| Index: sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
|
| diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
|
| index 1ac5daba5d976b8bf9e2d933ff1be6ca90206ea9..fc6fdf6fe4f66609835e2760d9889a63b6a83763 100644
|
| --- a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
|
| +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
|
| @@ -6,6 +6,7 @@
|
| #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
|
|
|
| #include "base/basictypes.h"
|
| +#include "sandbox/sandbox_export.h"
|
|
|
| namespace sandbox {
|
|
|
| @@ -13,7 +14,7 @@ class ErrorCode;
|
| class SandboxBPF;
|
|
|
| // This is the interface to implement to define a BPF sandbox policy.
|
| -class SandboxBPFPolicy {
|
| +class SANDBOX_EXPORT SandboxBPFPolicy {
|
| public:
|
| SandboxBPFPolicy() {}
|
| virtual ~SandboxBPFPolicy() {}
|
| @@ -23,9 +24,14 @@ class SandboxBPFPolicy {
|
| // it can deny the system call unconditionally by returning an appropriate
|
| // "errno" value; or it can request inspection of system call argument(s) by
|
| // returning a suitable ErrorCode.
|
| + // Will only be called for valid system call numbers.
|
| virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
|
| int system_call_number) const = 0;
|
|
|
| + // The InvalidSyscall method specifies the behavior used for invalid
|
| + // system calls. The default implementation is to return ENOSYS.
|
| + virtual ErrorCode InvalidSyscall(SandboxBPF* sandbox_compiler) const;
|
| +
|
| private:
|
| DISALLOW_COPY_AND_ASSIGN(SandboxBPFPolicy);
|
| };
|
|
|
Chromium Code Reviews
Issue 293463002:
Add SandboxBPFPolicy::InvalidSyscall() to simplify writing policies (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src