1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_BPF_DSL_POLICY_H_ 6 #define SANDBOX_LINUX_BPF_DSL_POLICY_H_ 7 8 #include "base/macros.h" 9 #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h" 10 #include "sandbox/sandbox_export.h" 11 12 namespace sandbox { 13 namespace bpf_dsl { 14 15 // Interface to implement to define a BPF sandbox policy. 16 class SANDBOX_EXPORT Policy { 17 public: Policy()18 Policy() {} ~Policy()19 virtual ~Policy() {} 20 21 // User extension point for writing custom sandbox policies. 22 // The returned ResultExpr will control how the kernel responds to the 23 // specified system call number. 24 virtual ResultExpr EvaluateSyscall(int sysno) const = 0; 25 26 // Optional overload for specifying alternate behavior for invalid 27 // system calls. The default is to return ENOSYS. 28 virtual ResultExpr InvalidSyscall() const; 29 30 private: 31 DISALLOW_COPY_AND_ASSIGN(Policy); 32 }; 33 34 } // namespace bpf_dsl 35 } // namespace sandbox 36 37 #endif // SANDBOX_LINUX_BPF_DSL_POLICY_H_ 38