1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ 6 #define SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ 7 8 #include <stdint.h> 9 10 #include <iterator> 11 12 #include "base/macros.h" 13 #include "sandbox/sandbox_export.h" 14 15 namespace sandbox { 16 17 // Iterates over the entire system call range from 0..0xFFFFFFFFu. This 18 // iterator is aware of how system calls look like and will skip quickly 19 // over ranges that can't contain system calls. It iterates more slowly 20 // whenever it reaches a range that is potentially problematic, returning 21 // the last invalid value before a valid range of system calls, and the 22 // first invalid value after a valid range of syscalls. It iterates over 23 // individual values whenever it is in the normal range for system calls 24 // (typically MIN_SYSCALL..MAX_SYSCALL). 25 // 26 // Example usage: 27 // for (uint32_t sysnum : SyscallSet::All()) { 28 // // Do something with sysnum. 29 // } 30 class SANDBOX_EXPORT SyscallSet { 31 public: 32 class Iterator; 33 34 SyscallSet(const SyscallSet& ss) : set_(ss.set_) {} 35 ~SyscallSet() {} 36 37 Iterator begin() const; 38 Iterator end() const; 39 40 // All returns a SyscallSet that contains both valid and invalid 41 // system call numbers. 42 static SyscallSet All() { return SyscallSet(Set::ALL); } 43 44 // ValidOnly returns a SyscallSet that contains only valid system 45 // call numbers. 46 static SyscallSet ValidOnly() { return SyscallSet(Set::VALID_ONLY); } 47 48 // InvalidOnly returns a SyscallSet that contains only invalid 49 // system call numbers, but still omits numbers in the middle of a 50 // range of invalid system call numbers. 51 static SyscallSet InvalidOnly() { return SyscallSet(Set::INVALID_ONLY); } 52 53 // IsValid returns whether |num| specifies a valid system call 54 // number. 55 static bool IsValid(uint32_t num); 56 57 private: 58 enum class Set { ALL, VALID_ONLY, INVALID_ONLY }; 59 60 explicit SyscallSet(Set set) : set_(set) {} 61 62 Set set_; 63 64 friend bool operator==(const SyscallSet&, const SyscallSet&); 65 DISALLOW_ASSIGN(SyscallSet); 66 }; 67 68 SANDBOX_EXPORT bool operator==(const SyscallSet& lhs, const SyscallSet& rhs); 69 70 // Iterator provides C++ input iterator semantics for traversing a 71 // SyscallSet. 72 class SyscallSet::Iterator 73 : public std::iterator<std::input_iterator_tag, uint32_t> { 74 public: 75 Iterator(const Iterator& it) 76 : set_(it.set_), done_(it.done_), num_(it.num_) {} 77 ~Iterator() {} 78 79 uint32_t operator*() const; 80 Iterator& operator++(); 81 82 private: 83 Iterator(Set set, bool done); 84 85 uint32_t NextSyscall() const; 86 87 Set set_; 88 bool done_; 89 uint32_t num_; 90 91 friend SyscallSet; 92 friend bool operator==(const Iterator&, const Iterator&); 93 DISALLOW_ASSIGN(Iterator); 94 }; 95 96 SANDBOX_EXPORT bool operator==(const SyscallSet::Iterator& lhs, 97 const SyscallSet::Iterator& rhs); 98 SANDBOX_EXPORT bool operator!=(const SyscallSet::Iterator& lhs, 99 const SyscallSet::Iterator& rhs); 100 101 } // namespace sandbox 102 103 #endif // SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ 104