seccomp-bpf: Remove legacy SandboxBPFPolicy class

We now exclusively use SandboxBPFDSLPolicy throughout.

BUG=414363

Review URL: https://codereview.chromium.org/642453005

Cr-Commit-Position: refs/heads/master@{#299530}

11 files changed, 37 insertions, 89 deletions

diff --git a/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h b/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h
index e4ba22f..edaa4bf 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h
+++ b/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h
@@ -27,12 +27,13 @@ class BPFTesterCompatibilityDelegate : public BPFTesterDelegate {
 
   virtual ~BPFTesterCompatibilityDelegate() {}
 
-  virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() override {
+  virtual scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> GetSandboxBPFPolicy()
+      override {
     // The current method is guaranteed to only run in the child process
     // running the test. In this process, the current object is guaranteed
     // to live forever. So it's ok to pass aux_pointer_for_policy_ to
     // the policy, which could in turn pass it to the kernel via Trap().
-    return scoped_ptr<SandboxBPFPolicy>(new Policy(&aux_));
+    return scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy>(new Policy(&aux_));
   }
 
   virtual void RunTestFunction() override {
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests.h b/sandbox/linux/seccomp-bpf/bpf_tests.h
index c8166cc..879eb21 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests.h
+++ b/sandbox/linux/seccomp-bpf/bpf_tests.h
@@ -19,7 +19,7 @@ namespace sandbox {
 // to not support seccomp-bpf in their kernels.
 // This is the preferred format for new BPF tests. |bpf_policy_class_name| is a
 // class name  (which will be default-constructed) that implements the
-// SandboxBPFPolicy interface.
+// SandboxBPFDSLPolicy interface.
 // The test function's body can simply follow. Test functions should use
 // the BPF_ASSERT macros defined below, not GTEST's macros. The use of
 // CHECK* macros is supported but less robust.
@@ -67,7 +67,7 @@ namespace sandbox {
 
 // This form of BPF_TEST is now discouraged (but still allowed) in favor of
 // BPF_TEST_D and BPF_TEST_C.
-// The |policy| parameter should be a SandboxBPFPolicy subclass.
+// The |policy| parameter should be a SandboxBPFDSLPolicy subclass.
 // BPF_TEST() takes a C++ data type as an fourth parameter. A variable
 // of this type will be allocated and a pointer to it will be
 // available within the test function as "BPF_AUX". The pointer will
@@ -104,8 +104,9 @@ class BPFTesterSimpleDelegate : public BPFTesterDelegate {
       : test_function_(test_function) {}
   virtual ~BPFTesterSimpleDelegate() {}
 
-  virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() override {
-    return scoped_ptr<SandboxBPFPolicy>(new PolicyClass());
+  virtual scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> GetSandboxBPFPolicy()
+      override {
+    return scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy>(new PolicyClass());
   }
   virtual void RunTestFunction() override {
     DCHECK(test_function_);
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
index a6dab12..24b82fa 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
@@ -113,8 +113,9 @@ class BasicBPFTesterDelegate : public BPFTesterDelegate {
   BasicBPFTesterDelegate() {}
   virtual ~BasicBPFTesterDelegate() {}
 
-  virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() override {
-    return scoped_ptr<SandboxBPFPolicy>(new EnosysPtracePolicy());
+  virtual scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> GetSandboxBPFPolicy()
+      override {
+    return scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy>(new EnosysPtracePolicy());
   }
   virtual void RunTestFunction() override {
     errno = 0;
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
index bad507c..58b6390 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
@@ -36,7 +36,6 @@
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 #include "sandbox/linux/seccomp-bpf/instruction.h"
 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/seccomp-bpf/syscall.h"
 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
 #include "sandbox/linux/seccomp-bpf/trap.h"
@@ -222,8 +221,9 @@ bool SandboxBPF::IsValidSyscallNumber(int sysnum) {
   return SyscallIterator::IsValid(sysnum);
 }
 
