sandbox_bpf_policy.h revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
6#define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
7
8#include "base/basictypes.h"
9
10namespace sandbox {
11
12class ErrorCode;
13class SandboxBPF;
14
15// This is the interface to implement to define a BPF sandbox policy.
16class SandboxBPFPolicy {
17 public:
18  SandboxBPFPolicy() {}
19  virtual ~SandboxBPFPolicy() {}
20
21  // The EvaluateSyscall method is called with the system call number. It can
22  // decide to allow the system call unconditionally by returning ERR_ALLOWED;
23  // it can deny the system call unconditionally by returning an appropriate
24  // "errno" value; or it can request inspection of system call argument(s) by
25  // returning a suitable ErrorCode.
26  virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
27                                    int system_call_number) const = 0;
28
29 private:
30  DISALLOW_COPY_AND_ASSIGN(SandboxBPFPolicy);
31};
32
33}  // namespace sandbox
34
35#endif  // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
36