Remove more dependencies on sandbox/linux/seccomp-bpf

This started out as simply converting NaCl's baseline policy to bpf_dsl,
but that led me down the rabbit hole of converting a bunch of remaining
uses of SandboxBPFPolicy within content too.  There are still a few
lingering dependencies on sandbox_bpf.h after this CL, but not many.

BUG=414363

Review URL: https://codereview.chromium.org/570763002

Cr-Commit-Position: refs/heads/master@{#294871}

components/nacl/loader/nonsfi/nonsfi_sandbox.cc

@@ -23,7 +23,6 @@
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 #if defined(__arm__) && !defined(MAP_STACK)
@@ -304,7 +303,7 @@ ResultExpr NaClNonSfiBPFSandboxPolicy::InvalidSyscall() const {
 
 bool InitializeBPFSandbox() {
   bool sandbox_is_initialized = content::InitializeSandbox(
-      scoped_ptr<sandbox::SandboxBPFPolicy>(
+      scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(
           new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy()));
   if (!sandbox_is_initialized)
     return false;

components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc

@@ -18,8 +18,7 @@
 #include "base/logging.h"
 
 #include "content/public/common/sandbox_init.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 #endif  // defined(USE_SECCOMP_BPF)
@@ -30,27 +29,28 @@ namespace nacl {
 
 namespace {
 
-class NaClBPFSandboxPolicy : public sandbox::SandboxBPFPolicy {
+using sandbox::bpf_dsl::Allow;
+using sandbox::bpf_dsl::Error;
+using sandbox::bpf_dsl::ResultExpr;
+
+class NaClBPFSandboxPolicy : public sandbox::bpf_dsl::SandboxBPFDSLPolicy {
  public:
   NaClBPFSandboxPolicy()
       : baseline_policy_(content::GetBPFSandboxBaselinePolicy()) {}
   virtual ~NaClBPFSandboxPolicy() {}
 
-  virtual sandbox::ErrorCode EvaluateSyscall(
-      sandbox::SandboxBPF* sandbox_compiler,
-      int system_call_number) const OVERRIDE;
-  virtual sandbox::ErrorCode InvalidSyscall(
-      sandbox::SandboxBPF* sandbox_compiler) const OVERRIDE {
-    return baseline_policy_->InvalidSyscall(sandbox_compiler);
+  virtual ResultExpr EvaluateSyscall(int system_call_number) const OVERRIDE;
+  virtual ResultExpr InvalidSyscall() const OVERRIDE {
+    return baseline_policy_->InvalidSyscall();
   }
 
  private:
-  scoped_ptr<sandbox::SandboxBPFPolicy> baseline_policy_;
+  scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> baseline_policy_;
+
   DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy);
 };
 
-sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall(
-    sandbox::SandboxBPF* sb, int sysno) const {
+ResultExpr NaClBPFSandboxPolicy::EvaluateSyscall(int sysno) const {
   DCHECK(baseline_policy_);
   switch (sysno) {
     // TODO(jln): NaCl's GDB debug stub uses the following socket system calls,
@@ -98,16 +98,16 @@ sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall(
     // See crbug.com/264856 for details.
     case __NR_times:
     case __NR_uname:
-      return sandbox::ErrorCode(sandbox::ErrorCode::ERR_ALLOWED);
+      return Allow();
     case __NR_ioctl:
     case __NR_ptrace:
-      return sandbox::ErrorCode(EPERM);
+      return Error(EPERM);
     default:
-      return baseline_policy_->EvaluateSyscall(sb, sysno);
+      return baseline_policy_->EvaluateSyscall(sysno);
   }
   NOTREACHED();
   // GCC wants this.
-  return sandbox::ErrorCode(EPERM);
+  return Error(EPERM);
 }
 
 void RunSandboxSanityChecks() {
@@ -130,7 +130,8 @@ void RunSandboxSanityChecks() {
 bool InitializeBPFSandbox() {
 #if defined(USE_SECCOMP_BPF)
   bool sandbox_is_initialized = content::InitializeSandbox(
-      scoped_ptr<sandbox::SandboxBPFPolicy>(new NaClBPFSandboxPolicy));
+      scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(
+          new NaClBPFSandboxPolicy));
   if (sandbox_is_initialized) {
     RunSandboxSanityChecks();
     return true;

content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc

@@ -4,10 +4,9 @@
 
 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h"
 