-bool SandboxBPF::RunFunctionInPolicy(void (*code_in_sandbox)(),
-                                     scoped_ptr<SandboxBPFPolicy> policy) {
+bool SandboxBPF::RunFunctionInPolicy(
+    void (*code_in_sandbox)(),
+    scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> policy) {
   // Block all signals before forking a child process. This prevents an
   // attacker from manipulating our test by sending us an unexpected signal.
   sigset_t old_mask, new_mask;
@@ -342,11 +342,12 @@ bool SandboxBPF::RunFunctionInPolicy(void (*code_in_sandbox)(),
 }
 
 bool SandboxBPF::KernelSupportSeccompBPF() {
-  return RunFunctionInPolicy(ProbeProcess,
-                             scoped_ptr<SandboxBPFPolicy>(new ProbePolicy())) &&
+  return RunFunctionInPolicy(
+             ProbeProcess,
+             scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy>(new ProbePolicy())) &&
          RunFunctionInPolicy(
              TryVsyscallProcess,
-             scoped_ptr<SandboxBPFPolicy>(new AllowAllPolicy()));
+             scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy>(new AllowAllPolicy()));
 }
 
 // static
@@ -489,7 +490,7 @@ bool SandboxBPF::StartSandbox(SandboxThreadState thread_state) {
   return true;
 }
 
-void SandboxBPF::PolicySanityChecks(SandboxBPFPolicy* policy) {
+void SandboxBPF::PolicySanityChecks(bpf_dsl::SandboxBPFDSLPolicy* policy) {
   if (!IsDenied(policy->InvalidSyscall(this))) {
     SANDBOX_DIE("Policies should deny invalid system calls.");
   }
@@ -497,7 +498,7 @@ void SandboxBPF::PolicySanityChecks(SandboxBPFPolicy* policy) {
 }
 
 // Don't take a scoped_ptr here, polymorphism make their use awkward.
-void SandboxBPF::SetSandboxPolicy(SandboxBPFPolicy* policy) {
+void SandboxBPF::SetSandboxPolicy(bpf_dsl::SandboxBPFDSLPolicy* policy) {
   DCHECK(!policy_);
   if (sandbox_has_started_ || !conds_) {
     SANDBOX_DIE("Cannot change policy after sandbox has started");
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index 0ba5984..2bffad6 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -20,8 +20,10 @@
 struct sock_filter;
 
 namespace sandbox {
+namespace bpf_dsl {
+class SandboxBPFDSLPolicy;
+}
 class CodeGen;
-class SandboxBPFPolicy;
 class SandboxUnittestHelper;
 struct Instruction;
 
@@ -89,7 +91,7 @@ class SANDBOX_EXPORT SandboxBPF {
 
   // Set the BPF policy as |policy|. Ownership of |policy| is transfered here
   // to the sandbox object.
-  void SetSandboxPolicy(SandboxBPFPolicy* policy);
+  void SetSandboxPolicy(bpf_dsl::SandboxBPFDSLPolicy* policy);
 
   // Error returns an ErrorCode to indicate the system call should fail with
   // the specified error number.
@@ -216,7 +218,7 @@ class SANDBOX_EXPORT SandboxBPF {
   // policy. The caller has to make sure that "this" has not yet been
   // initialized with any other policies.
   bool RunFunctionInPolicy(void (*code_in_sandbox)(),
-                           scoped_ptr<SandboxBPFPolicy> policy);
+                           scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> policy);
 
   // Performs a couple of sanity checks to verify that the kernel supports the
   // features that we need for successful sandboxing.
@@ -225,7 +227,7 @@ class SANDBOX_EXPORT SandboxBPF {
   bool KernelSupportSeccompBPF();
 
   // Verify that the current policy passes some basic sanity checks.
-  void PolicySanityChecks(SandboxBPFPolicy* policy);
+  void PolicySanityChecks(bpf_dsl::SandboxBPFDSLPolicy* policy);
 
   // Assembles and installs a filter based on the policy that has previously
   // been configured with SetSandboxPolicy().
@@ -298,7 +300,7 @@ class SANDBOX_EXPORT SandboxBPF {
 
