Linux: add a public content/ API to start a sandbox.

Add a new API to start a sandbox for process types out of content/. BUG=229673, 168812 Review URL: https://chromiumcodereview.appspot.com/16775010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206939 0039d316-1c4b-4281-b951-d872f2087c98
author: jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-06-18 11:39:18 +0000
committer: jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-06-18 11:39:18 +0000
commit: 1de75af3a06d15e958a6e3aefe5ad3dfcab01e5a (patch)
tree: 4d849d6b22b4c51ebefb10055fb7bf14c16d5f69 /sandbox/linux/seccomp-bpf/sandbox_bpf.h
parent: aafb593c5f710a4878788f89f2a4080a3fbaf42a (diff)
download: chromium_src-1de75af3a06d15e958a6e3aefe5ad3dfcab01e5a.zip
chromium_src-1de75af3a06d15e958a6e3aefe5ad3dfcab01e5a.tar.gz
chromium_src-1de75af3a06d15e958a6e3aefe5ad3dfcab01e5a.tar.bz2
1 files changed, 8 insertions, 6 deletions
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index 3d26991..f2653b0 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -20,7 +20,7 @@
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/port.h"
-
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h"
 
 namespace playground2 {
 
@@ -51,12 +51,14 @@ class Sandbox {
     STATUS_ENABLED       // The sandbox is now active
   };
 
+  // BpfSandboxPolicy is the following type:
+  // ErrorCode (Sandbox *sb, int sysnum, void *aux);
   // When calling setSandboxPolicy(), the caller can provide an arbitrary
-  // pointer. This pointer will then be forwarded to the sandbox policy
-  // each time a call is made through an EvaluateSyscall function pointer.
-  // One common use case would be to pass the "aux" pointer as an argument
-  // to Trap() functions.
-  typedef ErrorCode (*EvaluateSyscall)(Sandbox *sb, int sysnum, void *aux);
+  // pointer in |aux|. This pointer will then be forwarded to the sandbox
+  // policy each time a call is made through an EvaluateSyscall function
+  // pointer.  One common use case would be to pass the "aux" pointer as an
+  // argument to Trap() functions.
+  typedef BpfSandboxPolicy* EvaluateSyscall;
   typedef std::vector<std::pair<EvaluateSyscall, void *> >Evaluators;
 
   // A vector of BPF instructions that need to be installed as a filter
author	jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-06-18 11:39:18 +0000
committer	jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-06-18 11:39:18 +0000
commit	1de75af3a06d15e958a6e3aefe5ad3dfcab01e5a (patch)
tree	4d849d6b22b4c51ebefb10055fb7bf14c16d5f69 /sandbox/linux/seccomp-bpf/sandbox_bpf.h
parent	aafb593c5f710a4878788f89f2a4080a3fbaf42a (diff)
download	chromium_src-1de75af3a06d15e958a6e3aefe5ad3dfcab01e5a.zip chromium_src-1de75af3a06d15e958a6e3aefe5ad3dfcab01e5a.tar.gz chromium_src-1de75af3a06d15e958a6e3aefe5ad3dfcab01e5a.tar.bz2