15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef SANDBOX_LINUX_SUID_SANDBOX_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SANDBOX_LINUX_SUID_SANDBOX_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(__cplusplus) 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sandbox { 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// These are command line switches that may be used by other programs 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// (e.g. Chrome) to construct a command line for the sandbox. 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kAdjustOOMScoreSwitch[] = "--adjust-oom-score"; 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_CHROMEOS) 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kAdjustLowMemMarginSwitch[] = "--adjust-low-mem"; 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D"; 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kSandboxHelperPidEnvironmentVarName[] = "SBX_HELPER_PID"; 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const long kSUIDSandboxApiNumber = 1; 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kSandboxEnvironmentApiRequest[] = "SBX_CHROME_API_RQ"; 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kSandboxEnvironmentApiProvides[] = "SBX_CHROME_API_PRV"; 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This number must be kept in sync with common/zygote_commands_linux.h 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const int kZygoteIdFd = 7; 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// These are the magic byte values which the sandboxed process uses to request 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// that it be chrooted. 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kMsgChrootMe = 'C'; 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kMsgChrootSuccessful = 'O'; 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// These are set if we have respectively switched to a new PID or NET namespace 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// by going through the setuid binary helper. 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kSandboxPIDNSEnvironmentVarName[] = "SBX_PID_NS"; 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const char kSandboxNETNSEnvironmentVarName[] = "SBX_NET_NS"; 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(__cplusplus) 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace sandbox 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // SANDBOX_LINUX_SUID_SANDBOX_H_ 44