiler.cc @@ -16,11 +16,11 @@ #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h" #include "sandbox/linux/bpf_dsl/codegen.h" #include "sandbox/linux/bpf_dsl/policy.h" +#include "sandbox/linux/bpf_dsl/syscall_set.h" #include "sandbox/linux/seccomp-bpf/die.h" #include "sandbox/linux/seccomp-bpf/errorcode.h" #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/syscall.h" -#include "sandbox/linux/seccomp-bpf/syscall_iterator.h" namespace sandbox { namespace bpf_dsl { diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.cc b/sandbox/linux/bpf_dsl/syscall_set.cc similarity index 98% rename from sandbox/linux/seccomp-bpf/syscall_iterator.cc rename to sandbox/linux/bpf_dsl/syscall_set.cc index 195a8b0adff9..22d6046a661a 100644 --- a/sandbox/linux/seccomp-bpf/syscall_iterator.cc +++ b/sandbox/linux/bpf_dsl/syscall_set.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "sandbox/linux/seccomp-bpf/syscall_iterator.h" +#include "sandbox/linux/bpf_dsl/syscall_set.h" #include "base/logging.h" #include "base/macros.h" diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.h b/sandbox/linux/bpf_dsl/syscall_set.h similarity index 93% rename from sandbox/linux/seccomp-bpf/syscall_iterator.h rename to sandbox/linux/bpf_dsl/syscall_set.h index 5080fcc09a21..b9f076d9321a 100644 --- a/sandbox/linux/seccomp-bpf/syscall_iterator.h +++ b/sandbox/linux/bpf_dsl/syscall_set.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__ -#define SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__ +#ifndef SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ +#define SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ #include @@ -14,8 +14,6 @@ namespace sandbox { -// TODO(mdempsky): Rename this header to syscall_set.h. - // Iterates over the entire system call range from 0..0xFFFFFFFFu. This // iterator is aware of how system calls look like and will skip quickly // over ranges that can't contain system calls. It iterates more slowly @@ -102,4 +100,4 @@ SANDBOX_EXPORT bool operator!=(const SyscallSet::Iterator& lhs, } // namespace sandbox -#endif // SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__ +#endif // SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc b/sandbox/linux/bpf_dsl/syscall_set_unittest.cc similarity index 88% rename from sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc rename to sandbox/linux/bpf_dsl/syscall_set_unittest.cc index 3bc1eaa5b75a..5730dc458452 100644 --- a/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc +++ b/sandbox/linux/bpf_dsl/syscall_set_unittest.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "sandbox/linux/seccomp-bpf/syscall_iterator.h" +#include "sandbox/linux/bpf_dsl/syscall_set.h" #include @@ -18,7 +18,7 @@ const SyscallSet kSyscallSets[] = { SyscallSet::InvalidOnly(), }; -SANDBOX_TEST(SyscallIterator, Monotonous) { +SANDBOX_TEST(SyscallSet, Monotonous) { for (const SyscallSet& set : kSyscallSets) { uint32_t prev = 0; bool have_prev = false; @@ -54,7 +54,7 @@ void AssertRange(uint32_t min, uint32_t max) { SANDBOX_ASSERT(prev == max); } -SANDBOX_TEST(SyscallIterator, ValidSyscallRanges) { +SANDBOX_TEST(SyscallSet, ValidSyscallRanges) { AssertRange(MIN_SYSCALL, MAX_PUBLIC_SYSCALL); #if defined(__arm__) AssertRange(MIN_PRIVATE_SYSCALL, MAX_PRIVATE_SYSCALL); @@ -62,7 +62,7 @@ SANDBOX_TEST(SyscallIterator, ValidSyscallRanges) { #endif } -SANDBOX_TEST(SyscallIterator, InvalidSyscalls) { +SANDBOX_TEST(SyscallSet, InvalidSyscalls) { static const uint32_t