sandbox/linux/bpf_dsl/policy.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_LINUX_BPF_DSL_POLICY_H_
   6 #define SANDBOX_LINUX_BPF_DSL_POLICY_H_
   7
   8 #include "base/macros.h"
   9 #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
  10 #include "sandbox/sandbox_export.h"
  11
  12 namespace sandbox {
  13 namespace bpf_dsl {
  14
  15 // Interface to implement to define a BPF sandbox policy.
  16 class SANDBOX_EXPORT Policy {
  17  public:
  18   Policy() {}
  19   virtual ~Policy() {}
  20
  21   // User extension point for writing custom sandbox policies.
  22   // The returned ResultExpr will control how the kernel responds to the
  23   // specified system call number.
  24   virtual ResultExpr EvaluateSyscall(int sysno) const = 0;
  25
  26   // Optional overload for specifying alternate behavior for invalid
  27   // system calls.  The default is to return ENOSYS.
  28   virtual ResultExpr InvalidSyscall() const;
  29
  30  private:
  31   DISALLOW_COPY_AND_ASSIGN(Policy);
  32 };
  33
  34 }  // namespace bpf_dsl
  35 }  // namespace sandbox
  36
  37 #endif  // SANDBOX_LINUX_BPF_DSL_POLICY_H_