Introduce linux_filter.h and replace #include <linux/filter.h>

Some toolchain (especially PNaCl for Non-SFI build) does not provide the linux/filter.h system header. This CL defines all necessary structs and macros for sandbox, and replace linux/filter.h with the new header. This CL is preparation to enable seccomp-bpf sandbox on nacl_helper_nonsfi. TEST=Ran bots. BUG=358465 Review URL: https://codereview.chromium.org/1053603002 Cr-Commit-Position: refs/heads/master@{#324194}
author: hidehiko <hidehiko@chromium.org> 2015-04-08 00:09:41 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-04-08 07:10:24 +0000
commit: 168a20642b1ceb7fb49e78417671aaec26f5477a (patch)
tree: 9d7d50fca38acf9141bc2a721e199003afe183a4 /sandbox
parent: 6b1ae975b91bd2b65d35b92ccf76a91cb385972d (diff)
download: chromium_src-168a20642b1ceb7fb49e78417671aaec26f5477a.zip
chromium_src-168a20642b1ceb7fb49e78417671aaec26f5477a.tar.gz
chromium_src-168a20642b1ceb7fb49e78417671aaec26f5477a.tar.bz2
11 files changed, 164 insertions, 32 deletions
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
index dba421f..398ec59e 100644
--- a/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
+++ b/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
@@ -26,6 +26,7 @@
 #include "sandbox/linux/bpf_dsl/trap_registry.h"
 #include "sandbox/linux/bpf_dsl/verifier.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
+#include "sandbox/linux/system_headers/linux_filter.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 #define CASES SANDBOX_BPF_DSL_CASES
diff --git a/sandbox/linux/bpf_dsl/codegen.cc b/sandbox/linux/bpf_dsl/codegen.cc
index 793d95d..99b78ed 100644
--- a/sandbox/linux/bpf_dsl/codegen.cc
+++ b/sandbox/linux/bpf_dsl/codegen.cc
@@ -4,12 +4,11 @@
 
 #include "sandbox/linux/bpf_dsl/codegen.h"
 
-#include <linux/filter.h>
-
 #include <limits>
 #include <utility>
 
 #include "base/logging.h"
+#include "sandbox/linux/system_headers/linux_filter.h"
 
 // This CodeGen implementation strives for simplicity while still
 // generating acceptable BPF programs under typical usage patterns
diff --git a/sandbox/linux/bpf_dsl/codegen_unittest.cc b/sandbox/linux/bpf_dsl/codegen_unittest.cc
index 3abfc85..29b400a 100644
--- a/sandbox/linux/bpf_dsl/codegen_unittest.cc
+++ b/sandbox/linux/bpf_dsl/codegen_unittest.cc
@@ -4,8 +4,6 @@
 
 #include "sandbox/linux/bpf_dsl/codegen.h"
 
-#include <linux/filter.h>
-
 #include <map>
 #include <utility>
 #include <vector>
@@ -13,6 +11,7 @@
 #include "base/macros.h"
 #include "base/md5.h"
 #include "base/strings/string_piece.h"
+#include "sandbox/linux/system_headers/linux_filter.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace sandbox {
diff --git a/sandbox/linux/bpf_dsl/dump_bpf.cc b/sandbox/linux/bpf_dsl/dump_bpf.cc
index 82c9852..d0c8f75 100644
--- a/sandbox/linux/bpf_dsl/dump_bpf.cc
+++ b/sandbox/linux/bpf_dsl/dump_bpf.cc
@@ -8,6 +8,7 @@
 
 #include "sandbox/linux/bpf_dsl/codegen.h"
 #include "sandbox/linux/bpf_dsl/trap_registry.h"
+#include "sandbox/linux/system_headers/linux_filter.h"
 #include "sandbox/linux/system_headers/linux_seccomp.h"
 
