1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_ 6 #define CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_ 7 8 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" 9 #include "sandbox/linux/seccomp-bpf/errorcode.h" 10 11 namespace content { 12 13 // This class builds on top of the generic Linux baseline policy to reduce 14 // Linux kernel attack surface. It augments the list of allowed syscalls to 15 // allow ones required by the Android runtime. 16 class SandboxBPFBasePolicyAndroid : public SandboxBPFBasePolicy { 17 public: 18 SandboxBPFBasePolicyAndroid(); 19 virtual ~SandboxBPFBasePolicyAndroid(); 20 21 // sandbox::SandboxBPFPolicy: 22 virtual sandbox::ErrorCode EvaluateSyscall( 23 sandbox::SandboxBPF* sandbox_compiler, 24 int system_call_number) const OVERRIDE; 25 26 private: 27 DISALLOW_COPY_AND_ASSIGN(SandboxBPFBasePolicyAndroid); 28 }; 29 30 } // namespace content 31 32 #endif // CONTENT_COMMON_SANDBOX_LINUX_ANDROID_SANDBOX_BPF_BASE_POLICY_ANDROID_H_ 33