| Index: sandbox/linux/bpf_dsl/policy_compiler.h
|
| diff --git a/sandbox/linux/bpf_dsl/policy_compiler.h b/sandbox/linux/bpf_dsl/policy_compiler.h
|
| index df38d4ccbc4e4cd087d6e9d510adcf50b00b2a2b..85fd288ab983743f6993650b854dcdb3685ce83d 100644
|
| --- a/sandbox/linux/bpf_dsl/policy_compiler.h
|
| +++ b/sandbox/linux/bpf_dsl/policy_compiler.h
|
| @@ -15,7 +15,8 @@
|
| #include "base/memory/scoped_ptr.h"
|
| #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
|
| #include "sandbox/linux/bpf_dsl/codegen.h"
|
| -#include "sandbox/linux/seccomp-bpf/errorcode.h"
|
| +#include "sandbox/linux/bpf_dsl/errorcode.h"
|
| +#include "sandbox/linux/bpf_dsl/trap_registry.h"
|
| #include "sandbox/sandbox_export.h"
|
|
|
| namespace sandbox {
|
| @@ -27,6 +28,8 @@ class Policy;
|
| // Linux kernel.
|
| class SANDBOX_EXPORT PolicyCompiler {
|
| public:
|
| + using PanicFunc = bpf_dsl::ResultExpr (*)(const char* error);
|
| +
|
| PolicyCompiler(const Policy* policy, TrapRegistry* registry);
|
| ~PolicyCompiler();
|
|
|
| @@ -38,6 +41,12 @@ class SANDBOX_EXPORT PolicyCompiler {
|
| // system calls, regardless of policy.
|
| void DangerousSetEscapePC(uint64_t escapepc);
|
|
|
| + // SetPanicFunc sets the callback function used for handling faulty
|
| + // system call conditions. The default behavior is to immediately kill
|
| + // the process.
|
| + // TODO(mdempsky): Move this into Policy?
|
| + void SetPanicFunc(PanicFunc panic_func);
|
| +
|
| // Error returns an ErrorCode to indicate the system call should fail with
|
| // the specified error number.
|
| ErrorCode Error(int err);
|
| @@ -145,6 +154,7 @@ class SANDBOX_EXPORT PolicyCompiler {
|
| const Policy* policy_;
|
| TrapRegistry* registry_;
|
| uint64_t escapepc_;
|
| + PanicFunc panic_func_;
|
|
|
| Conds conds_;
|
| CodeGen gen_;
|
|
|
Chromium Code Reviews
Issue 1310773006:
Update sandbox/linux from upstream (Closed)
Base URL: ssh://ssh.github.com/domokit/mojo.git@master