12a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 22a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 32a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// found in the LICENSE file. 42a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#ifndef CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 72a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 8a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "base/environment.h" 958e6fbe4ee35d65e14b626c557d37565bf8ad179Ben Murdoch#include "base/process/process.h" 102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 11a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "content/common/content_export.h" 12a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 13f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#if defined(OS_MACOSX) 14f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "content/public/common/sandbox_type_mac.h" 15f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#endif 16f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace base { 182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)class FilePath; 192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace sandbox { 222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)class TargetPolicy; 232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace content { 262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Allows a caller of StartSandboxedProcess or 282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// BrowserChildProcessHost/ChildProcessLauncher to control the sandbox policy, 292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// i.e. to loosen it if needed. 302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// The methods below will be called on the PROCESS_LAUNCHER thread. 31a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)class CONTENT_EXPORT SandboxedProcessLauncherDelegate { 322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) public: 332a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual ~SandboxedProcessLauncherDelegate() {} 342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 35a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(OS_WIN) 36a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Override to return true if the process should be launched as an elevated 37a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // process (which implies no sandbox). 38a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual bool ShouldLaunchElevated(); 39a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 40a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // By default, the process is launched sandboxed. Override this method to 41a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // return false if the process should be launched without a sandbox 422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // (i.e. through base::LaunchProcess directly). 43a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual bool ShouldSandbox(); 442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 452a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Called before the default sandbox is applied. If the default policy is too 462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // restrictive, the caller should set |disable_default_policy| to true and 472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // apply their policy in PreSpawnTarget. |exposed_dir| is used to allow a 482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) //directory through the sandbox. 492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void PreSandbox(bool* disable_default_policy, 502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) base::FilePath* exposed_dir) {} 512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Called right before spawning the process. 532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, 542a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool* success) {} 552a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 562a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Called right after the process is launched, but before its thread is run. 572a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void PostSpawnTarget(base::ProcessHandle process) {} 58a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 59a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#elif defined(OS_POSIX) 60a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Override this to return true to use the setuid sandbox. 61a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual bool ShouldUseZygote(); 62a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 63a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Override this if the process needs a non-empty environment map. 64a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual base::EnvironmentMap GetEnvironment(); 65a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 66a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Return the file descriptor for the IPC channel. 67a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual int GetIpcFd() = 0; 68a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 69f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#if defined(OS_MACOSX) 70f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // Gets the Mac SandboxType to enforce on the process. Return 71f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // SANDBOX_TYPE_INVALID for no sandbox policy. 72f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) virtual SandboxType GetSandboxType(); 73f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#endif 74f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 75a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)}; 772a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} // namespace content 792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 802a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#endif // CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 81