diff options
23 files changed, 71 insertions, 42 deletions
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc index e08d7a3..445cc54 100644 --- a/components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc +++ b/components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc @@ -8,6 +8,9 @@ #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" +#include <sys/syscall.h> +#include <unistd.h> + #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" #include "sandbox/linux/seccomp-bpf/bpf_tests.h" diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc index cce688c..a05b664 100644 --- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc +++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc @@ -26,7 +26,7 @@ #include "content/common/set_process_title.h" #include "content/public/common/content_switches.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" -#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" // for arch_seccomp_data +#include "sandbox/linux/seccomp-bpf/trap.h" #include "sandbox/linux/services/broker_process.h" #include "sandbox/linux/services/linux_syscalls.h" diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc index b5d04e1..667dfb2 100644 --- a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc +++ b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc @@ -2,6 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "sandbox/linux/bpf_dsl/bpf_dsl.h" + #include <errno.h> #include <pthread.h> #include <sched.h> @@ -21,8 +23,6 @@ #endif #include <linux/futex.h> -#include <ostream> - #include "base/bind.h" #include "base/logging.h" #include "base/macros.h" @@ -31,11 +31,11 @@ #include "base/synchronization/waitable_event.h" #include "base/threading/thread.h" #include "build/build_config.h" -#include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/seccomp-bpf/bpf_tests.h" +#include "sandbox/linux/seccomp-bpf/die.h" +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/syscall.h" #include "sandbox/linux/seccomp-bpf/trap.h" -#include "sandbox/linux/seccomp-bpf/verifier.h" #include "sandbox/linux/services/broker_process.h" #include "sandbox/linux/services/linux_syscalls.h" #include "sandbox/linux/tests/scoped_temporary_file.h" diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc index 6215d6e..028ed66 100644 --- a/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc +++ b/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc @@ -7,14 +7,15 @@ #include <errno.h> #include <netinet/in.h> #include <sys/socket.h> +#include <sys/syscall.h> #include <sys/utsname.h> +#include <unistd.h> #include "base/files/scoped_file.h" #include "base/macros.h" #include "build/build_config.h" #include "sandbox/linux/seccomp-bpf/bpf_tests.h" #include "sandbox/linux/seccomp-bpf/errorcode.h" -#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" #include "sandbox/linux/seccomp-bpf/syscall.h" #define CASES SANDBOX_BPF_DSL_CASES diff --git a/sandbox/linux/seccomp-bpf/bpf_tests.h b/sandbox/linux/seccomp-bpf/bpf_tests.h index da92de8..a3603b5 100644 --- a/sandbox/linux/seccomp-bpf/bpf_tests.h +++ b/sandbox/linux/seccomp-bpf/bpf_tests.h @@ -5,7 +5,7 @@ #ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ #define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ -#include "base/basictypes.h" +#include "base/macros.h" #include "build/build_config.h" #include "sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h" #include "sandbox/linux/tests/unit_tests.h" diff --git a/sandbox/linux/seccomp-bpf/codegen.cc b/sandbox/linux/seccomp-bpf/codegen.cc index c90bffc..47ba397 100644 --- a/sandbox/linux/seccomp-bpf/codegen.cc +++ b/sandbox/linux/seccomp-bpf/codegen.cc @@ -2,10 +2,17 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "sandbox/linux/seccomp-bpf/codegen.h" + #include <stdio.h> +#include <set> + #include "base/logging.h" -#include "sandbox/linux/seccomp-bpf/codegen.h" +#include "sandbox/linux/seccomp-bpf/basicblock.h" +#include "sandbox/linux/seccomp-bpf/die.h" +#include "sandbox/linux/seccomp-bpf/instruction.h" +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" namespace { diff --git a/sandbox/linux/seccomp-bpf/codegen.h b/sandbox/linux/seccomp-bpf/codegen.h index 1c4cd46..91eee52 100644 --- a/sandbox/linux/seccomp-bpf/codegen.h +++ b/sandbox/linux/seccomp-bpf/codegen.h @@ -6,15 +6,15 @@ #define SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__ #include <map> -#include <set> #include <vector> -#include "sandbox/linux/seccomp-bpf/basicblock.h" -#include "sandbox/linux/seccomp-bpf/instruction.