1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 7 8 #include "base/basictypes.h" 9 10 namespace sandbox { 11 12 class ErrorCode; 13 class SandboxBPF; 14 15 // This is the interface to implement to define a BPF sandbox policy. 16 class SandboxBPFPolicy { 17 public: 18 SandboxBPFPolicy() {} 19 virtual ~SandboxBPFPolicy() {} 20 21 // The EvaluateSyscall method is called with the system call number. It can 22 // decide to allow the system call unconditionally by returning ERR_ALLOWED; 23 // it can deny the system call unconditionally by returning an appropriate 24 // "errno" value; or it can request inspection of system call argument(s) by 25 // returning a suitable ErrorCode. 26 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, 27 int system_call_number) const = 0; 28 29 private: 30 DISALLOW_COPY_AND_ASSIGN(SandboxBPFPolicy); 31 }; 32 33 } // namespace sandbox 34 35 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 36
