Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(74)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h

Issue 293463002: Add SandboxBPFPolicy::InvalidSyscall() to simplify writing policies (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
7 7
8 #include "base/basictypes.h" 8 #include "base/basictypes.h"
9 #include "sandbox/sandbox_export.h"
9 10
10 namespace sandbox { 11 namespace sandbox {
11 12
12 class ErrorCode; 13 class ErrorCode;
13 class SandboxBPF; 14 class SandboxBPF;
14 15
15 // This is the interface to implement to define a BPF sandbox policy. 16 // This is the interface to implement to define a BPF sandbox policy.
16 class SandboxBPFPolicy { 17 class SANDBOX_EXPORT SandboxBPFPolicy {
17 public: 18 public:
18 SandboxBPFPolicy() {} 19 SandboxBPFPolicy() {}
19 virtual ~SandboxBPFPolicy() {} 20 virtual ~SandboxBPFPolicy() {}
20 21
21 // The EvaluateSyscall method is called with the system call number. It can 22 // The EvaluateSyscall method is called with the system call number. It can
22 // decide to allow the system call unconditionally by returning ERR_ALLOWED; 23 // decide to allow the system call unconditionally by returning ERR_ALLOWED;
23 // it can deny the system call unconditionally by returning an appropriate 24 // it can deny the system call unconditionally by returning an appropriate
24 // "errno" value; or it can request inspection of system call argument(s) by 25 // "errno" value; or it can request inspection of system call argument(s) by
25 // returning a suitable ErrorCode. 26 // returning a suitable ErrorCode.
27 // Will only be called for valid system call numbers.
26 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, 28 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
27 int system_call_number) const = 0; 29 int system_call_number) const = 0;
28 30
31 // The InvalidSyscall method specifies the behavior used for invalid
32 // system calls. The default implementation is to return ENOSYS.
33 virtual ErrorCode InvalidSyscall(SandboxBPF* sandbox_compiler) const;
34
29 private: 35 private:
30 DISALLOW_COPY_AND_ASSIGN(SandboxBPFPolicy); 36 DISALLOW_COPY_AND_ASSIGN(SandboxBPFPolicy);
31 }; 37 };
32 38
33 } // namespace sandbox 39 } // namespace sandbox
34 40
35 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_ 41 #endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698