1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
8 #include "base/memory/scoped_ptr.h"
9 #include "base/process/process.h"
10 #include "build/build_config.h"
11 #include "content/common/content_export.h"
20 class SandboxBPFDSLPolicy;
22 struct SandboxInterfaceInfo;
26 class SandboxedProcessLauncherDelegate;
30 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
31 // processes, depending on the command line flags. Although The browser process
32 // is not sandboxed, this also needs to be called because it will initialize
34 // Returns true if the sandbox was initialized succesfully, false if an error
35 // occurred. If process_type isn't one that needs sandboxing true is always
37 CONTENT_EXPORT bool InitializeSandbox(
38 sandbox::SandboxInterfaceInfo* sandbox_info);
40 // This is a restricted version of Windows' DuplicateHandle() function
41 // that works inside the sandbox and can send handles but not retrieve
42 // them. Unlike DuplicateHandle(), it takes a process ID rather than
43 // a process handle. It returns true on success, false otherwise.
44 CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
45 DWORD target_process_id,
46 HANDLE* target_handle,
50 // Inform the current process's sandbox broker (e.g. the broker for
51 // 32-bit processes) about a process created under a different sandbox
52 // broker (e.g. the broker for 64-bit processes). This allows
53 // BrokerDuplicateHandle() to send handles to a process managed by
54 // another broker. For example, it allows the 32-bit renderer to send
55 // handles to 64-bit NaCl processes. This returns true on success,
57 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process);
59 // Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL
60 // then it just has to outlive this method call.
61 CONTENT_EXPORT base::ProcessHandle StartSandboxedProcess(
62 SandboxedProcessLauncherDelegate* delegate,
63 base::CommandLine* cmd_line);
65 #elif defined(OS_MACOSX)
67 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
68 // directory to allow access to. Note specifying a directory needs to be
69 // supported by the sandbox profile associated with the given |sandbox_type|.
70 // Valid values for |sandbox_type| are defined either by the enum SandboxType,
71 // or by ContentClient::GetSandboxProfileForSandboxType().
73 // If the |sandbox_type| isn't one of the ones defined by content then the
74 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
75 // The embedder can use values for |sandbox_type| starting from
76 // sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
78 // Returns true if the sandbox was initialized succesfully, false if an error
79 // occurred. If process_type isn't one that needs sandboxing, no action is
80 // taken and true is always returned.
81 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
82 const base::FilePath& allowed_path);
84 #elif defined(OS_LINUX)
86 class SandboxInitializerDelegate;
88 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
89 // Returns true if the sandbox has been properly engaged.
90 CONTENT_EXPORT bool InitializeSandbox(
91 scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy);
93 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to
94 // implement a policy that is derived from the baseline.
95 CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>
96 GetBPFSandboxBaselinePolicy();
97 #endif // defined(OS_LINUX)
99 } // namespace content
101 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
projects / platform / framework / web / crosswalk.git / blob