Home | History | Annotate | Download | only in sandbox_linux 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
      6 #define CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/callback_forward.h"
     12 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
     13 
     14 namespace sandbox {
     15 class BrokerProcess;
     16 }
     17 
     18 namespace content {
     19 
     20 class GpuProcessPolicy : public SandboxBPFBasePolicy {
     21  public:
     22   GpuProcessPolicy();
     23   virtual ~GpuProcessPolicy();
     24 
     25   virtual sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
     26       int system_call_number) const OVERRIDE;
     27 
     28   virtual bool PreSandboxHook() OVERRIDE;
     29 
     30  protected:
     31   // Start a broker process to handle open() inside the sandbox.
     32   // |broker_sandboxer_allocator| is a function pointer which can allocate a
     33   // suitable sandbox policy for the broker process itself.
     34   // |read_whitelist_extra| and |write_whitelist_extra| are lists of file
     35   // names that should be whitelisted by the broker process, in addition to
     36   // the basic ones.
     37   void InitGpuBrokerProcess(
     38       sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)(
     39           void),
     40       const std::vector<std::string>& read_whitelist_extra,
     41       const std::vector<std::string>& write_whitelist_extra);
     42 
     43   sandbox::BrokerProcess* broker_process() { return broker_process_; }
     44 
     45  private:
     46   // A BrokerProcess is a helper that is started before the sandbox is engaged
     47   // and will serve requests to access files over an IPC channel. The client of
     48   // this runs from a SIGSYS handler triggered by the seccomp-bpf sandbox.
     49   // This should never be destroyed, as after the sandbox is started it is
     50   // vital to the process.
     51   // This is allocated by InitGpuBrokerProcess, called from PreSandboxHook(),
     52   // which executes iff the sandbox is going to be enabled afterwards.
     53   sandbox::BrokerProcess* broker_process_;
     54   DISALLOW_COPY_AND_ASSIGN(GpuProcessPolicy);
     55 };
     56 
     57 }  // namespace content
     58 
     59 #endif  // CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
     60