kExpected[] = { #if defined(__mips__) 0, @@ -93,19 +93,19 @@ SANDBOX_TEST(SyscallIterator, InvalidSyscalls) { } } -SANDBOX_TEST(SyscallIterator, ValidOnlyIsOnlyValid) { +SANDBOX_TEST(SyscallSet, ValidOnlyIsOnlyValid) { for (uint32_t sysnum : SyscallSet::ValidOnly()) { SANDBOX_ASSERT(SyscallSet::IsValid(sysnum)); } } -SANDBOX_TEST(SyscallIterator, InvalidOnlyIsOnlyInvalid) { +SANDBOX_TEST(SyscallSet, InvalidOnlyIsOnlyInvalid) { for (uint32_t sysnum : SyscallSet::InvalidOnly()) { SANDBOX_ASSERT(!SyscallSet::IsValid(sysnum)); } } -SANDBOX_TEST(SyscallIterator, AllIsValidOnlyPlusInvalidOnly) { +SANDBOX_TEST(SyscallSet, AllIsValidOnlyPlusInvalidOnly) { std::vector merged; const SyscallSet valid_only = SyscallSet::ValidOnly(); const SyscallSet invalid_only = SyscallSet::InvalidOnly(); diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi index 3eba9ece0db6..c03b024ee8a3 100644 --- a/sandbox/linux/sandbox_linux.gypi +++ b/sandbox/linux/sandbox_linux.gypi @@ -131,6 +131,8 @@ 'bpf_dsl/policy.h', 'bpf_dsl/policy_compiler.cc', 'bpf_dsl/policy_compiler.h', + 'bpf_dsl/syscall_set.cc', + 'bpf_dsl/syscall_set.h', 'bpf_dsl/trap_registry.h', 'seccomp-bpf/die.cc', 'seccomp-bpf/die.h', @@ -141,8 +143,6 @@ 'seccomp-bpf/sandbox_bpf.h', 'seccomp-bpf/syscall.cc', 'seccomp-bpf/syscall.h', - 'seccomp-bpf/syscall_iterator.cc', - 'seccomp-bpf/syscall_iterator.h', 'seccomp-bpf/trap.cc', 'seccomp-bpf/trap.h', 'seccomp-bpf/verifier.cc', diff --git a/sandbox/linux/sandbox_linux_test_sources.gypi b/sandbox/linux/sandbox_linux_test_sources.gypi index 5a677205f003..eef29db7177a 100644 --- a/sandbox/linux/sandbox_linux_test_sources.gypi +++ b/sandbox/linux/sandbox_linux_test_sources.gypi @@ -43,12 +43,12 @@ 'bpf_dsl/bpf_dsl_unittest.cc', 'bpf_dsl/codegen_unittest.cc', 'bpf_dsl/cons_unittest.cc', + 'bpf_dsl/syscall_set_unittest.cc', 'seccomp-bpf-helpers/baseline_policy_unittest.cc', 'seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc', 'seccomp-bpf/bpf_tests_unittest.cc', 'seccomp-bpf/errorcode_unittest.cc', 'seccomp-bpf/sandbox_bpf_unittest.cc', - 'seccomp-bpf/syscall_iterator_unittest.cc', 'seccomp-bpf/syscall_unittest.cc', ], }], diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc index 907bcd83d3d6..d51fa78149c9 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc @@ -27,11 +27,11 @@ #include "sandbox/linux/bpf_dsl/dump_bpf.h" #include "sandbox/linux/bpf_dsl/policy.h" #include "sandbox/linux/bpf_dsl/policy_compiler.h" +#include "sandbox/linux/bpf_dsl/syscall_set.h" #include "sandbox/linux/seccomp-bpf/die.h" #include "sandbox/linux/seccomp-bpf/errorcode.h" #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/syscall.h" -#include "sandbox/linux/seccomp-bpf/syscall_iterator.h" #include "sandbox/linux/seccomp-bpf/trap.h" #include "sandbox/linux/seccomp-bpf/verifier.h" #include "sandbox/linux/services/linux_syscalls.h" diff --git a/sandbox/linux/seccomp-bpf/verifier.cc b/sandbox/linux/seccomp-bpf/verifier.cc index 548df25a8c2f..68fca882eb8d 100644 --- a/sandbox/linux/seccomp-bpf/verifier.cc +++ b/sandbox/linux/seccomp-bpf/verifier.cc @@ -12,10 +12,10 @@ #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h" #include "sandbox/linux/bpf_dsl/policy.h" #include "sandbox/linux/bpf_dsl/policy_compiler.h" +#include "sandbox/linux/bpf_dsl/syscall_set.h" #include "sandbox/linux/seccomp-bpf/errorcode.h" #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" -#include "sandbox/linux/seccomp-bpf/syscall_iterator.h" namespace sandbox { -- 2.11.4.GIT