Searched defs:sandbox (Results 1 - 25 of 299) sorted by path

1234567891011>>

/external/chromium_org/chrome/app/
H A Dclient_util.h16 namespace sandbox { namespace
/external/chromium_org/chrome_elf/
H A Dntdll_cache.h10 namespace sandbox { namespace
19 extern sandbox::ThunkData g_nt_thunk_storage;
H A Dthunk_getter.h8 namespace sandbox { namespace
14 sandbox::ServiceResolverThunk* GetThunk(bool relaxed);
/external/chromium_org/components/nacl/loader/sandbox_linux/
H A Dnacl_sandbox_linux.h12 namespace sandbox { namespace
21 // layer-2 uses seccomp-bpf. It requires the layer-1 sandbox to not yet be
23 // For the layer-1 sandbox to work, the current process must be a child of
24 // the setuid sandbox. InitializeLayerOneSandbox() can only be called once
25 // per instance of the setuid sandbox.
42 // This API will only work if the layer-1 sandbox is not sealed and the
43 // layer-2 sandbox is not engaged.
48 // This API will only work if the layer-1 sandbox is not sealed and the
49 // layer-2 sandbox is not engaged.
51 // Will attempt to initialize the layer-1 sandbox, dependin
[all...]
/external/chromium_org/content/browser/
H A Dbootstrap_sandbox_mac.cc15 #include "sandbox/mac/bootstrap_sandbox.h"
27 sandbox::BootstrapSandbox* sandbox() const { function in class:content::__anon7026::BootstrapSandboxPolicy
44 scoped_ptr<sandbox::BootstrapSandbox> sandbox_;
53 sandbox()->ChildDied(data.handle);
58 sandbox()->ChildDied(data.handle);
62 : sandbox_(sandbox::BootstrapSandbox::Create()) {
82 sandbox::BootstrapSandbox* GetBootstrapSandbox() {
83 return BootstrapSandboxPolicy::GetInstance()->sandbox();
H A Dbootstrap_sandbox_mac.h8 namespace sandbox { namespace
14 // Whether or not the bootstrap sandbox should be enabled.
19 // On the first call to this function, the sandbox will be created and all
21 sandbox::BootstrapSandbox* GetBootstrapSandbox();
/external/chromium_org/content/browser/gpu/
H A Dgpu_process_host.cc50 #include "sandbox/win/src/sandbox_policy.h"
160 bool sandbox = !cmd_line_->HasSwitch(switches::kDisableGpuSandbox); variable
161 if(! sandbox) {
162 DVLOG(1) << "GPU sandbox is disabled";
164 return sandbox;
176 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy,
182 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
183 sandbox::USER_LIMITED);
184 SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
185 policy->SetDelayedIntegrityLevel(sandbox
[all...]
/external/chromium_org/content/common/sandbox_linux/
H A Dbpf_gpu_policy_linux.h14 namespace sandbox { namespace
25 virtual sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
31 // Start a broker process to handle open() inside the sandbox.
33 // suitable sandbox policy for the broker process itself.
38 sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)(
43 sandbox::BrokerProcess* broker_process() { return broker_process_; }
46 // A BrokerProcess is a helper that is started before the sandbox is engaged
48 // this runs from a SIGSYS handler triggered by the seccomp-bpf sandbox.
49 // This should never be destroyed, as after the sandbox is started it is
52 // which executes iff the sandbox i
[all...]
H A Dsandbox_linux.h23 namespace sandbox { class SetuidSandboxClient; } namespace
31 // This is a list of sandbox IPC methods which the renderer may send to the
32 // sandbox host. See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
48 // are enabled. If using the setuid sandbox, this should be called manually
49 // before the setuid sandbox is engaged.
52 // Initialize the sandbox with the given pre-built configuration. Currently
53 // seccomp-bpf and address space limitations (the setuid sandbox works
59 // Stop |thread| in a way that can be trusted by the sandbox.
62 // Returns the status of the renderer, worker and ppapi sandbox. Can only
75 // Simple accessor for our instance of the setuid sandbox
[all...]
H A Dsandbox_seccomp_bpf_linux.cc18 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
30 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
31 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
32 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
33 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
34 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
35 #include "sandbox/linux/services/linux_syscalls.h"
37 using sandbox::BaselinePolicy;
38 using sandbox::SandboxBPF;
39 using sandbox
149 SandboxBPF sandbox; local
[all...]
H A Dsandbox_seccomp_bpf_linux.h13 namespace sandbox { namespace
21 // This class has two main sets of APIs. One can be used to start the sandbox
26 // This is the API to enable a seccomp-bpf sandbox for content/
28 // Is the sandbox globally enabled, can anything use it at all ?
