1/*
2 * Copyright (C) 2013 Intel Corporation. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 *    notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 *    notice, this list of conditions and the following disclaimer in the
11 *    documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23 * THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#ifndef SeccompBroker_h
27#define SeccompBroker_h
28
29#if ENABLE(SECCOMP_FILTERS)
30
31#include "SeccompFilters.h"
32#include "Syscall.h"
33#include "SyscallPolicy.h"
34#include <signal.h>
35#include <wtf/Noncopyable.h>
36#include <wtf/Threading.h>
37#include <wtf/Vector.h>
38
39namespace WebKit {
40
41class SeccompBroker {
42    WTF_MAKE_NONCOPYABLE(SeccompBroker);
43
44public:
45    static void launchProcess(SeccompFilters*, const SyscallPolicy&);
46
47    void initialize();
48    void setSyscallPolicy(const SyscallPolicy& policy) { m_policy = policy; }
49
50private:
51    SeccompBroker() { }
52
53    void runLoop(int socket);
54
55    SyscallPolicy m_policy;
56};
57
58} // namespace WebKit
59
60#endif // ENABLE(SECCOMP_FILTERS)
61
62#endif // SeccompBroker_h
63