1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/linux/seccomp-bpf/die.h" 6 #include "sandbox/linux/seccomp-bpf/errorcode.h" 7 8 namespace sandbox { 9 10 ErrorCode::ErrorCode(int err) { 11 switch (err) { 12 case ERR_ALLOWED: 13 err_ = SECCOMP_RET_ALLOW; 14 error_type_ = ET_SIMPLE; 15 break; 16 case ERR_MIN_ERRNO... ERR_MAX_ERRNO: 17 err_ = SECCOMP_RET_ERRNO + err; 18 error_type_ = ET_SIMPLE; 19 break; 20 default: 21 if ((err & ~SECCOMP_RET_DATA) == ERR_TRACE) { 22 err_ = SECCOMP_RET_TRACE + (err & SECCOMP_RET_DATA); 23 error_type_ = ET_SIMPLE; 24 break; 25 } 26 SANDBOX_DIE("Invalid use of ErrorCode object"); 27 } 28 } 29 30 ErrorCode::ErrorCode(Trap::TrapFnc fnc, const void* aux, bool safe, uint16_t id) 31 : error_type_(ET_TRAP), 32 fnc_(fnc), 33 aux_(const_cast<void*>(aux)), 34 safe_(safe), 35 err_(SECCOMP_RET_TRAP + id) {} 36 37 ErrorCode::ErrorCode(int argno, 38 ArgType width, 39 Operation op, 40 uint64_t value, 41 const ErrorCode* passed, 42 const ErrorCode* failed) 43 : error_type_(ET_COND), 44 value_(value), 45 argno_(argno), 46 width_(width), 47 op_(op), 48 passed_(passed), 49 failed_(failed), 50 err_(SECCOMP_RET_INVALID) { 51 if (op < 0 || op >= OP_NUM_OPS) { 52 SANDBOX_DIE("Invalid opcode in BPF sandbox rules"); 53 } 54 } 55 56 bool ErrorCode::Equals(const ErrorCode& err) const { 57 if (error_type_ == ET_INVALID || err.error_type_ == ET_INVALID) { 58 SANDBOX_DIE("Dereferencing invalid ErrorCode"); 59 } 60 if (error_type_ != err.error_type_) { 61 return false; 62 } 63 if (error_type_ == ET_SIMPLE || error_type_ == ET_TRAP) { 64 return err_ == err.err_; 65 } else if (error_type_ == ET_COND) { 66 return value_ == err.value_ && argno_ == err.argno_ && 67 width_ == err.width_ && op_ == err.op_ && 68 passed_->Equals(*err.passed_) && failed_->Equals(*err.failed_); 69 } else { 70 SANDBOX_DIE("Corrupted ErrorCode"); 71 } 72 } 73 74 bool ErrorCode::LessThan(const ErrorCode& err) const { 75 // Implementing a "LessThan()" operator allows us to use ErrorCode objects 76 // as keys in STL containers; most notably, it also allows us to put them 77 // into std::set<>. Actual ordering is not important as long as it is 78 // deterministic. 79 if (error_type_ == ET_INVALID || err.error_type_ == ET_INVALID) { 80 SANDBOX_DIE("Dereferencing invalid ErrorCode"); 81 } 82 if (error_type_ != err.error_type_) { 83 return error_type_ < err.error_type_; 84 } else { 85 if (error_type_ == ET_SIMPLE || error_type_ == ET_TRAP) { 86 return err_ < err.err_; 87 } else if (error_type_ == ET_COND) { 88 if (value_ != err.value_) { 89 return value_ < err.value_; 90 } else if (argno_ != err.argno_) { 91 return argno_ < err.argno_; 92 } else if (width_ != err.width_) { 93 return width_ < err.width_; 94 } else if (op_ != err.op_) { 95 return op_ < err.op_; 96 } else if (!passed_->Equals(*err.passed_)) { 97 return passed_->LessThan(*err.passed_); 98 } else if (!failed_->Equals(*err.failed_)) { 99 return failed_->LessThan(*err.failed_); 100 } else { 101 return false; 102 } 103 } else { 104 SANDBOX_DIE("Corrupted ErrorCode"); 105 } 106 } 107 } 108 109 } // namespace sandbox 110