// Copyright 2013 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_ #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_ #include <sys/types.h> #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h" #include "sandbox/linux/bpf_dsl/policy.h" #include "sandbox/sandbox_export.h" namespace sandbox { // This is a helper to build seccomp-bpf policies, i.e. policies for a sandbox // that reduces the Linux kernel's attack surface. Given its nature, it doesn't // have a clear semantics and is mostly "implementation-defined". // // This class implements the Policy interface with a "baseline" // policy for use within Chromium. // The "baseline" policy is somewhat arbitrary. All Chromium policies are an // alteration of it, and it represents a reasonable common ground to run most // code in a sandboxed environment. // A baseline policy is only valid for the process for which this object was // instantiated (so do not fork() and use it in a child). class SANDBOX_EXPORT BaselinePolicy : public bpf_dsl::Policy { … }; } // namespace sandbox. #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_
Codebase Browser
chromium