Revert of Remove SandboxBPF's dependency on CompatibilityPolicy

sandbox/linux/seccomp-bpf/sandbox_bpf.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
 
 #include <stddef.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ skipping 47 matching lines @@
   // StartSandbox(), the program should indicate whether or not the sandbox
   // should try and engage with multi-thread support.
   enum SandboxThreadState {
     PROCESS_INVALID,
     PROCESS_SINGLE_THREADED,  // The program is currently single-threaded.
     // Note: PROCESS_MULTI_THREADED requires experimental kernel support that
     // has not been contributed to upstream Linux.
     PROCESS_MULTI_THREADED,   // The program may be multi-threaded.
   };
 
+  // When calling setSandboxPolicy(), the caller can provide an arbitrary
+  // pointer in |aux|. This pointer will then be forwarded to the sandbox
+  // policy each time a call is made through an EvaluateSyscall function
+  // pointer.  One common use case would be to pass the "aux" pointer as an
+  // argument to Trap() functions.
+  typedef ErrorCode (*EvaluateSyscall)(SandboxBPF* sandbox_compiler,
+                                       int system_call_number,
+                                       void* aux);
   // A vector of BPF instructions that need to be installed as a filter
   // program in the kernel.
   typedef std::vector<struct sock_filter> Program;
 
   // Constructors and destructors.
   // NOTE: Setting a policy and starting the sandbox is a one-way operation.
   //       The kernel does not provide any option for unloading a loaded
   //       sandbox. Strictly speaking, that means we should disallow calling
   //       the destructor, if StartSandbox() has ever been called. In practice,
   //       this makes it needlessly complicated to operate on "Sandbox"
@@ skipping 16 matching lines @@
   // provided by the caller.
   static SandboxStatus SupportsSeccompSandbox(int proc_fd);
 
   // The sandbox needs to be able to access files in "/proc/self". If this
   // directory is not accessible when "startSandbox()" gets called, the caller
   // can provide an already opened file descriptor by calling "set_proc_fd()".
   // The sandbox becomes the new owner of this file descriptor and will
   // eventually close it when "StartSandbox()" executes.
   void set_proc_fd(int proc_fd);
 
+  // The system call evaluator function is called with the system
+  // call number. It can decide to allow the system call unconditionally
+  // by returning ERR_ALLOWED; it can deny the system call unconditionally by
+  // returning an appropriate "errno" value; or it can request inspection
+  // of system call argument(s) by returning a suitable ErrorCode.
+  // The "aux" parameter can be used to pass optional data to the system call
+  // evaluator. There are different possible uses for this data, but one of the
+  // use cases would be for the policy to then forward this pointer to a Trap()
+  // handler. In this case, of course, the data that is pointed to must remain
+  // valid for the entire time that Trap() handlers can be called; typically,
+  // this would be the lifetime of the program.
+  // DEPRECATED: use the policy interface below.
+  void SetSandboxPolicyDeprecated(EvaluateSyscall syscallEvaluator, void* aux);
+
   // Set the BPF policy as |policy|. Ownership of |policy| is transfered here
   // to the sandbox object.
   void SetSandboxPolicy(SandboxBPFPolicy* policy);
 
   // We can use ErrorCode to request calling of a trap handler. This method
   // performs the required wrapping of the callback function into an
   // ErrorCode object.
   // The "aux" field can carry a pointer to arbitrary data. See EvaluateSyscall
   // for a description of how to pass data from SetSandboxPolicy() to a Trap()
   // handler.
@@ skipping 86 matching lines @@
   typedef std::map<uint32_t, ErrorCode> ErrMap;
   typedef std::set<ErrorCode, struct ErrorCode::LessThan> Conds;
 
   // Get a file descriptor pointing to "/proc", if currently available.
   int proc_fd() { return proc_fd_; }
 
   // Creates a subprocess and runs "code_in_sandbox" inside of the specified
   // policy. The caller has to make sure that "this" has not yet been
   // initialized with any other policies.
   bool RunFunctionInPolicy(void (*code_in_sandbox)(),
-                           scoped_ptr<SandboxBPFPolicy> policy);
+                           EvaluateSyscall syscall_evaluator,
+                           void* aux);
 
   // Performs a couple of sanity checks to verify that the kernel supports the
   // features that we need for successful sandboxing.
   // The caller has to make sure that "this" has not yet been initialized with
   // any other policies.
   bool KernelSupportSeccompBPF();
 
   // Verify that the current policy passes some basic sanity checks.
   void PolicySanityChecks(SandboxBPFPolicy* policy);
 
@@ skipping 38 matching lines @@
   scoped_ptr<const SandboxBPFPolicy> policy_;
   Conds* conds_;
   bool sandbox_has_started_;
 
   DISALLOW_COPY_AND_ASSIGN(SandboxBPF);
 };
 
 }  // namespace sandbox
 
 #endif  // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__