Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / ffec8919585a3a30e9f8a3551e85cf06fc62cd8a^! / . / bpf.h
commitffec8919585a3a30e9f8a3551e85cf06fc62cd8a[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@chromium.org>Fri Nov 30 14:46:23 2012 -0800
committerGerrit <chrome-bot@google.com>Sun Dec 02 16:44:33 2012 -0800
tree29f3dfe9210b95468b5457f3d7e331be7e9ba03c
parenteee3155a563aa34d1dc58a625bdc59a577271adb [diff] [blame]
Add BPF jset instruction support to Minijail.

First step is to add support for the actual BPF instruction.
Next step is to parse this in the policy files and use the functions
introduced by this CL.

BUG=chromium-os:36848
TEST=syscall_filter_unittest

Change-Id: I172598e63413506f190ae6b4b07ae63e1198f44c
Reviewed-on: https://gerrit.chromium.org/gerrit/39018
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

diff --git a/bpf.h b/bpf.h
index 5b41b55..ab81154 100644
--- a/bpf.h
+++ b/bpf.h

@@ -29,7 +29,8 @@
 	LT,
 	LE,
 	GT,
-	GE
+	GE,
+	SET
 };
 
 /*
@@ -72,23 +73,30 @@
 
 /* Size-dependent defines. */
 #if defined(BITS32)
-/* On 32 bits, comparisons take 2 instructions: 1 load arg, and 1 cmp. */
-#define BPF_LOAD_ARG_LEN 1U
-#define BPF_COMP_LEN 1U
+/*
+ * On 32 bits, comparisons take 2 instructions: 1 for loading the argument,
+ * 1 for the actual comparison.
+ */
+#define BPF_LOAD_ARG_LEN	1U
+#define BPF_COMP_LEN		1U
 #define BPF_ARG_COMP_LEN (BPF_LOAD_ARG_LEN + BPF_COMP_LEN)
 
 #define bpf_comp_jeq bpf_comp_jeq32
+#define bpf_comp_jset bpf_comp_jset32
 
 #define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)])
 
-#elif __BITS_PER_LONG == 64
-#define BITS64
-/* On 64 bits, comparisons take 7 instructions: 4 load arg, and 3 cmp. */
-#define BPF_LOAD_ARG_LEN 4U
-#define BPF_COMP_LEN 3U
+#elif defined(BITS64)
+/*
+ * On 64 bits, comparisons take 7 instructions: 4 for loading the argument,
+ * and 3 for the actual comparison.
+ */
+#define BPF_LOAD_ARG_LEN	4U
+#define BPF_COMP_LEN		3U
 #define BPF_ARG_COMP_LEN (BPF_LOAD_ARG_LEN + BPF_COMP_LEN)
 
 #define bpf_comp_jeq bpf_comp_jeq64
+#define bpf_comp_jset bpf_comp_jset64
 
 /* Ensure that we load the logically correct offset. */
 #if defined(__LITTLE_ENDIAN)
@@ -101,6 +109,9 @@
 #error "Unknown endianness"
 #endif
 
+#else
+#error "Unknown bit width"
+
 #endif
 
 /* Common jump targets. */
@@ -170,6 +181,8 @@
 size_t bpf_load_arg(struct sock_filter *filter, int argidx);
 size_t bpf_comp_jeq(struct sock_filter *filter, unsigned long c,
 		unsigned char jt, unsigned char jf);
+size_t bpf_comp_jset(struct sock_filter *filter, unsigned long mask,
+		unsigned char jt, unsigned char jf);
 
 /* Functions called by syscall_filter.c */
 #define ARCH_VALIDATION_LEN 3U
@@ -182,7 +195,7 @@
 size_t bpf_allow_syscall_args(struct sock_filter *filter,
 		int nr, unsigned int id);
 
-/* Debug */
+/* Debug functions. */
 void dump_bpf_prog(struct sock_fprog *fprog);
 void dump_bpf_filter(struct sock_filter *filter, unsigned short len);