policy_compiler.cc | Explore in Territory

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include "sandbox/linux/bpf_dsl/policy_compiler.h"

#include <errno.h>
#include <stddef.h>
#include <stdint.h>
#include <sys/syscall.h>

#include <bit>
#include <limits>
#include <ostream>

#include "base/check_op.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
#include "sandbox/linux/bpf_dsl/codegen.h"
#include "sandbox/linux/bpf_dsl/policy.h"
#include "sandbox/linux/bpf_dsl/seccomp_macros.h"
#include "sandbox/linux/bpf_dsl/syscall_set.h"
#include "sandbox/linux/system_headers/linux_filter.h"
#include "sandbox/linux/system_headers/linux_seccomp.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"

namespace sandbox {
namespace bpf_dsl {

namespace {

#if defined(__i386__) || defined(__x86_64__)
const bool kIsIntel = …;
#else
const bool kIsIntel = false;
#endif
#if defined(__x86_64__) && defined(__ILP32__)
const bool kIsX32 = true;
#else
const bool kIsX32 = …;
#endif

const int kSyscallsRequiredForUnsafeTraps[] = …;

ResultExpr DefaultPanic(const char* error) { … }

// A Trap() handler that returns an "errno" value. The value is encoded
// in the "aux" parameter.
intptr_t ReturnErrno(const struct arch_seccomp_data&, void* aux) { … }

bool HasUnsafeTraps(const Policy* policy) { … }

}  // namespace

struct PolicyCompiler::Range { … };

PolicyCompiler::PolicyCompiler(const Policy* policy, TrapRegistry* registry)
    : … { … }

PolicyCompiler::~PolicyCompiler() { … }

CodeGen::Program PolicyCompiler::Compile() { … }

void PolicyCompiler::DangerousSetEscapePC(uint64_t escapepc) { … }

void PolicyCompiler::SetPanicFunc(PanicFunc panic_func) { … }

CodeGen::Node PolicyCompiler::AssemblePolicy() { … }

CodeGen::Node PolicyCompiler::CheckArch(CodeGen::Node passed) { … }

CodeGen::Node PolicyCompiler::MaybeAddEscapeHatch(CodeGen::Node rest) { … }

CodeGen::Node PolicyCompiler::DispatchSyscall() { … }

CodeGen::Node PolicyCompiler::CheckSyscallNumber(CodeGen::Node passed) { … }

void PolicyCompiler::FindRanges(Ranges* ranges) { … }

CodeGen::Node PolicyCompiler::AssembleJumpTable(Ranges::const_iterator start,
                                                Ranges::const_iterator stop) { … }

CodeGen::Node PolicyCompiler::CompileResult(const ResultExpr& res) { … }

CodeGen::Node PolicyCompiler::MaskedEqual(int argno,
                                          size_t width,
                                          uint64_t mask,
                                          uint64_t value,
                                          CodeGen::Node passed,
                                          CodeGen::Node failed) { … }

CodeGen::Node PolicyCompiler::MaskedEqualHalf(int argno,
                                              size_t width,
                                              uint64_t full_mask,
                                              uint64_t full_value,
                                              ArgHalf half,
                                              CodeGen::Node passed,
                                              CodeGen::Node failed) { … }

CodeGen::Node PolicyCompiler::Unexpected64bitArgument() { … }

CodeGen::Node PolicyCompiler::Return(uint32_t ret) { … }

CodeGen::Node PolicyCompiler::Trap(const TrapRegistry::Handler& handler) { … }

bool PolicyCompiler::IsRequiredForUnsafeTrap(int sysno) { … }

}  // namespace bpf_dsl
}  // namespace sandbox
chromium/sandbox/linux/bpf_dsl/policy_compiler.cc