 namespace sandbox {
@@ -79,19 +80,22 @@ void DumpBPF::PrintProgram(const CodeGen::Program& program) {
         }
         break;
       case BPF_ALU:
-        fprintf(stderr, BPF_OP(iter->code) == BPF_NEG
-            ? "A := -A\n" : "A := A %s 0x%x\n",
-            BPF_OP(iter->code) == BPF_ADD ? "+"  :
-            BPF_OP(iter->code) == BPF_SUB ? "-"  :
-            BPF_OP(iter->code) == BPF_MUL ? "*"  :
-            BPF_OP(iter->code) == BPF_DIV ? "/"  :
-            BPF_OP(iter->code) == BPF_MOD ? "%"  :
-            BPF_OP(iter->code) == BPF_OR  ? "|"  :
-            BPF_OP(iter->code) == BPF_XOR ? "^"  :
-            BPF_OP(iter->code) == BPF_AND ? "&"  :
-            BPF_OP(iter->code) == BPF_LSH ? "<<" :
-            BPF_OP(iter->code) == BPF_RSH ? ">>" : "???",
-            (int)iter->k);
+        if (BPF_OP(iter->code) == BPF_NEG) {
+          fprintf(stderr, "A := -A\n");
+        } else {
+          fprintf(stderr, "A := A %s 0x%x\n",
+                  BPF_OP(iter->code) == BPF_ADD ? "+"  :
+                  BPF_OP(iter->code) == BPF_SUB ? "-"  :
+                  BPF_OP(iter->code) == BPF_MUL ? "*"  :
+                  BPF_OP(iter->code) == BPF_DIV ? "/"  :
+                  BPF_OP(iter->code) == BPF_MOD ? "%"  :
+                  BPF_OP(iter->code) == BPF_OR  ? "|"  :
+                  BPF_OP(iter->code) == BPF_XOR ? "^"  :
+                  BPF_OP(iter->code) == BPF_AND ? "&"  :
+                  BPF_OP(iter->code) == BPF_LSH ? "<<" :
+                  BPF_OP(iter->code) == BPF_RSH ? ">>" : "???",
+                  (int)iter->k);
+        }
         break;
       default:
         fprintf(stderr, "???\n");
diff --git a/sandbox/linux/bpf_dsl/policy_compiler.cc b/sandbox/linux/bpf_dsl/policy_compiler.cc
index f508b30..d4d52801 100644
--- a/sandbox/linux/bpf_dsl/policy_compiler.cc
+++ b/sandbox/linux/bpf_dsl/policy_compiler.cc
@@ -5,7 +5,6 @@
 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
 
 #include <errno.h>
-#include <linux/filter.h>
 #include <sys/syscall.h>
 
 #include <limits>
@@ -21,6 +20,7 @@
 #include "sandbox/linux/bpf_dsl/syscall_set.h"
 #include "sandbox/linux/bpf_dsl/verifier.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
+#include "sandbox/linux/system_headers/linux_filter.h"
 #include "sandbox/linux/system_headers/linux_seccomp.h"
 
 namespace sandbox {
diff --git a/sandbox/linux/bpf_dsl/seccomp_macros.h b/sandbox/linux/bpf_dsl/seccomp_macros.h
index 7fd0e67..7f4866d 100644
--- a/sandbox/linux/bpf_dsl/seccomp_macros.h
+++ b/sandbox/linux/bpf_dsl/seccomp_macros.h
@@ -5,9 +5,6 @@
 #ifndef SANDBOX_LINUX_BPF_DSL_SECCOMP_MACROS_H_
 #define SANDBOX_LINUX_BPF_DSL_SECCOMP_MACROS_H_
 
-#include <asm/unistd.h>
-#include <linux/filter.h>
-
 #include <sys/cdefs.h>
 // Old Bionic versions do not have sys/user.h.  The if can be removed once we no
 // longer need to support these old Bionic versions.
diff --git a/sandbox/linux/bpf_dsl/verifier.cc b/sandbox/linux/bpf_dsl/verifier.cc
index adbc960..417c663 100644
--- a/sandbox/linux/bpf_dsl/verifier.cc
+++ b/sandbox/linux/bpf_dsl/verifier.cc
@@ -15,6 +15,7 @@
 #include "sandbox/linux/bpf_dsl/seccomp_macros.h"
 #include "sandbox/linux/bpf_dsl/syscall_set.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
+#include "sandbox/linux/system_headers/linux_filter.h"
 #include "sandbox/linux/system_headers/linux_seccomp.h"
 
 namespace sandbox {
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
index c96642e..af397df 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
@@ -11,7 +11,6 @@
 #endif
 
 #include <errno.h>
-#include <linux/filter.h>
 #include <sys/prctl.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -34,6 +33,7 @@
 #include "sandbox/linux/services/proc_util.h"
 #include "sandbox/linux/services/syscall_wrappers.h"
 #include "sandbox/linux/services/thread_helpers.h"
+#include "sandbox/linux/system_headers/linux_filter.h"
 #include "sandbox/linux/system_headers/linux_seccomp.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"
 
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
index cb051d2..321ea9a 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
@@ -5,13 +5,13 @@
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h"
 
