sandbox/policy/linux/bpf_broker_policy_linux.h - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_
 #define SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_

 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/syscall_broker/broker_command.h"
 #include "sandbox/policy/export.h"
 #include "sandbox/policy/linux/bpf_base_policy_linux.h"

 namespace sandbox {
 namespace policy {

 // A broker policy is one for a privileged syscall broker that allows
 // a limited set of filesystem calls.
 class SANDBOX_POLICY_EXPORT BrokerProcessPolicy : public BPFBasePolicy {
  public:
   explicit BrokerProcessPolicy(
       const syscall_broker::BrokerCommandSet& allowed_command_set);

   BrokerProcessPolicy(const BrokerProcessPolicy&) = delete;
   BrokerProcessPolicy& operator=(const BrokerProcessPolicy&) = delete;

   ~BrokerProcessPolicy() override;

   bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;

  private:
   const syscall_broker::BrokerCommandSet allowed_command_set_;
 };

 }  // namespace policy
 }  // namespace sandbox

 #endif  // SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_
	// Copyright 2017 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_
	#define SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_

	#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
	#include "sandbox/linux/syscall_broker/broker_command.h"
	#include "sandbox/policy/export.h"
	#include "sandbox/policy/linux/bpf_base_policy_linux.h"

	namespace sandbox {
	namespace policy {

	// A broker policy is one for a privileged syscall broker that allows
	// a limited set of filesystem calls.
	class SANDBOX_POLICY_EXPORT BrokerProcessPolicy : public BPFBasePolicy {
	public:
	explicit BrokerProcessPolicy(
	const syscall_broker::BrokerCommandSet& allowed_command_set);

	BrokerProcessPolicy(const BrokerProcessPolicy&) = delete;
	BrokerProcessPolicy& operator=(const BrokerProcessPolicy&) = delete;

	~BrokerProcessPolicy() override;

	bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;

	private:
	const syscall_broker::BrokerCommandSet allowed_command_set_;
	};

	} // namespace policy
	} // namespace sandbox

	#endif // SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_