Home | History | Annotate | Download | only in android 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_
      6 #define CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_
      7 
      8 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
      9 
     10 namespace content {
     11 
     12 // This class builds on top of the generic Linux baseline policy to reduce
     13 // Linux kernel attack surface. It augments the list of allowed syscalls to
     14 // allow ones required by the Android runtime.
     15 class SandboxBPFBasePolicyAndroid : public SandboxBPFBasePolicy {
     16  public:
     17   SandboxBPFBasePolicyAndroid();
     18   virtual ~SandboxBPFBasePolicyAndroid();
     19 
     20   // sandbox::SandboxBPFPolicy:
     21   virtual sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
     22       int system_call_number) const OVERRIDE;
     23 
     24  private:
     25   DISALLOW_COPY_AND_ASSIGN(SandboxBPFBasePolicyAndroid);
     26 };
     27 
     28 }  // namespace content
     29 
     30 #endif  // CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_
     31