| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef SANDBOX_LINUX_BPF_DSL_POLICY_H_ |
| #define SANDBOX_LINUX_BPF_DSL_POLICY_H_ |
| |
| #include "base/macros.h" |
| #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h" |
| #include "sandbox/sandbox_export.h" |
| |
| namespace sandbox { |
| namespace bpf_dsl { |
| |
| // Interface to implement to define a BPF sandbox policy. |
| class SANDBOX_EXPORT Policy { |
| public: |
| Policy() {} |
| virtual ~Policy() {} |
| |
| // User extension point for writing custom sandbox policies. |
| // The returned ResultExpr will control how the kernel responds to the |
| // specified system call number. |
| virtual ResultExpr EvaluateSyscall(int sysno) const = 0; |
| |
| // Optional overload for specifying alternate behavior for invalid |
| // system calls. The default is to return ENOSYS. |
| virtual ResultExpr InvalidSyscall() const; |
| |
| private: |
| DISALLOW_COPY_AND_ASSIGN(Policy); |
| }; |
| |
| } // namespace bpf_dsl |
| } // namespace sandbox |
| |
| #endif // SANDBOX_LINUX_BPF_DSL_POLICY_H_ |