blob: 6c67589456af342d175aeb04b16f6f715bd6fec2 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SANDBOX_LINUX_BPF_DSL_POLICY_H_
#define SANDBOX_LINUX_BPF_DSL_POLICY_H_
#include "base/macros.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
namespace bpf_dsl {
// Interface to implement to define a BPF sandbox policy.
class SANDBOX_EXPORT Policy {
public:
Policy() {}
virtual ~Policy() {}
// User extension point for writing custom sandbox policies.
// The returned ResultExpr will control how the kernel responds to the
// specified system call number.
virtual ResultExpr EvaluateSyscall(int sysno) const = 0;
// Optional overload for specifying alternate behavior for invalid
// system calls. The default is to return ENOSYS.
virtual ResultExpr InvalidSyscall() const;
private:
DISALLOW_COPY_AND_ASSIGN(Policy);
};
} // namespace bpf_dsl
} // namespace sandbox
#endif // SANDBOX_LINUX_BPF_DSL_POLICY_H_