+#include <sys/syscall.h>
 #include <sys/types.h>
 
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-
 using sandbox::bpf_dsl::Allow;
 using sandbox::bpf_dsl::ResultExpr;
 

content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc

@@ -23,7 +23,6 @@
 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 using sandbox::SyscallSets;
@@ -97,7 +96,7 @@ void AddArmGpuWhitelist(std::vector<std::string>* read_whitelist,
 
 class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy {
  public:
-  static sandbox::SandboxBPFPolicy* Create() {
+  static sandbox::bpf_dsl::SandboxBPFDSLPolicy* Create() {
     return new CrosArmGpuBrokerProcessPolicy();
   }
   virtual ~CrosArmGpuBrokerProcessPolicy() {}

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

@@ -26,7 +26,7 @@
 #include "content/common/set_process_title.h"
 #include "content/public/common/content_switches.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"  // for arch_seccomp_data
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
@@ -117,7 +117,7 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
 
 class GpuBrokerProcessPolicy : public GpuProcessPolicy {
  public:
-  static sandbox::SandboxBPFPolicy* Create() {
+  static sandbox::bpf_dsl::SandboxBPFDSLPolicy* Create() {
     return new GpuBrokerProcessPolicy();
   }
   virtual ~GpuBrokerProcessPolicy() {}
@@ -158,8 +158,8 @@ void UpdateProcessTypeToGpuBroker() {
   SetProcessTitleFromCommandLine(NULL);
 }
 
-bool UpdateProcessTypeAndEnableSandbox(
-    sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void)) {
+bool UpdateProcessTypeAndEnableSandbox(sandbox::bpf_dsl::SandboxBPFDSLPolicy* (
+    *broker_sandboxer_allocator)(void)) {
   DCHECK(broker_sandboxer_allocator);
   UpdateProcessTypeToGpuBroker();
   return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
@@ -240,7 +240,7 @@ bool GpuProcessPolicy::PreSandboxHook() {
 }
 
 void GpuProcessPolicy::InitGpuBrokerProcess(
-    sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void),
+    sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)(void),
     const std::vector<std::string>& read_whitelist_extra,
     const std::vector<std::string>& write_whitelist_extra) {
   static const char kDriRcPath[] = "/etc/drirc";

content/common/sandbox_linux/bpf_gpu_policy_linux.h

@@ -35,7 +35,8 @@ class GpuProcessPolicy : public SandboxBPFBasePolicy {
   // names that should be whitelisted by the broker process, in addition to
   // the basic ones.
   void InitGpuBrokerProcess(
-      sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void),
+      sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)(
+          void),
       const std::vector<std::string>& read_whitelist_extra,
       const std::vector<std::string>& write_whitelist_extra);
 

content/common/sandbox_linux/bpf_ppapi_policy_linux.cc

@@ -11,7 +11,6 @@
 #include "content/common/sandbox_linux/sandbox_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 using sandbox::SyscallSets;

content/common/sandbox_linux/bpf_renderer_policy_linux.cc

@@ -11,7 +11,6 @@
 #include "content/common/sandbox_linux/sandbox_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 using sandbox::SyscallSets;

content/common/sandbox_linux/bpf_utility_policy_linux.cc

@@ -11,7 +11,6 @@
 #include "content/common/sandbox_linux/sandbox_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 using sandbox::SyscallSets;

content/common/sandbox_linux/sandbox_init_linux.cc

@@ -6,15 +6,17 @@
 
 #include "base/memory/scoped_ptr.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 
 namespace content {
 
