1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_NACL_LOADER_NONSFI_NONSFI_SANDBOX_H_ 6 #define COMPONENTS_NACL_LOADER_NONSFI_NONSFI_SANDBOX_H_ 7 8 #include "base/basictypes.h" 9 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" 10 11 namespace nacl { 12 namespace nonsfi { 13 14 // The seccomp sandbox policy for NaCl non-SFI mode. Note that this 15 // policy must be as strong as possible, as non-SFI mode heavily 16 // depends on seccomp sandbox. 17 class NaClNonSfiBPFSandboxPolicy : public sandbox::SandboxBPFPolicy { 18 public: 19 explicit NaClNonSfiBPFSandboxPolicy() {} 20 virtual ~NaClNonSfiBPFSandboxPolicy() {} 21 22 virtual sandbox::ErrorCode EvaluateSyscall(sandbox::SandboxBPF* sb, 23 int sysno) const OVERRIDE; 24 25 private: 26 DISALLOW_COPY_AND_ASSIGN(NaClNonSfiBPFSandboxPolicy); 27 }; 28 29 // Initializes seccomp-bpf sandbox for non-SFI NaCl. Returns false on 30 // failure. 31 bool InitializeBPFSandbox(); 32 33 } // namespace nonsfi 34 } // namespace nacl 35 36 #endif // COMPONENTS_NACL_LOADER_NONSFI_NONSFI_SANDBOX_H_ 37