Permission message rules: Each rule must have >= 1 required permissions
[chromium-blink-merge.git] / sandbox / linux / bpf_dsl / policy.h
blob6c67589456af342d175aeb04b16f6f715bd6fec2
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_LINUX_BPF_DSL_POLICY_H_
6 #define SANDBOX_LINUX_BPF_DSL_POLICY_H_
8 #include "base/macros.h"
9 #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
10 #include "sandbox/sandbox_export.h"
12 namespace sandbox {
13 namespace bpf_dsl {
15 // Interface to implement to define a BPF sandbox policy.
16 class SANDBOX_EXPORT Policy {
17 public:
18 Policy() {}
19 virtual ~Policy() {}
21 // User extension point for writing custom sandbox policies.
22 // The returned ResultExpr will control how the kernel responds to the
23 // specified system call number.
24 virtual ResultExpr EvaluateSyscall(int sysno) const = 0;
26 // Optional overload for specifying alternate behavior for invalid
27 // system calls. The default is to return ENOSYS.
28 virtual ResultExpr InvalidSyscall() const;
30 private:
31 DISALLOW_COPY_AND_ASSIGN(Policy);
34 } // namespace bpf_dsl
35 } // namespace sandbox
37 #endif // SANDBOX_LINUX_BPF_DSL_POLICY_H_