   bool quiet_;
   int proc_fd_;
-  scoped_ptr<const SandboxBPFPolicy> policy_;
+  scoped_ptr<const bpf_dsl::SandboxBPFDSLPolicy> policy_;
   Conds* conds_;
   bool sandbox_has_started_;
   bool has_unsafe_traps_;
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc
deleted file mode 100644
index 962c803..0000000
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
-
-#include <errno.h>
-
-#include "sandbox/linux/seccomp-bpf/errorcode.h"
-
-namespace sandbox {
-
-ErrorCode SandboxBPFPolicy::InvalidSyscall(SandboxBPF* sandbox_compiler) const {
-  return ErrorCode(ENOSYS);
-}
-
-}  // namespace sandbox
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
deleted file mode 100644
index 8f84a03..0000000
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
+++ /dev/null
@@ -1,44 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
-#define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
-
-#include "base/macros.h"
-#include "sandbox/sandbox_export.h"
-
-namespace sandbox {
-
-class ErrorCode;
-class SandboxBPF;
-
-// This is the interface to implement to define a BPF sandbox policy.
-class SANDBOX_EXPORT SandboxBPFPolicy {
- public:
-  SandboxBPFPolicy() {}
-  virtual ~SandboxBPFPolicy() {}
-
-  // The EvaluateSyscall method is called with the system call number. It can
-  // decide to allow the system call unconditionally by returning ERR_ALLOWED;
-  // it can deny the system call unconditionally by returning an appropriate
-  // "errno" value; or it can request inspection of system call argument(s) by
-  // returning a suitable ErrorCode.
-  // Will only be called for valid system call numbers.
-  virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
-                                    int system_call_number) const = 0;
-
-  // The InvalidSyscall method specifies the behavior used for invalid
-  // system calls.  The default implementation is to return ENOSYS.
-  virtual ErrorCode InvalidSyscall(SandboxBPF* sandbox_compiler) const;
-
-  // HasUnsafeTraps returns true if the policy includes any unsafe traps.
-  virtual bool HasUnsafeTraps() const = 0;
-
- private:
-  DISALLOW_COPY_AND_ASSIGN(SandboxBPFPolicy);
-};
-
-}  // namespace sandbox
-
-#endif  // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
index b964cbc..11d3c0d 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
@@ -9,6 +9,7 @@
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/tests/unit_tests.h"
@@ -27,7 +28,7 @@ void SandboxBPFTestRunner::Run() {
   DCHECK(bpf_tester_delegate_);
   sandbox::Die::EnableSimpleExit();
 
-  scoped_ptr<SandboxBPFPolicy> policy =
+  scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> policy =
       bpf_tester_delegate_->GetSandboxBPFPolicy();
 
   if (sandbox::SandboxBPF::SupportsSeccompSandbox(-1) ==
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
index 8c12c7f..626ac4e 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
@@ -7,7 +7,7 @@
 
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/tests/sandbox_test_runner.h"
 
 namespace sandbox {
@@ -24,7 +24,7 @@ class BPFTesterDelegate {
   // This will instanciate a policy suitable for the test we want to run. It is
   // guaranteed to only be called from the child process that will run the
   // test.
-  virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() = 0;
+  virtual scoped_ptr<bpf_dsl::SandboxBPFDSLPolicy> GetSandboxBPFPolicy() = 0;
   // This will be called from a child process with the BPF sandbox turned on.
   virtual void RunTestFunction() = 0;
 
diff --git a/sandbox/linux/seccomp-bpf/verifier.cc b/sandbox/linux/seccomp-bpf/verifier.cc
index e411bd9..6bd0754 100644
--- a/sandbox/linux/seccomp-bpf/verifier.cc
+++ b/sandbox/linux/seccomp-bpf/verifier.cc
@@ -8,9 +8,9 @@
 
 #include <limits>
 
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
 
 namespace sandbox {
@@ -312,7 +312,7 @@ void Alu(State* state, const struct sock_filter& insn, const char** err) {
 
 bool Verifier::VerifyBPF(SandboxBPF* sandbox,
                          const std::vector<struct sock_filter>& program,
-                         const SandboxBPFPolicy& policy,
+                         const bpf_dsl::SandboxBPFDSLPolicy& policy,
                          const char** err) {
   *err = NULL;
   for (SyscallIterator iter(false); !iter.Done();) {
diff --git a/sandbox/linux/seccomp-bpf/verifier.h b/sandbox/linux/seccomp-bpf/verifier.h
index 25a53ce..8ec9c55 100644
--- a/sandbox/linux/seccomp-bpf/verifier.h
+++ b/sandbox/linux/seccomp-bpf/verifier.h
@@ -14,9 +14,11 @@
 struct sock_filter;
 
 namespace sandbox {
+namespace bpf_dsl {
+class SandboxBPFDSLPolicy;
+}
 struct arch_seccomp_data;
 class SandboxBPF;
-class SandboxBPFPolicy;
 
 class Verifier {
  public:
@@ -29,7 +31,7 @@ class Verifier {
   // error message that does not need to be free()'d.
   static bool VerifyBPF(SandboxBPF* sandbox,
                         const std::vector<struct sock_filter>& program,
-                        const SandboxBPFPolicy& policy,
+                        const bpf_dsl::SandboxBPFDSLPolicy& policy,
                         const char** err);
 
   // Evaluate a given BPF program for a particular set of system call