Remove more dependencies on sandbox/linux/seccomp-bpf

This started out as simply converting NaCl's baseline policy to bpf_dsl, but that led me down the rabbit hole of converting a bunch of remaining uses of SandboxBPFPolicy within content too. There are still a few lingering dependencies on sandbox_bpf.h after this CL, but not many. BUG=414363 Review URL: https://codereview.chromium.org/570763002 Cr-Commit-Position: refs/heads/master@{#294871}

Remove more dependencies on sandbox/linux/seccomp-bpf
This started out as simply converting NaCl's baseline policy to bpf_dsl, but that led me down the rabbit hole of converting a bunch of remaining uses of SandboxBPFPolicy within content too. There are still a few lingering dependencies on sandbox_bpf.h after this CL, but not many. BUG=414363 Review URL: https://codereview.chromium.org/570763002 Cr-Commit-Position: refs/heads/master@{#294871}
4dd21732 · mdempsky · Commit bot · 36816846 · 4dd21732 · 4dd21732
Commit 4dd21732 authored Sep 15, 2014 by mdempsky Committed by Commit bot Sep 15, 2014
13 changed files
--- a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
@@ -23,7 +23,6 @@
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 #if defined(__arm__) && !defined(MAP_STACK)
@@ -304,7 +303,7 @@ ResultExpr NaClNonSfiBPFSandboxPolicy::InvalidSyscall() const {
 bool InitializeBPFSandbox() {
  bool sandbox_is_initialized = content::InitializeSandbox(
-      scoped_ptr<sandbox::SandboxBPFPolicy>(
+      scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(
          new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy()));
  if (!sandbox_is_initialized)
    return false;

--- a/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc
+++ b/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc
@@ -18,8 +18,7 @@
 #include "base/logging.h"
 #include "content/public/common/sandbox_init.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 #endif  // defined(USE_SECCOMP_BPF)
@@ -30,27 +29,28 @@ namespace nacl {
 namespace {
-class NaClBPFSandboxPolicy : public sandbox::SandboxBPFPolicy {
+using sandbox::bpf_dsl::Allow;
+using sandbox::bpf_dsl::Error;
+using sandbox::bpf_dsl::ResultExpr;
+class NaClBPFSandboxPolicy : public sandbox::bpf_dsl::SandboxBPFDSLPolicy {
 public:
  NaClBPFSandboxPolicy()
      : baseline_policy_(content::GetBPFSandboxBaselinePolicy()) {}
  virtual ~NaClBPFSandboxPolicy() {}
-  virtual sandbox::ErrorCode EvaluateSyscall(
+  virtual ResultExpr EvaluateSyscall(int system_call_number) const OVERRIDE;
-      sandbox::SandboxBPF* sandbox_compiler,
+  virtual ResultExpr InvalidSyscall() const OVERRIDE {
-      int system_call_number) const OVERRIDE;
+    return baseline_policy_->InvalidSyscall();
-  virtual sandbox::ErrorCode InvalidSyscall(
-      sandbox::SandboxBPF* sandbox_compiler) const OVERRIDE {
-    return baseline_policy_->InvalidSyscall(sandbox_compiler);
  }
 private:
-  scoped_ptr<sandbox::SandboxBPFPolicy> baseline_policy_;
+  scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> baseline_policy_;
  DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy);
 };
-sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall(
+ResultExpr NaClBPFSandboxPolicy::EvaluateSyscall(int sysno) const {
-    sandbox::SandboxBPF* sb, int sysno) const {
  DCHECK(baseline_policy_);
  switch (sysno) {
    // TODO(jln): NaCl's GDB debug stub uses the following socket system calls,
@@ -98,16 +98,16 @@ sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall(
    // See crbug.com/264856 for details.
    case __NR_times:
    case __NR_uname:
-      return sandbox::ErrorCode(sandbox::ErrorCode::ERR_ALLOWED);
+      return Allow();
    case __NR_ioctl:
    case __NR_ptrace:
-      return sandbox::ErrorCode(EPERM);
+      return Error(EPERM);
    default:
-      return baseline_policy_->EvaluateSyscall(sb, sysno);
+      return baseline_policy_->EvaluateSyscall(sysno);
  }
  NOTREACHED();
  // GCC wants this.
-  return sandbox::ErrorCode(EPERM);
+  return Error(EPERM);
 }
 void RunSandboxSanityChecks() {
@@ -130,7 +130,8 @@ void RunSandboxSanityChecks() {
 bool InitializeBPFSandbox() {
 #if defined(USE_SECCOMP_BPF)
  bool sandbox_is_initialized = content::InitializeSandbox(
-      scoped_ptr<sandbox::SandboxBPFPolicy>(new NaClBPFSandboxPolicy));
+      scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(
+          new NaClBPFSandboxPolicy));
  if (sandbox_is_initialized) {
    RunSandboxSanityChecks();
    return true;

