chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.h

// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_ANDROID_H_
#define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_ANDROID_H_

#include <sys/types.h>

#include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
#include "sandbox/sandbox_export.h"

namespace sandbox {

// This class provides a Seccomp-BPF sandbox policy for programs that run
// in the Android Runtime (Java) environment. It builds upon the Linux
// BaselinePolicy, which would be suitable for Android shell-based programs,
// and adds allowances for the JVM.
//
// As with the Linux BaselinePolicy, the behavior is largely implementation
// defined.
//
// TODO(rsesek): This policy may currently have allowances for //content-level
// features. This needs an audit. https://crbug.com/739879
class SANDBOX_EXPORT BaselinePolicyAndroid : public BaselinePolicy {
 public:
  struct RuntimeOptions {
    // Allows a subset of the userfaultfd ioctls that are needed for ART GC.
    bool allow_userfaultfd_ioctls = false;
    bool should_restrict_renderer_syscalls = false;
    bool should_restrict_clone_params = false;
  };

  BaselinePolicyAndroid();
  explicit BaselinePolicyAndroid(const RuntimeOptions& options);

  BaselinePolicyAndroid(const BaselinePolicyAndroid&) = delete;
  BaselinePolicyAndroid& operator=(const BaselinePolicyAndroid&) = delete;

  ~BaselinePolicyAndroid() override;

  // sandbox::BaselinePolicy:
  sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
      int system_call_number) const override;

 private:
  const RuntimeOptions options_;
};

}  // namespace sandbox

#endif  // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_ANDROID_H_