content/common/sandbox_linux/bpf_gpu_policy_linux.h - platform/external/chromium_org - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
 #define CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_

 #include <string>
 #include <vector>

 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"

 namespace sandbox {
 class BrokerProcess;
 }

 namespace content {

 class GpuProcessPolicy : public SandboxBPFBasePolicy {
  public:
   GpuProcessPolicy();
   virtual ~GpuProcessPolicy();

   virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
                                     int system_call_number) const OVERRIDE;

   virtual bool PreSandboxHook() OVERRIDE;

  protected:
   // Start a broker process to handle open() inside the sandbox.
   // |broker_sandboxer_callback| is a callback that will enable a suitable
   // sandbox for the broker process itself.
   // |read_whitelist_extra| and |write_whitelist_extra| are lists of file
   // names that should be whitelisted by the broker process, in addition to
   // the basic ones.
   void InitGpuBrokerProcess(
       bool (*broker_sandboxer_callback)(void),
       const std::vector<std::string>& read_whitelist_extra,
       const std::vector<std::string>& write_whitelist_extra);

   sandbox::BrokerProcess* broker_process() { return broker_process_; }

  private:
   // A BrokerProcess is a helper that is started before the sandbox is engaged
   // and will serve requests to access files over an IPC channel. The client of
   // this runs from a SIGSYS handler triggered by the seccomp-bpf sandbox.
   // This should never be destroyed, as after the sandbox is started it is
   // vital to the process.
   // This is allocated by InitGpuBrokerProcess, called from PreSandboxHook(),
   // which executes iff the sandbox is going to be enabled afterwards.
   sandbox::BrokerProcess* broker_process_;
   DISALLOW_COPY_AND_ASSIGN(GpuProcessPolicy);
 };

 }  // namespace content

 #endif  // CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
	#define CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_

	#include <string>
	#include <vector>

	#include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"

	namespace sandbox {
	class BrokerProcess;
	}

	namespace content {

	class GpuProcessPolicy : public SandboxBPFBasePolicy {
	public:
	GpuProcessPolicy();
	virtual ~GpuProcessPolicy();

	virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
	int system_call_number) const OVERRIDE;

	virtual bool PreSandboxHook() OVERRIDE;

	protected:
	// Start a broker process to handle open() inside the sandbox.
	// \|broker_sandboxer_callback\| is a callback that will enable a suitable
	// sandbox for the broker process itself.
	// \|read_whitelist_extra\| and \|write_whitelist_extra\| are lists of file
	// names that should be whitelisted by the broker process, in addition to
	// the basic ones.
	void InitGpuBrokerProcess(
	bool (*broker_sandboxer_callback)(void),
	const std::vector<std::string>& read_whitelist_extra,
	const std::vector<std::string>& write_whitelist_extra);

	sandbox::BrokerProcess* broker_process() { return broker_process_; }

	private:
	// A BrokerProcess is a helper that is started before the sandbox is engaged
	// and will serve requests to access files over an IPC channel. The client of
	// this runs from a SIGSYS handler triggered by the seccomp-bpf sandbox.
	// This should never be destroyed, as after the sandbox is started it is
	// vital to the process.
	// This is allocated by InitGpuBrokerProcess, called from PreSandboxHook(),
	// which executes iff the sandbox is going to be enabled afterwards.
	sandbox::BrokerProcess* broker_process_;
	DISALLOW_COPY_AND_ASSIGN(GpuProcessPolicy);
	};

	} // namespace content

	#endif // CONTENT_COMMON_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_