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/sandbox_export.h" namespace sandbox { +struct BasicBlock; +class ErrorCode; +struct Instruction; typedef std::vector<Instruction*> Instructions; typedef std::vector<BasicBlock*> BasicBlocks; diff --git a/sandbox/linux/seccomp-bpf/codegen_unittest.cc b/sandbox/linux/seccomp-bpf/codegen_unittest.cc index 52fc24c..88f6130 100644 --- a/sandbox/linux/seccomp-bpf/codegen_unittest.cc +++ b/sandbox/linux/seccomp-bpf/codegen_unittest.cc @@ -2,13 +2,18 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "sandbox/linux/seccomp-bpf/codegen.h" + #include <errno.h> +#include <linux/filter.h> -#include <algorithm> #include <set> +#include <string> #include <vector> -#include "sandbox/linux/seccomp-bpf/codegen.h" +#include "sandbox/linux/seccomp-bpf/basicblock.h" +#include "sandbox/linux/seccomp-bpf/errorcode.h" +#include "sandbox/linux/seccomp-bpf/instruction.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/tests/unit_tests.h" diff --git a/sandbox/linux/seccomp-bpf/die.cc b/sandbox/linux/seccomp-bpf/die.cc index e5bc7c9..777c9d1 100644 --- a/sandbox/linux/seccomp-bpf/die.cc +++ b/sandbox/linux/seccomp-bpf/die.cc @@ -2,16 +2,19 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "sandbox/linux/seccomp-bpf/die.h" + #include <errno.h> -#include <linux/unistd.h> +#include <signal.h> #include <stdio.h> #include <sys/prctl.h> +#include <sys/syscall.h> +#include <unistd.h> #include <string> #include "base/logging.h" #include "base/posix/eintr_wrapper.h" -#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/seccomp-bpf/syscall.h" namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/die.h b/sandbox/linux/seccomp-bpf/die.h index 3ac31cc..b3f3f72 100644 --- a/sandbox/linux/seccomp-bpf/die.h +++ b/sandbox/linux/seccomp-bpf/die.h @@ -5,7 +5,7 @@ #ifndef SANDBOX_LINUX_SECCOMP_BPF_DIE_H__ #define SANDBOX_LINUX_SECCOMP_BPF_DIE_H__ -#include "base/basictypes.h" +#include "base/macros.h" #include "sandbox/sandbox_export.h" namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/errorcode.cc b/sandbox/linux/seccomp-bpf/errorcode.cc index 944581e..8154f93 100644 --- a/sandbox/linux/seccomp-bpf/errorcode.cc +++ b/sandbox/linux/seccomp-bpf/errorcode.cc @@ -2,11 +2,16 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "sandbox/linux/seccomp-bpf/die.h" #include "sandbox/linux/seccomp-bpf/errorcode.h" +#include "sandbox/linux/seccomp-bpf/die.h" +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" + namespace sandbox { +ErrorCode::ErrorCode() : error_type_(ET_INVALID), err_(SECCOMP_RET_INVALID) { +} + ErrorCode::ErrorCode(int err) { switch (err) { case ERR_ALLOWED: diff --git a/sandbox/linux/seccomp-bpf/errorcode.h b/sandbox/linux/seccomp-bpf/errorcode.h index b20b921..a322411 100644 --- a/sandbox/linux/seccomp-bpf/errorcode.h +++ b/sandbox/linux/seccomp-bpf/errorcode.h @@ -5,14 +5,11 @@ #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__ -#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/trap.h" #include "sandbox/sandbox_export.h" namespace sandbox { -struct arch_seccomp_data; - // This class holds all the possible values that can be returned by a sandbox // policy. // We can either wrap a symbolic ErrorCode (i.e. ERR_XXX enum values), an @@ -113,7 +110,7 @@ class SANDBOX_EXPORT ErrorCode { // when compiling a BPF filter, we deliberately generate an invalid // program that will get flagged both by our Verifier class and by // the Linux kernel. - ErrorCode() : error_type_(ET_INVALID), err_(SECCOMP_RET_INVALID) {} + ErrorCode(); explicit ErrorCode(int err); // For all practical purposes, ErrorCodes are treated as if they were diff --git a/sandbox/linux/seccomp-bpf/errorcode_unittest.cc b/sandbox/linux/seccomp-bpf/errorcode_unittest.cc index f3b7748..5a39373 100644 --- a/sandbox/linux/seccomp-bpf/errorcode_unittest.cc +++ b/sandbox/linux/seccomp-bpf/errorcode_unittest.cc @@ -2,8 +2,11 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "sandbox/linux/seccomp-bpf/errorcode.h" + #include <errno.h> +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/tests/unit_tests.h" diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc index c5a2ebd..31ccda2 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc @@ -12,6 +12,7 @@ #include <errno.h> #include <fcntl.h> +#include <linux/filter.h> #include <signal.h> #include <string.h> #include <sys/prctl.h> @@ -30,7 +31,10 @@ #include "base/memory/scoped_ptr.h" #include "base/posix/eintr_wrapper.h" #include "sandbox/linux/seccomp-bpf/codegen.h" +#include "sandbox/linux/seccomp-bpf/die.h" #include "sandbox/linux/seccomp-bpf/errorcode.h" +#include "sandbox/linux/seccomp-bpf/instruction.h" +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" #include "sandbox/linux/seccomp-bpf/syscall.h" #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h index fb325e0..d7fb1ff 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h @@ -5,27 +5,21 @@ #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__ -#include <stddef.h> -#include <sys/types.h> -#include <sys/wait.h> +#include <stdint.h> -#include <algorithm> -#include <limits> #include <map> #include <set> -#include <utility> #include <vector> #include "base/compiler_specific.h" #include "base/memory/scoped_ptr.h" -#include "sandbox/linux/seccomp-bpf/die.h" #include "sandbox/linux/seccomp-bpf/errorcode.h" -#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/trap.h" #include "sandbox/sandbox_export.h" -namespace sandbox { +struct sock_filter; +namespace sandbox { class CodeGen; class SandboxBPFPolicy; class SandboxUnittestHelper; diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h index d4b8ab8..e9cb9b0 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h @@ -5,7 +5,6 @@ #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_COMPATIBILITY_POLICY_H_ #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_COMPATIBILITY_POLICY_H_ -#include "base/basictypes.h" #include "base/logging.h" #include "base/macros.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h index fc6fdf6..5a26f2b 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h @@ -5,7 +5,7 @@ #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ -#include "base/basictypes.h" +#include "base/macros.h" #include "sandbox/sandbox_export.h" namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc index ff659ab..b964cbc 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc @@ -5,12 +5,11 @@ #include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h" #include <fcntl.h> -#include <sys/stat.h> -#include <sys/types.h> +#include <linux/filter.h> -#include "base/basictypes.h" #include "base/logging.h" #include "base/memory/scoped_ptr.h" +#include "sandbox/linux/seccomp-bpf/die.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/tests/unit_tests.h" diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h index 7721033..3d220c8 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h @@ -5,7 +5,7 @@ #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_ #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_ -#include "base/basictypes.h" +#include "base/macros.h" #include "base/memory/scoped_ptr.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" #include "sandbox/linux/tests/sandbox_test_runner.h" diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.h b/sandbox/linux/seccomp-bpf/syscall_iterator.h index 7842b2a..04eab59 100644 --- a/sandbox/linux/seccomp-bpf/syscall_iterator.h +++ b/sandbox/linux/seccomp-bpf/syscall_iterator.h @@ -7,7 +7,7 @@ #include <stdint.h> -#include "base/basictypes.h" +#include "base/macros.h" #include "sandbox/sandbox_export.h" namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc b/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc index 6d553c8..f229770 100644 --- a/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc +++ b/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc @@ -2,8 +2,11 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" + +#include <stdint.h> + +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/tests/unit_tests.h" namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/verifier.cc b/sandbox/linux/seccomp-bpf/verifier.cc index 2f5195a..bf4e974 100644 --- a/sandbox/linux/seccomp-bpf/verifier.cc +++ b/sandbox/linux/seccomp-bpf/verifier.cc @@ -2,14 +2,16 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "sandbox/linux/seccomp-bpf/verifier.h" + #include <string.h> #include <limits> +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" -#include "sandbox/linux/seccomp-bpf/verifier.h" namespace sandbox { diff --git a/sandbox/linux/seccomp-bpf/verifier.h b/sandbox/linux/seccomp-bpf/verifier.h index 4e80dd9..25a53ce 100644 --- a/sandbox/linux/seccomp-bpf/verifier.h +++ b/sandbox/linux/seccomp-bpf/verifier.h @@ -5,13 +5,17 @@ #ifndef SANDBOX_LINUX_SECCOMP_BPF_VERIFIER_H__ #define SANDBOX_LINUX_SECCOMP_BPF_VERIFIER_H__ -#include <linux/filter.h> +#include <stdint.h> -#include <utility> #include <vector> -namespace sandbox { +#include "base/macros.h" + +struct sock_filter; +namespace sandbox { +struct arch_seccomp_data; +class SandboxBPF; class SandboxBPFPolicy; class Verifier { |