| Index: sandbox/linux/bpf_dsl/policy_compiler.h
|
| diff --git a/sandbox/linux/bpf_dsl/policy_compiler.h b/sandbox/linux/bpf_dsl/policy_compiler.h
|
| index df38d4ccbc4e4cd087d6e9d510adcf50b00b2a2b..0e0234325715692c279e501c4b42bcb06b8b890f 100644
|
| --- a/sandbox/linux/bpf_dsl/policy_compiler.h
|
| +++ b/sandbox/linux/bpf_dsl/policy_compiler.h
|
| @@ -15,6 +15,7 @@
|
| #include "base/memory/scoped_ptr.h"
|
| #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
|
| #include "sandbox/linux/bpf_dsl/codegen.h"
|
| +#include "sandbox/linux/bpf_dsl/trap_registry.h"
|
| #include "sandbox/linux/seccomp-bpf/errorcode.h"
|
| #include "sandbox/sandbox_export.h"
|
|
|
| @@ -27,6 +28,8 @@ class Policy;
|
| // Linux kernel.
|
| class SANDBOX_EXPORT PolicyCompiler {
|
| public:
|
| + using PanicFunc = bpf_dsl::ResultExpr (*)(const char* error);
|
| +
|
| PolicyCompiler(const Policy* policy, TrapRegistry* registry);
|
| ~PolicyCompiler();
|
|
|
| @@ -38,6 +41,12 @@ class SANDBOX_EXPORT PolicyCompiler {
|
| // system calls, regardless of policy.
|
| void DangerousSetEscapePC(uint64_t escapepc);
|
|
|
| + // SetPanicFunc sets the callback function used for handling faulty
|
| + // system call conditions. The default behavior is to immediately kill
|
| + // the process.
|
| + // TODO(mdempsky): Move this into Policy?
|
| + void SetPanicFunc(PanicFunc panic_func);
|
| +
|
| // Error returns an ErrorCode to indicate the system call should fail with
|
| // the specified error number.
|
| ErrorCode Error(int err);
|
| @@ -145,6 +154,7 @@ class SANDBOX_EXPORT PolicyCompiler {
|
| const Policy* policy_;
|
| TrapRegistry* registry_;
|
| uint64_t escapepc_;
|
| + PanicFunc panic_func_;
|
|
|
| Conds conds_;
|
| CodeGen gen_;
|
|
|
Chromium Code Reviews
Issue 1302043002:
sandbox/linux: refactor bpf_dsl dependency on die.h (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master