OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ |
6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
| 10 #include <memory> |
| 11 |
10 #include "base/files/scoped_file.h" | 12 #include "base/files/scoped_file.h" |
11 #include "base/macros.h" | 13 #include "base/macros.h" |
12 #include "base/memory/scoped_ptr.h" | |
13 #include "sandbox/linux/bpf_dsl/codegen.h" | 14 #include "sandbox/linux/bpf_dsl/codegen.h" |
14 #include "sandbox/sandbox_export.h" | 15 #include "sandbox/sandbox_export.h" |
15 | 16 |
16 namespace sandbox { | 17 namespace sandbox { |
17 struct arch_seccomp_data; | 18 struct arch_seccomp_data; |
18 namespace bpf_dsl { | 19 namespace bpf_dsl { |
19 class Policy; | 20 class Policy; |
20 } | 21 } |
21 | 22 |
22 // This class can be used to apply a syscall sandboxing policy expressed in a | 23 // This class can be used to apply a syscall sandboxing policy expressed in a |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
97 // Assembles a BPF filter program from the current policy. After calling this | 98 // Assembles a BPF filter program from the current policy. After calling this |
98 // function, you must not call any other sandboxing function. | 99 // function, you must not call any other sandboxing function. |
99 CodeGen::Program AssembleFilter(); | 100 CodeGen::Program AssembleFilter(); |
100 | 101 |
101 // Assembles and installs a filter based on the policy that has previously | 102 // Assembles and installs a filter based on the policy that has previously |
102 // been configured with SetSandboxPolicy(). | 103 // been configured with SetSandboxPolicy(). |
103 void InstallFilter(bool must_sync_threads); | 104 void InstallFilter(bool must_sync_threads); |
104 | 105 |
105 base::ScopedFD proc_fd_; | 106 base::ScopedFD proc_fd_; |
106 bool sandbox_has_started_; | 107 bool sandbox_has_started_; |
107 scoped_ptr<bpf_dsl::Policy> policy_; | 108 std::unique_ptr<bpf_dsl::Policy> policy_; |
108 | 109 |
109 DISALLOW_COPY_AND_ASSIGN(SandboxBPF); | 110 DISALLOW_COPY_AND_ASSIGN(SandboxBPF); |
110 }; | 111 }; |
111 | 112 |
112 } // namespace sandbox | 113 } // namespace sandbox |
113 | 114 |
114 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ | 115 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H_ |
OLD | NEW |