// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_BPF_BASE_POLICY_LINUX_H_
#define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_BPF_BASE_POLICY_LINUX_H_
#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
#include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
using sandbox::ErrorCode;
using sandbox::SandboxBPF;
namespace content {
// The "baseline" BPF policy for content/. Any content/ seccomp-bpf policy
// should inherit from it.
// It implements the main SandboxBPFPolicy interface. Due to its nature
// as a "kernel attack surface reduction" layer, it's implementation-defined.
class SandboxBPFBasePolicy : public sandbox::SandboxBPFPolicy {
public:
SandboxBPFBasePolicy();
virtual ~SandboxBPFBasePolicy();
virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
// A policy can implement this hook to run code right before the policy
// is passed to the SandboxBPF class and the sandbox is engaged.
// If PreSandboxHook() returns true, the sandbox is guaranteed to be
// engaged afterwards.
// This will be used when enabling the sandbox though
// SandboxSeccompBPF::StartSandbox().
virtual bool PreSandboxHook();
// Get the errno(3) to return for filesystem errors.
static int GetFSDeniedErrno();
private:
// Compose the BaselinePolicy from sandbox/.
scoped_ptr<sandbox::BaselinePolicy> baseline_policy_;
DISALLOW_COPY_AND_ASSIGN(SandboxBPFBasePolicy);
};
} // namespace content
#endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_BPF_BASE_POLICY_LINUX_H_