-bool InitializeSandbox(scoped_ptr<sandbox::SandboxBPFPolicy> policy) {
+bool InitializeSandbox(
+    scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy) {
   return SandboxSeccompBPF::StartSandboxWithExternalPolicy(policy.Pass());
 }
 
-scoped_ptr<sandbox::SandboxBPFPolicy> GetBPFSandboxBaselinePolicy() {
+scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>
+GetBPFSandboxBaselinePolicy() {
   return SandboxSeccompBPF::GetBaselinePolicy().Pass();
 }
 

content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc

@@ -8,8 +8,6 @@
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
-#include <sys/stat.h>
-#include <sys/types.h>
 #include <sys/types.h>
 
 #include "base/basictypes.h"
@@ -17,7 +15,7 @@
 #include "base/logging.h"
 #include "build/build_config.h"
 #include "content/public/common/content_switches.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 
 #if defined(USE_SECCOMP_BPF)
 
@@ -274,7 +272,7 @@ bool SandboxSeccompBPF::StartSandbox(const std::string& process_type) {
 }
 
 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
-    scoped_ptr<sandbox::SandboxBPFPolicy> policy) {
+    scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy) {
 #if defined(USE_SECCOMP_BPF)
   if (IsSeccompBPFDesired() && SupportsSandbox()) {
     CHECK(policy);
@@ -285,12 +283,12 @@ bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
   return false;
 }
 
-scoped_ptr<sandbox::SandboxBPFPolicy>
+scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>
 SandboxSeccompBPF::GetBaselinePolicy() {
 #if defined(USE_SECCOMP_BPF)
-  return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy);
+  return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(new BaselinePolicy);
 #else
-  return scoped_ptr<sandbox::SandboxBPFPolicy>();
+  return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>();
 #endif  // defined(USE_SECCOMP_BPF)
 }
 

content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h

@@ -11,7 +11,9 @@
 #include "base/memory/scoped_ptr.h"
 
 namespace sandbox {
-class SandboxBPFPolicy;
+namespace bpf_dsl {
+class SandboxBPFDSLPolicy;
+}
 }
 
 namespace content {
@@ -39,9 +41,9 @@ class SandboxSeccompBPF {
   // This is the API to enable a seccomp-bpf sandbox by using an
   // external policy.
   static bool StartSandboxWithExternalPolicy(
-      scoped_ptr<sandbox::SandboxBPFPolicy> policy);
+      scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy);
   // The "baseline" policy can be a useful base to build a sandbox policy.
-  static scoped_ptr<sandbox::SandboxBPFPolicy> GetBaselinePolicy();
+  static scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> GetBaselinePolicy();
 
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBPF);
@@ -50,4 +52,3 @@ class SandboxSeccompBPF {
 }  // namespace content
 
 #endif  // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
-

content/public/common/sandbox_init.h

@@ -16,7 +16,9 @@ class FilePath;
 }
 
 namespace sandbox {
-class SandboxBPFPolicy;
+namespace bpf_dsl {
+class SandboxBPFDSLPolicy;
+}
 struct SandboxInterfaceInfo;
 }
 
@@ -86,12 +88,12 @@ class SandboxInitializerDelegate;
 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
 // Returns true if the sandbox has been properly engaged.
 CONTENT_EXPORT bool InitializeSandbox(
-    scoped_ptr<sandbox::SandboxBPFPolicy> policy);
+    scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy);
 
 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to
 // implement a policy that is derived from the baseline.
-CONTENT_EXPORT scoped_ptr<sandbox::SandboxBPFPolicy>
-GetBPFSandboxBaselinePolicy();
+CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>
+    GetBPFSandboxBaselinePolicy();
 #endif  // defined(OS_LINUX)
 
 }  // namespace content