1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" 6 7 #include <errno.h> 8 9 #include "base/logging.h" 10 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" 11 12 using sandbox::bpf_dsl::ResultExpr; 13 14 namespace content { 15 16 namespace { 17 18 // The errno used for denied file system access system calls, such as open(2). 19 static const int kFSDeniedErrno = EPERM; 20 21 } // namespace. 22 23 SandboxBPFBasePolicy::SandboxBPFBasePolicy() 24 : baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {} 25 SandboxBPFBasePolicy::~SandboxBPFBasePolicy() {} 26 27 ResultExpr SandboxBPFBasePolicy::EvaluateSyscall(int system_call_number) const { 28 DCHECK(baseline_policy_); 29 return baseline_policy_->EvaluateSyscall(system_call_number); 30 } 31 32 ResultExpr SandboxBPFBasePolicy::InvalidSyscall() const { 33 DCHECK(baseline_policy_); 34 return baseline_policy_->InvalidSyscall(); 35 } 36 37 bool SandboxBPFBasePolicy::PreSandboxHook() { 38 return true; 39 } 40 41 int SandboxBPFBasePolicy::GetFSDeniedErrno() { 42 return kFSDeniedErrno; 43 } 44 45 } // namespace content. 46
