Linux sandbox: Add UserNotify to bpf dsl

...to support the SECCOMP_RET_USER_NOTIF return code for seccomp bpf
programs.

Bug: 1117351
Change-Id: I55dfcb4169a4b434cb5cc8894534e1d1e0e7782e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2407035
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#811156}

sandbox/linux/bpf_dsl/bpf_dsl.cc

@@ -33,7 +33,8 @@ class ReturnResultExprImpl : public internal::ResultExprImpl {
   bool IsAllow() const override { return IsAction(SECCOMP_RET_ALLOW); }
 
   bool IsDeny() const override {
-    return IsAction(SECCOMP_RET_ERRNO) || IsAction(SECCOMP_RET_KILL);
+    return IsAction(SECCOMP_RET_ERRNO) || IsAction(SECCOMP_RET_KILL) ||
+           IsAction(SECCOMP_RET_USER_NOTIF);
   }
 
  private:
@@ -262,6 +263,10 @@ ResultExpr UnsafeTrap(TrapRegistry::TrapFnc trap_func, const void* aux) {
                                               false /* unsafe */);
 }
 
+ResultExpr UserNotify() {
+  return std::make_shared<ReturnResultExprImpl>(SECCOMP_RET_USER_NOTIF);
+}
+
 BoolExpr BoolConst(bool value) {
   return std::make_shared<ConstBoolExprImpl>(value);
 }

sandbox/linux/bpf_dsl/bpf_dsl.h

@@ -120,6 +120,12 @@ SANDBOX_EXPORT ResultExpr
 SANDBOX_EXPORT ResultExpr
     UnsafeTrap(TrapRegistry::TrapFnc trap_func, const void* aux);
 
+// UserNotify specifies that the kernel shall notify a listening process that a
+// syscall occurred. The listening process may perform the system call on
+// behalf of the sandboxed process, or may instruct the sandboxed process to
+// continue the system call.
+SANDBOX_EXPORT ResultExpr UserNotify();
+
 // BoolConst converts a bool value into a BoolExpr.
 SANDBOX_EXPORT BoolExpr BoolConst(bool value);
 

sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc

@@ -453,6 +453,10 @@ TEST(BPFDSL, IsAllowDeny) {
   EXPECT_FALSE(trap->IsAllow());
   EXPECT_TRUE(trap->IsDeny());
 
+  ResultExpr user_notify = UserNotify();
+  EXPECT_FALSE(user_notify->IsAllow());
+  EXPECT_TRUE(user_notify->IsDeny());
+
   const Arg<int> arg(0);
   ResultExpr maybe = If(arg == 0, Allow()).Else(Error(EPERM));
   EXPECT_FALSE(maybe->IsAllow());
@@ -469,6 +473,9 @@ TEST(BPFDSL, HasUnsafeTraps) {
   ResultExpr unsafe = UnsafeTrap(DummyTrap, nullptr);
   EXPECT_TRUE(unsafe->HasUnsafeTraps());
 
+  ResultExpr user_notify = UserNotify();
+  EXPECT_FALSE(allow->HasUnsafeTraps());
+
   const Arg<int> arg(0);
   ResultExpr maybe = If(arg == 0, allow).Else(unsafe);
   EXPECT_TRUE(maybe->HasUnsafeTraps());

sandbox/linux/bpf_dsl/dump_bpf.cc

@@ -119,6 +119,8 @@ void AppendInstruction(std::string* dst, size_t pc, const sock_filter& insn) {
       } else if ((insn.k & SECCOMP_RET_ACTION) == SECCOMP_RET_TRACE) {
         base::StringAppendF(dst, "Trace #%" PRIu32 "\n",
                             insn.k & SECCOMP_RET_DATA);
+      } else if (insn.k == SECCOMP_RET_USER_NOTIF) {
+        base::StringAppendF(dst, "UserNotif\n");
       } else if (insn.k == SECCOMP_RET_ALLOW) {
         base::StringAppendF(dst, "Allowed\n");
       } else if (insn.k == SECCOMP_RET_KILL) {