diff options
| author | mdempsky <mdempsky@chromium.org> | 2015-12-14 22:20:56 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-12-15 06:22:32 +0000 |
| commit | b83a9e84510eecb0eea80997b57a835262e1f788 (patch) | |
| tree | 45b83028b18ff32ebd54543e1318f5ccda67f26b /components/nacl/loader | |
| parent | 472398196d9109be16d13f3af4e8c423ce45d2e3 (diff) | |
| download | chromium_src-b83a9e84510eecb0eea80997b57a835262e1f788.zip chromium_src-b83a9e84510eecb0eea80997b57a835262e1f788.tar.gz chromium_src-b83a9e84510eecb0eea80997b57a835262e1f788.tar.bz2 | |
bpf_dsl: remove operator{!,&&,||} overloads
These were never really style-guide kosher, overloading the binary
operators is discouraged in More Effective C++ Item 7 ("Never overload
&&, ||, or ,."), and after reviewing existing bpf_dsl policies it
turns out they don't significantly improve readability.
This commit provides replacement "Not", "AllOf", and "AnyOf" functions,
and generalizes AllOf and AnyOf to accept any number of BoolExpr arguments,
rather than just 2.
Review URL: https://codereview.chromium.org/1526733002
Cr-Commit-Position: refs/heads/master@{#365179}
Diffstat (limited to 'components/nacl/loader')
| -rw-r--r-- | components/nacl/loader/nonsfi/nonsfi_sandbox.cc | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc index cf88074..d16db14 100644 --- a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc +++ b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc @@ -75,9 +75,10 @@ ResultExpr RestrictFcntlCommands() { // the return value of F_GETFL, so we need to allow O_ACCMODE in // addition to O_NONBLOCK. const uint64_t kAllowedMask = O_ACCMODE | O_NONBLOCK; - return If((cmd == F_SETFD && long_arg == FD_CLOEXEC) || cmd == F_GETFL || - (cmd == F_SETFL && (long_arg & ~kAllowedMask) == 0), - Allow()).Else(CrashSIGSYS()); + return If(AnyOf(AllOf(cmd == F_SETFD, long_arg == FD_CLOEXEC), cmd == F_GETFL, + AllOf(cmd == F_SETFL, (long_arg & ~kAllowedMask) == 0)), + Allow()) + .Else(CrashSIGSYS()); } ResultExpr RestrictClone() { @@ -116,9 +117,9 @@ ResultExpr RestrictPrctl() { ResultExpr RestrictSocketcall() { // We only allow shutdown(), sendmsg(), and recvmsg(). const Arg<int> call(0); - return If( - call == SYS_SHUTDOWN || call == SYS_SENDMSG || call == SYS_RECVMSG, - Allow()).Else(CrashSIGSYS()); + return Switch(call) + .CASES((SYS_SHUTDOWN, SYS_SENDMSG, SYS_RECVMSG), Allow()) + .Default(CrashSIGSYS()); } #endif @@ -138,20 +139,24 @@ ResultExpr RestrictMmap() { // so we do not need to allow PROT_EXEC in mmap. const uint64_t kAllowedProtMask = PROT_READ | PROT_WRITE; const Arg<int> prot(2), flags(3); - return If((prot & ~kAllowedProtMask) == 0 && (flags & ~kAllowedFlagMask) == 0, - Allow()).Else(CrashSIGSYS()); + return If(AllOf((prot & ~kAllowedProtMask) == 0, + (flags & ~kAllowedFlagMask) == 0), + Allow()) + .Else(CrashSIGSYS()); } ResultExpr RestrictTgkill(int policy_pid) { const Arg<int> tgid(0), tid(1), signum(2); // Only sending SIGUSR1 to a thread in the same process is allowed. - return If(tgid == policy_pid && - // Arg does not support a greater-than operator, so two separate - // checks are needed to ensure tid is positive. - tid != 0 && - (tid & (1u << 31)) == 0 && // tid is non-negative. - signum == LINUX_SIGUSR1, - Allow()).Else(CrashSIGSYS()); + return If(AllOf( + tgid == policy_pid, + // Arg does not support a greater-than operator, so two separate + // checks are needed to ensure tid is positive. + tid != 0, + (tid & (1u << 31)) == 0, // tid is non-negative. + signum == LINUX_SIGUSR1), + Allow()) + .Else(CrashSIGSYS()); } bool IsGracefullyDenied(int sysno) { |