1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__ 6 #define SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__ 7 8 #include <stdint.h> 9 10 #include "base/macros.h" 11 #include "sandbox/sandbox_export.h" 12 13 namespace sandbox { 14 15 // Iterates over the entire system call range from 0..0xFFFFFFFFu. This 16 // iterator is aware of how system calls look like and will skip quickly 17 // over ranges that can't contain system calls. It iterates more slowly 18 // whenever it reaches a range that is potentially problematic, returning 19 // the last invalid value before a valid range of system calls, and the 20 // first invalid value after a valid range of syscalls. It iterates over 21 // individual values whenever it is in the normal range for system calls 22 // (typically MIN_SYSCALL..MAX_SYSCALL). 23 // If |invalid_only| is true, this iterator will only return invalid 24 // syscall numbers, but will still skip quickly over invalid ranges, 25 // returning the first invalid value in the range and then skipping 26 // to the last invalid value in the range. 27 // 28 // Example usage: 29 // for (SyscallIterator iter(false); !iter.Done(); ) { 30 // uint32_t sysnum = iter.Next(); 31 // // Do something with sysnum. 32 // } 33 // 34 // TODO(markus): Make this a classic C++ iterator. 35 class SANDBOX_EXPORT SyscallIterator { 36 public: SyscallIterator(bool invalid_only)37 explicit SyscallIterator(bool invalid_only) 38 : invalid_only_(invalid_only), done_(false), num_(0) {} 39 Done()40 bool Done() const { return done_; } 41 uint32_t Next(); 42 static bool IsValid(uint32_t num); 43 44 private: 45 static bool IsArmPrivate(uint32_t num); 46 47 bool invalid_only_; 48 bool done_; 49 uint32_t num_; 50 51 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallIterator); 52 }; 53 54 } // namespace sandbox 55 56 #endif // SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__ 57