Readability: Use an enum class for ViolationType

Drive-by: Formatting/simplify expression PiperOrigin-RevId: 645036878 Change-Id: Ica80d097c8644ed3a95f635d4db2bb602ea5df49
google · Jun 20, 2024 · 4ef595d · 4ef595d
1 parent 61f75da
commit 4ef595d
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 18 deletions.
diff --git a/sandboxed_api/sandbox2/monitor_ptrace.cc b/sandboxed_api/sandbox2/monitor_ptrace.cc
@@ -657,9 +657,8 @@ bool PtraceMonitor::InitPtraceAttach() {
 void PtraceMonitor::ActionProcessSyscall(Regs* regs, const Syscall& syscall) {
   // If the sandboxing is not enabled yet, allow the first __NR_execveat.
   if (syscall.nr() == __NR_execveat && !IsActivelyMonitoring()) {
-    VLOG(1) << "[PERMITTED/BEFORE_EXECVEAT]: "
-            << "SYSCALL ::: PID: " << regs->pid() << ", PROG: '"
-            << util::GetProgName(regs->pid())
+    VLOG(1) << "[PERMITTED/BEFORE_EXECVEAT]: " << "SYSCALL ::: PID: "
+            << regs->pid() << ", PROG: '" << util::GetProgName(regs->pid())
             << "' : " << syscall.GetDescription();
     ContinueProcess(regs->pid(), 0);
     return;
@@ -693,7 +692,7 @@ void PtraceMonitor::ActionProcessSyscall(Regs* regs, const Syscall& syscall) {
     return;
   }
 
-  ActionProcessSyscallViolation(regs, syscall, kSyscallViolation);
+  ActionProcessSyscallViolation(regs, syscall, ViolationType::kSyscall);
 }
 
 void PtraceMonitor::ActionProcessSyscallViolation(
@@ -744,7 +743,8 @@ void PtraceMonitor::EventPtraceSeccomp(pid_t pid, int event_msg) {
   // If the architecture of the syscall used is different that the current host
   // architecture, report a violation.
   if (syscall_arch != Syscall::GetHostArch()) {
-    ActionProcessSyscallViolation(&regs, syscall, kArchitectureSwitchViolation);
+    ActionProcessSyscallViolation(&regs, syscall,
+                                  ViolationType::kArchitectureSwitch);
     return;
   }
 
@@ -781,18 +781,18 @@ void PtraceMonitor::EventPtraceNewProcess(pid_t pid, int event_msg) {
   // ptrace doesn't issue syscall-exit-stops for successful fork/vfork/clone
   // system calls. Check if the monitor wanted to inspect the syscall's return
   // value, and call EventSyscallReturn for the parent process if so.
-  auto index = syscalls_in_progress_.find(pid);
-  if (index != syscalls_in_progress_.end()) {
+  if (auto index = syscalls_in_progress_.find(pid);
+      index != syscalls_in_progress_.end()) {
     auto syscall_nr = index->second.nr();
     bool creating_new_process = syscall_nr == __NR_clone;
 #ifdef __NR_clone3
-    creating_new_process = creating_new_process || syscall_nr == __NR_clone3;
+    creating_new_process |= syscall_nr == __NR_clone3;
 #endif
 #ifdef __NR_fork
-    creating_new_process = creating_new_process || syscall_nr == __NR_fork;
+    creating_new_process |= syscall_nr == __NR_fork;
 #endif
 #ifdef __NR_vfork
-    creating_new_process = creating_new_process || syscall_nr == __NR_vfork;
+    creating_new_process |= syscall_nr == __NR_vfork;
 #endif
     if (!creating_new_process) {
       LOG(ERROR) << "Expected a fork/vfork/clone syscall in progress in PID "
@@ -861,8 +861,9 @@ void PtraceMonitor::EventPtraceExit(pid_t pid, int event_msg) {
   // Process signaled due to seccomp violation.
   if (is_seccomp) {
     VLOG(1) << "PID: " << pid << " violation uncovered via the EXIT_EVENT";
-    ActionProcessSyscallViolation(
-        regs.get(), regs->ToSyscall(Syscall::GetHostArch()), kSyscallViolation);
+    ActionProcessSyscallViolation(regs.get(),
+                                  regs->ToSyscall(Syscall::GetHostArch()),
+                                  ViolationType::kSyscall);
     return;
   }
 

diff --git a/sandboxed_api/sandbox2/monitor_unotify.cc b/sandboxed_api/sandbox2/monitor_unotify.cc
@@ -185,8 +185,8 @@ void UnotifyMonitor::HandleUnotify() {
                    req_->data.args[3], req_->data.args[4], req_->data.args[5]},
                   req_->pid, 0, req_->data.instruction_pointer);
   ViolationType violation_type = syscall.arch() == Syscall::GetHostArch()
-                                     ? kSyscallViolation
-                                     : kArchitectureSwitchViolation;
+                                     ? ViolationType::kSyscall
+                                     : ViolationType::kArchitectureSwitch;
   LogSyscallViolation(syscall);
   notify_->EventSyscallViolation(syscall, violation_type);
   MaybeGetStackTrace(req_->pid, Result::VIOLATION);
@@ -285,7 +285,8 @@ void UnotifyMonitor::Run() {
 }
 
 void UnotifyMonitor::SetExitStatusFromStatusPipe() {
-  int code, status;
+  int code;
+  int status;
   rusage usage;
 
   std::vector<iovec> iov = {

diff --git a/sandboxed_api/sandbox2/notify.h b/sandboxed_api/sandbox2/notify.h
@@ -19,6 +19,8 @@
 
 #include <sys/types.h>
 
+#include <cstdint>
+
 #include "absl/base/attributes.h"
 #include "absl/log/log.h"
 #include "sandboxed_api/sandbox2/comms.h"
@@ -28,11 +30,11 @@
 
 namespace sandbox2 {
 
-enum ViolationType {
+enum class ViolationType {
   // A syscall disallowed by the policy was invoked.
-  kSyscallViolation,
+  kSyscall,
   // A syscall with cpu architecture not covered by the policy was invoked.
-  kArchitectureSwitchViolation,
+  kArchitectureSwitch,
 };
 
 class Notify {