 #include <fcntl.h>
-#include <linux/filter.h>
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "sandbox/linux/bpf_dsl/policy.h"
 #include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/system_headers/linux_filter.h"
 #include "sandbox/linux/tests/unit_tests.h"
 
 namespace sandbox {
diff --git a/sandbox/linux/system_headers/linux_filter.h b/sandbox/linux/system_headers/linux_filter.h
new file mode 100644
index 0000000..b23b6eb
--- /dev/null
+++ b/sandbox/linux/system_headers/linux_filter.h
@@ -0,0 +1,140 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_FILTER_H_
+#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_FILTER_H_
+
+#include <stdint.h>
+
+// The following structs and macros are taken from linux/filter.h,
+// as some toolchain does not expose them.
+struct sock_filter {
+  uint16_t code;
+  uint8_t jt;
+  uint8_t jf;
+  uint32_t k;
+};
+
+struct sock_fprog {
+  uint16_t len;
+  struct sock_filter *filter;
+};
+
+#ifndef BPF_CLASS
+#define BPF_CLASS(code) ((code) & 0x07)
+#endif
+
+#ifndef BPF_LD
+#define BPF_LD 0x00
+#endif
+
+#ifndef BPF_ALU
+#define BPF_ALU 0x04
+#endif
+
+#ifndef BPF_JMP
+#define BPF_JMP 0x05
+#endif
+
+#ifndef BPF_RET
+#define BPF_RET 0x06
+#endif
+
+#ifndef BPF_SIZE
+#define BPF_SIZE(code) ((code) & 0x18)
+#endif
+
+#ifndef BPF_W
+#define BPF_W 0x00
+#endif
+
+#ifndef BPF_MODE
+#define BPF_MODE(code) ((code) & 0xe0)
+#endif
+
+#ifndef BPF_ABS
+#define BPF_ABS 0x20
+#endif
+
+#ifndef BPF_OP
+#define BPF_OP(code) ((code) & 0xf0)
+#endif
+
+#ifndef BPF_ADD
+#define BPF_ADD 0x00
+#endif
+
+#ifndef BPF_SUB
+#define BPF_SUB 0x10
+#endif
+
+#ifndef BPF_MUL
+#define BPF_MUL 0x20
+#endif
+
+#ifndef BPF_DIV
+#define BPF_DIV 0x30
+#endif
+
+#ifndef BPF_OR
+#define BPF_OR 0x40
+#endif
+
+#ifndef BPF_AND
+#define BPF_AND 0x50
+#endif
+
+#ifndef BPF_LSH
+#define BPF_LSH 0x60
+#endif
+
+#ifndef BPF_RSH
+#define BPF_RSH 0x70
+#endif
+
+#ifndef BPF_NEG
+#define BPF_NEG 0x80
+#endif
+
+#ifndef BPF_MOD
+#define BPF_MOD 0x90
+#endif
+
+#ifndef BPF_XOR
+#define BPF_XOR 0xA0
+#endif
+
+#ifndef BPF_JA
+#define BPF_JA 0x00
+#endif
+
+#ifndef BPF_JEQ
+#define BPF_JEQ 0x10
+#endif
+
+#ifndef BPF_JGT
+#define BPF_JGT 0x20
+#endif
+
+#ifndef BPF_JGE
+#define BPF_JGE 0x30
+#endif
+
+#ifndef BPF_JSET
+#define BPF_JSET 0x40
+#endif
+
+#ifndef BPF_SRC
+#define BPF_SRC(code) ((code) & 0x08)
+#endif
+
+#ifndef BPF_K
+#define BPF_K 0x00
+#endif
+
+#ifndef BPF_MAXINSNS
+#define BPF_MAXINSNS 4096
+#endif
+
+#endif  // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_FILTER_H_
diff --git a/sandbox/linux/system_headers/linux_seccomp.h b/sandbox/linux/system_headers/linux_seccomp.h
index 40029c8..3deb3d2 100644
--- a/sandbox/linux/system_headers/linux_seccomp.h
+++ b/sandbox/linux/system_headers/linux_seccomp.h
@@ -5,8 +5,6 @@
 #ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_
 #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_
 
-#include <linux/filter.h>
-
 // The Seccomp2 kernel ABI is not part of older versions of glibc.
 // As we can't break compilation with these versions of the library,
 // we explicitly define all missing symbols.
@@ -67,13 +65,6 @@
 #define IPC_64                   0x0100
 #endif
 
-#ifndef BPF_MOD
-#define BPF_MOD                    0x90
-#endif
-#ifndef BPF_XOR
-#define BPF_XOR                    0xA0
-#endif
-
 // In order to build will older tool chains, we currently have to avoid
 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on
 // our own definitions of the seccomp kernel ABI.
author	hidehiko <hidehiko@chromium.org>	2015-04-08 00:09:41 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-04-08 07:10:24 +0000
commit	168a20642b1ceb7fb49e78417671aaec26f5477a (patch)
tree	9d7d50fca38acf9141bc2a721e199003afe183a4 /sandbox
parent	6b1ae975b91bd2b65d35b92ccf76a91cb385972d (diff)
download	chromium_src-168a20642b1ceb7fb49e78417671aaec26f5477a.zip chromium_src-168a20642b1ceb7fb49e78417671aaec26f5477a.tar.gz chromium_src-168a20642b1ceb7fb49e78417671aaec26f5477a.tar.bz2