// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__
#define SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__
#include <stdint.h>
#include <iterator>
#include "base/macros.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
// Iterates over the entire system call range from 0..0xFFFFFFFFu. This
// iterator is aware of how system calls look like and will skip quickly
// over ranges that can't contain system calls. It iterates more slowly
// whenever it reaches a range that is potentially problematic, returning
// the last invalid value before a valid range of system calls, and the
// first invalid value after a valid range of syscalls. It iterates over
// individual values whenever it is in the normal range for system calls
// (typically MIN_SYSCALL..MAX_SYSCALL).
//
// Example usage:
// for (uint32_t sysnum : SyscallSet::All()) {
// // Do something with sysnum.
// }
class SANDBOX_EXPORT SyscallSet {
public:
class Iterator;
SyscallSet(const SyscallSet& ss) : set_(ss.set_) {}
~SyscallSet() {}
Iterator begin() const;
Iterator end() const;
// All returns a SyscallSet that contains both valid and invalid
// system call numbers.
static SyscallSet All() { return SyscallSet(Set::ALL); }
// ValidOnly returns a SyscallSet that contains only valid system
// call numbers.
static SyscallSet ValidOnly() { return SyscallSet(Set::VALID_ONLY); }
// InvalidOnly returns a SyscallSet that contains only invalid
// system call numbers, but still omits numbers in the middle of a
// range of invalid system call numbers.
static SyscallSet InvalidOnly() { return SyscallSet(Set::INVALID_ONLY); }
// IsValid returns whether |num| specifies a valid system call
// number.
static bool IsValid(uint32_t num);
private:
enum class Set { ALL, VALID_ONLY, INVALID_ONLY };
explicit SyscallSet(Set set) : set_(set) {}
Set set_;
friend bool operator==(const SyscallSet&, const SyscallSet&);
DISALLOW_ASSIGN(SyscallSet);
};
SANDBOX_EXPORT bool operator==(const SyscallSet& lhs, const SyscallSet& rhs);
// Iterator provides C++ input iterator semantics for traversing a
// SyscallSet.
class SyscallSet::Iterator
: public std::iterator<std::input_iterator_tag, uint32_t> {
public:
Iterator(const Iterator& it)
: set_(it.set_), done_(it.done_), num_(it.num_) {}
~Iterator() {}
uint32_t operator*() const;
Iterator& operator++();
private:
Iterator(Set set, bool done);
uint32_t NextSyscall() const;
Set set_;
bool done_;
uint32_t num_;
friend SyscallSet;
friend bool operator==(const Iterator&, const Iterator&);
DISALLOW_ASSIGN(Iterator);
};
SANDBOX_EXPORT bool operator==(const SyscallSet::Iterator& lhs,
const SyscallSet::Iterator& rhs);
SANDBOX_EXPORT bool operator!=(const SyscallSet::Iterator& lhs,
const SyscallSet::Iterator& rhs);
} // namespace sandbox
#endif // SANDBOX_LINUX_BPF_DSL_SYSCALL_SET_H__