class GpuBrokerProcessPolicy : public GpuProcessPolicy {
public:
- GpuBrokerProcessPolicy() {}
+ static sandbox::SandboxBPFPolicy* Create() {
+ return new GpuBrokerProcessPolicy();
+ }
virtual ~GpuBrokerProcessPolicy() {}
virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
int system_call_number) const OVERRIDE;
private:
+ GpuBrokerProcessPolicy() {}
DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy);
};
}
bool UpdateProcessTypeAndEnableSandbox(
- const base::Callback<bool(void)>& broker_sandboxer_callback) {
+ sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void)) {
+ DCHECK(broker_sandboxer_allocator);
UpdateProcessTypeToGpuBroker();
- return broker_sandboxer_callback.Run();
+ return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
+ make_scoped_ptr(broker_sandboxer_allocator()));
}
} // namespace
DCHECK(!broker_process());
// Create a new broker process.
InitGpuBrokerProcess(
- base::Bind(&SandboxSeccompBPF::StartSandboxWithExternalPolicy,
- base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>(
- new GpuBrokerProcessPolicy))),
+ GpuBrokerProcessPolicy::Create,
std::vector<std::string>(), // No extra files in whitelist.
std::vector<std::string>());
}
void GpuProcessPolicy::InitGpuBrokerProcess(
- const base::Callback<bool(void)>& broker_sandboxer_callback,
+ sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void),
const std::vector<std::string>& read_whitelist_extra,
const std::vector<std::string>& write_whitelist_extra) {
static const char kDriRcPath[] = "/etc/drirc";
// The initialization callback will perform generic initialization and then
// call broker_sandboxer_callback.
CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
- broker_sandboxer_callback)));
+ broker_sandboxer_allocator)));
}
} // namespace content