search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / content / common / sandbox_linux / android / sandbox_bpf_base_policy_android.h
blobf8693d9feb895042853fa7cf48fb04ecc3fcfec1
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_
6 #define CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_
7
8 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
9
10 namespace content {
11
12 // This class builds on top of the generic Linux baseline policy to reduce
13 // Linux kernel attack surface. It augments the list of allowed syscalls to
14 // allow ones required by the Android runtime.
15 class SandboxBPFBasePolicyAndroid : public SandboxBPFBasePolicy {
16 public:
17 SandboxBPFBasePolicyAndroid();
18 ~SandboxBPFBasePolicyAndroid() override;
19
20 // sandbox::SandboxBPFPolicy:
21 sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
22 int system_call_number) const override;
23
24 private:
25 DISALLOW_COPY_AND_ASSIGN(SandboxBPFBasePolicyAndroid);
26 };
27
28 } // namespace content
29
30 #endif // CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_