| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_ |
| 6 #define CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_ |
| 7 |
| 8 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" |
| 9 #include "sandbox/linux/seccomp-bpf/errorcode.h" |
| 10 |
| 11 namespace content { |
| 12 |
| 13 // This class builds on top of the generic Linux baseline policy to reduce |
| 14 // Linux kernel attack surface. It augments the list of allowed syscalls to |
| 15 // allow ones required by the Android runtime. |
| 16 class SandboxBPFBasePolicyAndroid : public SandboxBPFBasePolicy { |
| 17 public: |
| 18 SandboxBPFBasePolicyAndroid(); |
| 19 virtual ~SandboxBPFBasePolicyAndroid(); |
| 20 |
| 21 // sandbox::SandboxBPFPolicy: |
| 22 virtual sandbox::ErrorCode EvaluateSyscall( |
| 23 sandbox::SandboxBPF* sandbox_compiler, |
| 24 int system_call_number) const OVERRIDE; |
| 25 |
| 26 private: |
| 27 DISALLOW_COPY_AND_ASSIGN(SandboxBPFBasePolicyAndroid); |
| 28 }; |
| 29 |
| 30 } // namespace content |
| 31 |
| 32 #endif // CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_
H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 180783019:
[Android] Define a baseline seccomp-bpf sandbox policy. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master