Linux: add a public content/ API to start a sandbox.

Add a new API to start a sandbox for process types out of
content/.

BUG=229673, 168812

Review URL: https://chromiumcodereview.appspot.com/16775010

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206939 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 32 insertions, 6 deletions

diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi
index f5dd122..8dc97ce 100644
--- a/sandbox/linux/sandbox_linux.gypi
+++ b/sandbox/linux/sandbox_linux.gypi
@@ -96,6 +96,7 @@
         'seccomp-bpf/port.h',
         'seccomp-bpf/sandbox_bpf.cc',
         'seccomp-bpf/sandbox_bpf.h',
+        'seccomp-bpf/sandbox_bpf_policy_forward.h',
         'seccomp-bpf/syscall.cc',
         'seccomp-bpf/syscall.h',
         'seccomp-bpf/syscall_iterator.cc',
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index 3d26991..f2653b0 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -20,7 +20,7 @@
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/port.h"
-
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h"
 
 namespace playground2 {
 
@@ -51,12 +51,14 @@ class Sandbox {
     STATUS_ENABLED       // The sandbox is now active
   };
 
+  // BpfSandboxPolicy is the following type:
+  // ErrorCode (Sandbox *sb, int sysnum, void *aux);
   // When calling setSandboxPolicy(), the caller can provide an arbitrary
-  // pointer. This pointer will then be forwarded to the sandbox policy
-  // each time a call is made through an EvaluateSyscall function pointer.
-  // One common use case would be to pass the "aux" pointer as an argument
-  // to Trap() functions.
-  typedef ErrorCode (*EvaluateSyscall)(Sandbox *sb, int sysnum, void *aux);
+  // pointer in |aux|. This pointer will then be forwarded to the sandbox
+  // policy each time a call is made through an EvaluateSyscall function
+  // pointer.  One common use case would be to pass the "aux" pointer as an
+  // argument to Trap() functions.
+  typedef BpfSandboxPolicy* EvaluateSyscall;
   typedef std::vector<std::pair<EvaluateSyscall, void *> >Evaluators;
 
   // A vector of BPF instructions that need to be installed as a filter
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h
new file mode 100644
index 0000000..673ebe6
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h
@@ -0,0 +1,23 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_FORWARD_H_
+#define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_FORWARD_H_
+
+#include "base/callback_forward.h"
+#include "sandbox/linux/seccomp-bpf/errorcode.h"
+
+namespace playground2 {
+
+class Sandbox;
+typedef playground2::ErrorCode BpfSandboxPolicy(
+    Sandbox* sandbox_compiler,
+    int system_call_number,
+    void* aux);
+
+typedef base::Callback<BpfSandboxPolicy> BpfSandboxPolicyCallback;
+
+}  // namespace playground2
+
+#endif  // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_FORWARD_H_