--- a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
+++ b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
@@ -4,10 +4,9 @@
 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h"
+#include <sys/syscall.h>
 #include <sys/types.h>
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 using sandbox::bpf_dsl::Allow;
 using sandbox::bpf_dsl::ResultExpr;

--- a/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc
@@ -23,7 +23,6 @@
 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 using sandbox::SyscallSets;
@@ -97,7 +96,7 @@ void AddArmGpuWhitelist(std::vector<std::string>* read_whitelist,
 class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy {
 public:
-  static sandbox::SandboxBPFPolicy* Create() {
+  static sandbox::bpf_dsl::SandboxBPFDSLPolicy* Create() {
    return new CrosArmGpuBrokerProcessPolicy();
  }
  virtual ~CrosArmGpuBrokerProcessPolicy() {}

--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -26,7 +26,7 @@
 #include "content/common/set_process_title.h"
 #include "content/public/common/content_switches.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"  // for arch_seccomp_data
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
@@ -117,7 +117,7 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
 class GpuBrokerProcessPolicy : public GpuProcessPolicy {
 public:
-  static sandbox::SandboxBPFPolicy* Create() {
+  static sandbox::bpf_dsl::SandboxBPFDSLPolicy* Create() {
    return new GpuBrokerProcessPolicy();
  }
  virtual ~GpuBrokerProcessPolicy() {}
@@ -158,8 +158,8 @@ void UpdateProcessTypeToGpuBroker() {
  SetProcessTitleFromCommandLine(NULL);
 }
-bool UpdateProcessTypeAndEnableSandbox(
+bool UpdateProcessTypeAndEnableSandbox(sandbox::bpf_dsl::SandboxBPFDSLPolicy* (
-    sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void)) {
+    *broker_sandboxer_allocator)(void)) {
  DCHECK(broker_sandboxer_allocator);
  UpdateProcessTypeToGpuBroker();
  return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
@@ -240,7 +240,7 @@ bool GpuProcessPolicy::PreSandboxHook() {
 }
 void GpuProcessPolicy::InitGpuBrokerProcess(
-    sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void),
+    sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)(void),
    const std::vector<std::string>& read_whitelist_extra,
    const std::vector<std::string>& write_whitelist_extra) {
  static const char kDriRcPath[] = "/etc/drirc";

--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.h
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.h
@@ -35,7 +35,8 @@ class GpuProcessPolicy : public SandboxBPFBasePolicy {
  // names that should be whitelisted by the broker process, in addition to
  // the basic ones.
  void InitGpuBrokerProcess(
-      sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void),
+      sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)(
+          void),
      const std::vector<std::string>& read_whitelist_extra,
      const std::vector<std::string>& write_whitelist_extra);

--- a/content/common/sandbox_linux/bpf_ppapi_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_ppapi_policy_linux.cc
@@ -11,7 +11,6 @@
 #include "content/common/sandbox_linux/sandbox_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 using sandbox::SyscallSets;

--- a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
@@ -11,7 +11,6 @@
 #include "content/common/sandbox_linux/sandbox_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 using sandbox::SyscallSets;

--- a/content/common/sandbox_linux/bpf_utility_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_utility_policy_linux.cc
@@ -11,7 +11,6 @@
 #include "content/common/sandbox_linux/sandbox_linux.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 using sandbox::SyscallSets;

