sandbox_bpf_policy.h revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 6#define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 7 8#include "base/basictypes.h" 9 10namespace sandbox { 11 12class ErrorCode; 13class SandboxBPF; 14 15// This is the interface to implement to define a BPF sandbox policy. 16class SandboxBPFPolicy { 17 public: 18 SandboxBPFPolicy() {} 19 virtual ~SandboxBPFPolicy() {} 20 21 // The EvaluateSyscall method is called with the system call number. It can 22 // decide to allow the system call unconditionally by returning ERR_ALLOWED; 23 // it can deny the system call unconditionally by returning an appropriate 24 // "errno" value; or it can request inspection of system call argument(s) by 25 // returning a suitable ErrorCode. 26 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, 27 int system_call_number) const = 0; 28 29 private: 30 DISALLOW_COPY_AND_ASSIGN(SandboxBPFPolicy); 31}; 32 33} // namespace sandbox 34 35#endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 36