1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
6 #define SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
12 #include "base/macros.h"
13 #include "sandbox/sandbox_export.h"
17 // TODO(mdempsky): Rename this header to syscall_set.h.
19 // Iterates over the entire system call range from 0..0xFFFFFFFFu. This
20 // iterator is aware of how system calls look like and will skip quickly
21 // over ranges that can't contain system calls. It iterates more slowly
22 // whenever it reaches a range that is potentially problematic, returning
23 // the last invalid value before a valid range of system calls, and the
24 // first invalid value after a valid range of syscalls. It iterates over
25 // individual values whenever it is in the normal range for system calls
26 // (typically MIN_SYSCALL..MAX_SYSCALL).
29 // for (uint32_t sysnum : SyscallSet::All()) {
30 // // Do something with sysnum.
32 class SANDBOX_EXPORT SyscallSet {
36 SyscallSet(const SyscallSet& ss) : set_(ss.set_) {}
39 Iterator begin() const;
42 // All returns a SyscallSet that contains both valid and invalid
43 // system call numbers.
44 static SyscallSet All() { return SyscallSet(Set::ALL); }
46 // ValidOnly returns a SyscallSet that contains only valid system
48 static SyscallSet ValidOnly() { return SyscallSet(Set::VALID_ONLY); }
50 // InvalidOnly returns a SyscallSet that contains only invalid
51 // system call numbers, but still omits numbers in the middle of a
52 // range of invalid system call numbers.
53 static SyscallSet InvalidOnly() { return SyscallSet(Set::INVALID_ONLY); }
55 // IsValid returns whether |num| specifies a valid system call
57 static bool IsValid(uint32_t num);
60 enum class Set { ALL, VALID_ONLY, INVALID_ONLY };
62 explicit SyscallSet(Set set) : set_(set) {}
66 friend bool operator==(const SyscallSet&, const SyscallSet&);
67 DISALLOW_ASSIGN(SyscallSet);
70 SANDBOX_EXPORT bool operator==(const SyscallSet& lhs, const SyscallSet& rhs);
72 // Iterator provides C++ input iterator semantics for traversing a
74 class SyscallSet::Iterator
75 : public std::iterator<std::input_iterator_tag, uint32_t> {
77 Iterator(const Iterator& it)
78 : set_(it.set_), done_(it.done_), num_(it.num_) {}
81 uint32_t operator*() const;
82 Iterator& operator++();
85 Iterator(Set set, bool done);
87 uint32_t NextSyscall() const;
94 friend bool operator==(const Iterator&, const Iterator&);
95 DISALLOW_ASSIGN(Iterator);
98 SANDBOX_EXPORT bool operator==(const SyscallSet::Iterator& lhs,
99 const SyscallSet::Iterator& rhs);
100 SANDBOX_EXPORT bool operator!=(const SyscallSet::Iterator& lhs,
101 const SyscallSet::Iterator& rhs);
103 } // namespace sandbox
105 #endif // SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__