| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ |
| #define SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ |
| |
| #include <stdint.h> |
| |
| #include <iterator> |
| |
| #include "base/macros.h" |
| #include "sandbox/sandbox_export.h" |
| |
| namespace sandbox { |
| |
| // Iterates over the entire system call range from 0..0xFFFFFFFFu. This |
| // iterator is aware of how system calls look like and will skip quickly |
| // over ranges that can't contain system calls. It iterates more slowly |
| // whenever it reaches a range that is potentially problematic, returning |
| // the last invalid value before a valid range of system calls, and the |
| // first invalid value after a valid range of syscalls. It iterates over |
| // individual values whenever it is in the normal range for system calls |
| // (typically MIN_SYSCALL..MAX_SYSCALL). |
| // |
| // Example usage: |
| // for (uint32_t sysnum : SyscallSet::All()) { |
| // // Do something with sysnum. |
| // } |
| class SANDBOX_EXPORT SyscallSet { |
| public: |
| class Iterator; |
| |
| SyscallSet(const SyscallSet& ss) : set_(ss.set_) {} |
| ~SyscallSet() {} |
| |
| Iterator begin() const; |
| Iterator end() const; |
| |
| // All returns a SyscallSet that contains both valid and invalid |
| // system call numbers. |
| static SyscallSet All() { return SyscallSet(Set::ALL); } |
| |
| // ValidOnly returns a SyscallSet that contains only valid system |
| // call numbers. |
| static SyscallSet ValidOnly() { return SyscallSet(Set::VALID_ONLY); } |
| |
| // InvalidOnly returns a SyscallSet that contains only invalid |
| // system call numbers, but still omits numbers in the middle of a |
| // range of invalid system call numbers. |
| static SyscallSet InvalidOnly() { return SyscallSet(Set::INVALID_ONLY); } |
| |
| // IsValid returns whether |num| specifies a valid system call |
| // number. |
| static bool IsValid(uint32_t num); |
| |
| private: |
| enum class Set { ALL, VALID_ONLY, INVALID_ONLY }; |
| |
| explicit SyscallSet(Set set) : set_(set) {} |
| |
| Set set_; |
| |
| friend bool operator==(const SyscallSet&, const SyscallSet&); |
| DISALLOW_ASSIGN(SyscallSet); |
| }; |
| |
| SANDBOX_EXPORT bool operator==(const SyscallSet& lhs, const SyscallSet& rhs); |
| |
| // Iterator provides C++ input iterator semantics for traversing a |
| // SyscallSet. |
| class SyscallSet::Iterator |
| : public std::iterator<std::input_iterator_tag, uint32_t> { |
| public: |
| Iterator(const Iterator& it) |
| : set_(it.set_), done_(it.done_), num_(it.num_) {} |
| ~Iterator() {} |
| |
| uint32_t operator*() const; |
| Iterator& operator++(); |
| |
| private: |
| Iterator(Set set, bool done); |
| |
| uint32_t NextSyscall() const; |
| |
| Set set_; |
| bool done_; |
| uint32_t num_; |
| |
| friend SyscallSet; |
| friend bool operator==(const Iterator&, const Iterator&); |
| DISALLOW_ASSIGN(Iterator); |
| }; |
| |
| SANDBOX_EXPORT bool operator==(const SyscallSet::Iterator& lhs, |
| const SyscallSet::Iterator& rhs); |
| SANDBOX_EXPORT bool operator!=(const SyscallSet::Iterator& lhs, |
| const SyscallSet::Iterator& rhs); |
| |
| } // namespace sandbox |
| |
| #endif // SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__ |