1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef SANDBOX_LINUX_BPF_DSL_POLICY_H_ 6#define SANDBOX_LINUX_BPF_DSL_POLICY_H_ 7 8#include "base/macros.h" 9#include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h" 10#include "sandbox/sandbox_export.h" 11 12namespace sandbox { 13namespace bpf_dsl { 14 15// Interface to implement to define a BPF sandbox policy. 16class SANDBOX_EXPORT Policy { 17 public: 18 Policy() {} 19 virtual ~Policy() {} 20 21 // User extension point for writing custom sandbox policies. 22 // The returned ResultExpr will control how the kernel responds to the 23 // specified system call number. 24 virtual ResultExpr EvaluateSyscall(int sysno) const = 0; 25 26 // Optional overload for specifying alternate behavior for invalid 27 // system calls. The default is to return ENOSYS. 28 virtual ResultExpr InvalidSyscall() const; 29 30 private: 31 DISALLOW_COPY_AND_ASSIGN(Policy); 32}; 33 34} // namespace bpf_dsl 35} // namespace sandbox 36 37#endif // SANDBOX_LINUX_BPF_DSL_POLICY_H_ 38