1/*
2 * Copyright (C) 2013 Intel Corporation. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 *    notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 *    notice, this list of conditions and the following disclaimer in the
11 *    documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23 * THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#ifndef SeccompFilters_h
27#define SeccompFilters_h
28
29#if ENABLE(SECCOMP_FILTERS)
30
31#include <wtf/Noncopyable.h>
32
33namespace WebKit {
34
35class SeccompFilters {
36    WTF_MAKE_NONCOPYABLE(SeccompFilters);
37
38public:
39    enum Action {
40        Allow = 0x7fff0000U,
41        Kill  = 0x00000000U,
42        Trap  = 0x00030000U
43    };
44
45    enum Operator {
46        NotSet   = 0,
47        NotEqual = 1,
48        Equal    = 4
49    };
50
51    explicit SeccompFilters(Action defaultAction);
52    virtual ~SeccompFilters();
53
54    void* context() { return m_context; };
55
56    void addRule(const char* syscallName, Action,
57        unsigned argNum1 = 0, Operator operator1 = NotSet, long long data1 = 0,
58        unsigned argNum2 = 0, Operator operator2 = NotSet, long long data2 = 0);
59
60    void initialize();
61
62private:
63    virtual void platformInitialize() { }
64
65    typedef void *HANDLE;
66
67    HANDLE m_context;
68    bool m_initialized;
69};
70
71} // namespace WebKit
72
73#endif // ENABLE(SECCOMP_FILTERS)
74
75#endif // SeccompFilters_h
76