--- a/content/common/sandbox_linux/sandbox_init_linux.cc
+++ b/content/common/sandbox_linux/sandbox_init_linux.cc
@@ -6,15 +6,17 @@
 #include "base/memory/scoped_ptr.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 namespace content {
-bool InitializeSandbox(scoped_ptr<sandbox::SandboxBPFPolicy> policy) {
+bool InitializeSandbox(
+    scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy) {
  return SandboxSeccompBPF::StartSandboxWithExternalPolicy(policy.Pass());
 }
-scoped_ptr<sandbox::SandboxBPFPolicy> GetBPFSandboxBaselinePolicy() {
+scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>
+GetBPFSandboxBaselinePolicy() {
  return SandboxSeccompBPF::GetBaselinePolicy().Pass();
 }

--- a/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
@@ -8,8 +8,6 @@
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
-#include <sys/stat.h>
-#include <sys/types.h>
 #include <sys/types.h>
 #include "base/basictypes.h"
@@ -17,7 +15,7 @@
 #include "base/logging.h"
 #include "build/build_config.h"
 #include "content/public/common/content_switches.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #if defined(USE_SECCOMP_BPF)
@@ -274,7 +272,7 @@ bool SandboxSeccompBPF::StartSandbox(const std::string& process_type) {
 }
 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
-    scoped_ptr<sandbox::SandboxBPFPolicy> policy) {
+    scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy) {
 #if defined(USE_SECCOMP_BPF)
  if (IsSeccompBPFDesired() && SupportsSandbox()) {
    CHECK(policy);
@@ -285,12 +283,12 @@ bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
  return false;
 }
-scoped_ptr<sandbox::SandboxBPFPolicy>
+scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>
 SandboxSeccompBPF::GetBaselinePolicy() {
 #if defined(USE_SECCOMP_BPF)
-  return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy);
+  return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>(new BaselinePolicy);
 #else
-  return scoped_ptr<sandbox::SandboxBPFPolicy>();
+  return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>();
 #endif  // defined(USE_SECCOMP_BPF)
 }

--- a/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h
+++ b/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h
@@ -11,7 +11,9 @@
 #include "base/memory/scoped_ptr.h"
 namespace sandbox {
-class SandboxBPFPolicy;
+namespace bpf_dsl {
+class SandboxBPFDSLPolicy;
+}
 }
 namespace content {
@@ -39,9 +41,9 @@ class SandboxSeccompBPF {
  // This is the API to enable a seccomp-bpf sandbox by using an
  // external policy.
  static bool StartSandboxWithExternalPolicy(
-      scoped_ptr<sandbox::SandboxBPFPolicy> policy);
+      scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy);
  // The "baseline" policy can be a useful base to build a sandbox policy.
-  static scoped_ptr<sandbox::SandboxBPFPolicy> GetBaselinePolicy();
+  static scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> GetBaselinePolicy();
 private:
  DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBPF);
@@ -50,4 +52,3 @@ class SandboxSeccompBPF {
 }  // namespace content
 #endif  // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
--- a/content/public/common/sandbox_init.h
+++ b/content/public/common/sandbox_init.h
@@ -16,7 +16,9 @@ class FilePath;
 }
 namespace sandbox {
-class SandboxBPFPolicy;
+namespace bpf_dsl {
+class SandboxBPFDSLPolicy;
+}
 struct SandboxInterfaceInfo;
 }
@@ -86,12 +88,12 @@ class SandboxInitializerDelegate;
 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
 // Returns true if the sandbox has been properly engaged.
 CONTENT_EXPORT bool InitializeSandbox(
-    scoped_ptr<sandbox::SandboxBPFPolicy> policy);
+    scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy);
 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to
 // implement a policy that is derived from the baseline.
-CONTENT_EXPORT scoped_ptr<sandbox::SandboxBPFPolicy>
+CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>
-GetBPFSandboxBaselinePolicy();
+    GetBPFSandboxBaselinePolicy();
 #endif  // defined(OS_LINUX)
 }  // namespace content