#include "base/logging.h"
#include "base/memory/scoped_ptr.h"
#include "build/build_config.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/linux/bpf_dsl/policy.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/services/linux_syscalls.h"
#include "sandbox/linux/tests/unit_tests.h"
#include "testing/gtest/include/gtest/gtest.h"
+using sandbox::bpf_dsl::Allow;
+using sandbox::bpf_dsl::Error;
+using sandbox::bpf_dsl::ResultExpr;
+
namespace sandbox {
namespace {
DISALLOW_COPY_AND_ASSIGN(FourtyTwo);
};
-class EmptyClassTakingPolicy : public SandboxBPFPolicy {
+class EmptyClassTakingPolicy : public bpf_dsl::Policy {
public:
explicit EmptyClassTakingPolicy(FourtyTwo* fourty_two) {
BPF_ASSERT(fourty_two);
}
virtual ~EmptyClassTakingPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE {
+ virtual ResultExpr EvaluateSyscall(int sysno) const override {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
};
}
}
-class EnosysPtracePolicy : public SandboxBPFPolicy {
+class EnosysPtracePolicy : public bpf_dsl::Policy {
public:
EnosysPtracePolicy() {
my_pid_ = syscall(__NR_getpid);
BPF_ASSERT_EQ(my_pid_, syscall(__NR_getpid));
}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
- int system_call_number) const OVERRIDE {
- if (!SandboxBPF::IsValidSyscallNumber(system_call_number)) {
- return ErrorCode(ENOSYS);
- } else if (system_call_number == __NR_ptrace) {
+ virtual ResultExpr EvaluateSyscall(int system_call_number) const override {
+ CHECK(SandboxBPF::IsValidSyscallNumber(system_call_number));
+ if (system_call_number == __NR_ptrace) {
// The EvaluateSyscall function should run in the process that created
// the current object.
BPF_ASSERT_EQ(my_pid_, syscall(__NR_getpid));
- return ErrorCode(ENOSYS);
+ return Error(ENOSYS);
} else {
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
}
BasicBPFTesterDelegate() {}
virtual ~BasicBPFTesterDelegate() {}
- virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() OVERRIDE {
- return scoped_ptr<SandboxBPFPolicy>(new EnosysPtracePolicy());
+ virtual scoped_ptr<bpf_dsl::Policy> GetSandboxBPFPolicy() override {
+ return scoped_ptr<bpf_dsl::Policy>(new EnosysPtracePolicy());
}
- virtual void RunTestFunction() OVERRIDE {
+ virtual void RunTestFunction() override {
errno = 0;
int ret = ptrace(PTRACE_TRACEME, -1, NULL, NULL);
BPF_ASSERT(-1 == ret);