1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_NACL_LOADER_NONSFI_NONSFI_SANDBOX_H_ 6 #define COMPONENTS_NACL_LOADER_NONSFI_NONSFI_SANDBOX_H_ 7 8 #include "base/basictypes.h" 9 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 10 11 namespace nacl { 12 namespace nonsfi { 13 14 // The seccomp sandbox policy for NaCl non-SFI mode. Note that this 15 // policy must be as strong as possible, as non-SFI mode heavily 16 // depends on seccomp sandbox. 17 class NaClNonSfiBPFSandboxPolicy 18 : public sandbox::bpf_dsl::SandboxBPFDSLPolicy { 19 public: 20 explicit NaClNonSfiBPFSandboxPolicy() {} 21 virtual ~NaClNonSfiBPFSandboxPolicy() {} 22 23 virtual sandbox::bpf_dsl::ResultExpr EvaluateSyscall( 24 int sysno) const OVERRIDE; 25 virtual sandbox::bpf_dsl::ResultExpr InvalidSyscall() const OVERRIDE; 26 27 private: 28 DISALLOW_COPY_AND_ASSIGN(NaClNonSfiBPFSandboxPolicy); 29 }; 30 31 // Initializes seccomp-bpf sandbox for non-SFI NaCl. Returns false on 32 // failure. 33 bool InitializeBPFSandbox(); 34 35 } // namespace nonsfi 36 } // namespace nacl 37 38 #endif // COMPONENTS_NACL_LOADER_NONSFI_NONSFI_SANDBOX_H_ 39
