Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(242)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy.h

Issue 101773003: Linux sandbox: cleanup sandbox-bpf naming. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address namespace sandbox nits. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/renderer/renderer_main_platform_delegate_linux.cc ('k') | sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_ 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_
6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_ 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_
7 7
8 #include "sandbox/linux/seccomp-bpf/errorcode.h" 8 #include "sandbox/linux/seccomp-bpf/errorcode.h"
9 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" 9 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
10 10
11 namespace playground2 { 11 namespace sandbox {
12 class Sandbox;
13 class SandboxBpfPolicy;
14 }
15 12
16 using playground2::ErrorCode; 13 class SandboxBPF;
17 using playground2::Sandbox; 14 class SandboxBPFPolicy;
18 using playground2::SandboxBpfPolicy;
19
20 namespace sandbox {
21 15
22 // This is a helper to build seccomp-bpf policies, i.e. policies for a sandbox 16 // This is a helper to build seccomp-bpf policies, i.e. policies for a sandbox
23 // that reduces the Linux kernel's attack surface. Given its nature, it doesn't 17 // that reduces the Linux kernel's attack surface. Given its nature, it doesn't
24 // have a clear semantics and is mostly "implementation-defined". 18 // have a clear semantics and is mostly "implementation-defined".
25 // 19 //
26 // This returns an object that implements the SandboxBpfPolicy interface with 20 // This returns an object that implements the SandboxBPFPolicy interface with
27 // a "baseline" policy within Chromium. 21 // a "baseline" policy within Chromium.
28 // The "baseline" policy is somewhat arbitrary. All Chromium policies are an 22 // The "baseline" policy is somewhat arbitrary. All Chromium policies are an
29 // alteration of it, and it represents a reasonable common ground to run most 23 // alteration of it, and it represents a reasonable common ground to run most
30 // code in a sandboxed environment. 24 // code in a sandboxed environment.
31 class BaselinePolicy : public SandboxBpfPolicy { 25 class BaselinePolicy : public SandboxBPFPolicy {
32 public: 26 public:
33 BaselinePolicy(); 27 BaselinePolicy();
34 // |fs_denied_errno| is the errno returned when a filesystem access system 28 // |fs_denied_errno| is the errno returned when a filesystem access system
35 // call is denied. 29 // call is denied.
36 explicit BaselinePolicy(int fs_denied_errno); 30 explicit BaselinePolicy(int fs_denied_errno);
37 virtual ~BaselinePolicy(); 31 virtual ~BaselinePolicy();
38 32
39 virtual ErrorCode EvaluateSyscall(Sandbox* sandbox_compiler, 33 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
40 int system_call_number) const OVERRIDE; 34 int system_call_number) const OVERRIDE;
41 // TODO(jln): remove once NaCl uses the new policy format. Do not use in new 35 // TODO(jln): remove once NaCl uses the new policy format. Do not use in new
42 // code. This is the same as EvaluateSyscall. |aux| must be NULL. 36 // code. This is the same as EvaluateSyscall. |aux| must be NULL.
43 static ErrorCode BaselinePolicyDeprecated(Sandbox* sandbox, 37 static ErrorCode BaselinePolicyDeprecated(SandboxBPF* sandbox,
44 int sysno, 38 int sysno,
45 void* aux); 39 void* aux);
46 40
47 private: 41 private:
48 int fs_denied_errno_; 42 int fs_denied_errno_;
49 DISALLOW_COPY_AND_ASSIGN(BaselinePolicy); 43 DISALLOW_COPY_AND_ASSIGN(BaselinePolicy);
50 }; 44 };
51 45
52 } // namespace sandbox. 46 } // namespace sandbox.
53 47
54 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_ 48 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_
OLDNEW
« no previous file with comments | « content/renderer/renderer_main_platform_delegate_linux.cc ('k') | sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698