Home | History | Annotate | Download | only in bpf_dsl
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__
      6 #define SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__
      7 
      8 #include <stdint.h>
      9 
     10 #include <iterator>
     11 
     12 #include "base/macros.h"
     13 #include "sandbox/sandbox_export.h"
     14 
     15 namespace sandbox {
     16 
     17 // Iterates over the entire system call range from 0..0xFFFFFFFFu. This
     18 // iterator is aware of how system calls look like and will skip quickly
     19 // over ranges that can't contain system calls. It iterates more slowly
     20 // whenever it reaches a range that is potentially problematic, returning
     21 // the last invalid value before a valid range of system calls, and the
     22 // first invalid value after a valid range of syscalls. It iterates over
     23 // individual values whenever it is in the normal range for system calls
     24 // (typically MIN_SYSCALL..MAX_SYSCALL).
     25 //
     26 // Example usage:
     27 //   for (uint32_t sysnum : SyscallSet::All()) {
     28 //     // Do something with sysnum.
     29 //   }
     30 class SANDBOX_EXPORT SyscallSet {
     31  public:
     32   class Iterator;
     33 
     34   SyscallSet(const SyscallSet& ss) : set_(ss.set_) {}
     35   ~SyscallSet() {}
     36 
     37   Iterator begin() const;
     38   Iterator end() const;
     39 
     40   // All returns a SyscallSet that contains both valid and invalid
     41   // system call numbers.
     42   static SyscallSet All() { return SyscallSet(Set::ALL); }
     43 
     44   // ValidOnly returns a SyscallSet that contains only valid system
     45   // call numbers.
     46   static SyscallSet ValidOnly() { return SyscallSet(Set::VALID_ONLY); }
     47 
     48   // InvalidOnly returns a SyscallSet that contains only invalid
     49   // system call numbers, but still omits numbers in the middle of a
     50   // range of invalid system call numbers.
     51   static SyscallSet InvalidOnly() { return SyscallSet(Set::INVALID_ONLY); }
     52 
     53   // IsValid returns whether |num| specifies a valid system call
     54   // number.
     55   static bool IsValid(uint32_t num);
     56 
     57  private:
     58   enum class Set { ALL, VALID_ONLY, INVALID_ONLY };
     59 
     60   explicit SyscallSet(Set set) : set_(set) {}
     61 
     62   Set set_;
     63 
     64   friend bool operator==(const SyscallSet&, const SyscallSet&);
     65   DISALLOW_ASSIGN(SyscallSet);
     66 };
     67 
     68 SANDBOX_EXPORT bool operator==(const SyscallSet& lhs, const SyscallSet& rhs);
     69 
     70 // Iterator provides C++ input iterator semantics for traversing a
     71 // SyscallSet.
     72 class SyscallSet::Iterator
     73     : public std::iterator<std::input_iterator_tag, uint32_t> {
     74  public:
     75   Iterator(const Iterator& it)
     76       : set_(it.set_), done_(it.done_), num_(it.num_) {}
     77   ~Iterator() {}
     78 
     79   uint32_t operator*() const;
     80   Iterator& operator++();
     81 
     82  private:
     83   Iterator(Set set, bool done);
     84 
     85   uint32_t NextSyscall() const;
     86 
     87   Set set_;
     88   bool done_;
     89   uint32_t num_;
     90 
     91   friend SyscallSet;
     92   friend bool operator==(const Iterator&, const Iterator&);
     93   DISALLOW_ASSIGN(Iterator);
     94 };
     95 
     96 SANDBOX_EXPORT bool operator==(const SyscallSet::Iterator& lhs,
     97                                const SyscallSet::Iterator& rhs);
     98 SANDBOX_EXPORT bool operator!=(const SyscallSet::Iterator& lhs,
     99                                const SyscallSet::Iterator& rhs);
    100 
    101 }  // namespace sandbox
    102 
    103 #endif  // SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__
    104