summaryrefslogtreecommitdiffstats
path: root/sandbox/linux/bpf_dsl/bpf_dsl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox/linux/bpf_dsl/bpf_dsl.cc')
-rw-r--r--sandbox/linux/bpf_dsl/bpf_dsl.cc25
1 files changed, 18 insertions, 7 deletions
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl.cc b/sandbox/linux/bpf_dsl/bpf_dsl.cc
index 2c53ab5..f0ee0a2 100644
--- a/sandbox/linux/bpf_dsl/bpf_dsl.cc
+++ b/sandbox/linux/bpf_dsl/bpf_dsl.cc
@@ -10,17 +10,12 @@
#include "base/memory/ref_counted.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
#include "sandbox/linux/bpf_dsl/policy_compiler.h"
-#include "sandbox/linux/seccomp-bpf/die.h"
#include "sandbox/linux/seccomp-bpf/errorcode.h"
namespace sandbox {
namespace bpf_dsl {
namespace {
-intptr_t BPFFailure(const struct arch_seccomp_data&, void* aux) {
- SANDBOX_DIE(static_cast<char*>(aux));
-}
-
class AllowResultExprImpl : public internal::ResultExprImpl {
public:
AllowResultExprImpl() {}
@@ -57,6 +52,22 @@ class ErrorResultExprImpl : public internal::ResultExprImpl {
DISALLOW_COPY_AND_ASSIGN(ErrorResultExprImpl);
};
+class KillResultExprImpl : public internal::ResultExprImpl {
+ public:
+ KillResultExprImpl() {}
+
+ ErrorCode Compile(PolicyCompiler* pc) const override {
+ return ErrorCode(ErrorCode::ERR_KILL);
+ }
+
+ bool IsDeny() const override { return true; }
+
+ private:
+ ~KillResultExprImpl() override {}
+
+ DISALLOW_COPY_AND_ASSIGN(KillResultExprImpl);
+};
+
class TraceResultExprImpl : public internal::ResultExprImpl {
public:
TraceResultExprImpl(uint16_t aux) : aux_(aux) {}
@@ -276,8 +287,8 @@ ResultExpr Error(int err) {
return ResultExpr(new const ErrorResultExprImpl(err));
}
-ResultExpr Kill(const char* msg) {
- return Trap(BPFFailure, msg);
+ResultExpr Kill() {
+ return ResultExpr(new const KillResultExprImpl());
}
ResultExpr Trace(uint16_t aux) {
generated by cgit v1.1 at 2025-03-01 03:36:13 +0000