29 // This looks at global command line flags to see if the sandbox
32 // Should the sandbox be enabled for process_type ?
34 // Check if the kernel supports this sandbox. It's useful to "prewarm"
37 // Start the sandbox and apply the policy for process_type, depending on
41 // This is the API to enable a seccomp-bpf sandbox by using an
44 scoped_ptr<sandbox
[all...]
/external/chromium_org/content/common/
H A Dsandbox_win.h9 #include "sandbox/win/src/security_level.h"
15 namespace sandbox { namespace
23 // Wrapper around sandbox::TargetPolicy::SetJobLevel that checks if the sandbox
26 sandbox::JobLevel job_level,
28 sandbox::TargetPolicy* policy);
31 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy);
33 bool InitBrokerServices(sandbox::BrokerServices* broker_services);
35 bool InitTargetServices(sandbox::TargetServices* target_services);
/external/chromium_org/content/gpu/
H A Dgpu_child_thread.h25 namespace sandbox { namespace
82 // Windows specific client sandbox interface.
83 sandbox::TargetServices* target_services_;
/external/chromium_org/content/public/app/
H A Dcontent_main.h18 namespace sandbox { namespace
45 sandbox::SandboxInterfaceInfo* sandbox_info;
H A Dstartup_helper_win.h12 namespace sandbox { namespace
22 // Initializes the sandbox code and turns on DEP. Note: This function
24 // sandbox library); it will not work correctly if it is exported from a
26 void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* sandbox_info);
/external/chromium_org/content/public/browser/
H A Dcontent_browser_client.h70 namespace sandbox { namespace
629 // is launched. It gives the embedder a chance to add loosen the sandbox
631 virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy,
/external/chromium_org/content/public/common/
H A Dcontent_client.h36 namespace sandbox { namespace
126 // resource ID corresponding to the sandbox profile to use. The legal values
128 // SandboxType::SANDBOX_TYPE_AFTER_LAST_TYPE. Returns false if no sandbox
131 // the sandbox profile to use and true is returned.
H A Dmain_function_params.h7 // (e.g., POSIX doesn't need to pass any sandbox information).
16 namespace sandbox { namespace
45 sandbox::SandboxInterfaceInfo* sandbox_info;
H A Dsandbox_init.h18 namespace sandbox { namespace
30 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
34 // Returns true if the sandbox was initialized succesfully, false if an error
38 sandbox::SandboxInterfaceInfo* sandbox_info);
41 // that works inside the sandbox and can send handles but not retrieve
50 // Inform the current process's sandbox broker (e.g. the broker for
51 // 32-bit processes) about a process created under a different sandbox
67 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
69 // supported by the sandbox profile associated with the given |sandbox_type|.
76 // sandbox
[all...]
H A Dsandboxed_process_launcher_delegate.h21 namespace sandbox { namespace
28 // BrowserChildProcessHost/ChildProcessLauncher to control the sandbox policy,
37 // process (which implies no sandbox).
41 // return false if the process should be launched without a sandbox
45 // Called before the default sandbox is applied. If the default policy is too
48 //directory through the sandbox.
53 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy,
60 // Override this to return true to use the setuid sandbox.
71 // SANDBOX_TYPE_INVALID for no sandbox policy.
/external/chromium_org/content/renderer/
H A Drenderer_main_platform_delegate_android.cc13 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
48 sandbox::SandboxBPF sandbox; local
49 sandbox.SetSandboxPolicy(new SandboxBPFBasePolicyAndroid());
50 CHECK(sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_MULTI_THREADED));
/external/chromium_org/sandbox/linux/bpf_dsl/
H A Dbpf_dsl.cc5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
13 #include "sandbox/linux/seccomp-bpf/errorcode.h"
14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
16 namespace sandbox { namespace
384 } // namespace sandbox
H A Dbpf_dsl.h15 #include "sandbox/linux/bpf_dsl/cons.h"
16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
17 #include "sandbox/linux/seccomp-bpf/trap.h"
18 #include "sandbox/sandbox_export.h"
20 namespace sandbox { namespace
25 // The sandbox::bpf_dsl namespace provides a domain-specific language
34 // #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
36 // using namespace sandbox::bpf_dsl;
78 namespace sandbox { namespace
102 // User extension point for writing custom sandbox policie
[all...]
H A Dbpf_dsl_more_unittest.cc5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
35 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
36 #include "sandbox/linux/seccomp-bpf/die.h"
37 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
38 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
39 #include "sandbox/linux/seccomp-bpf/syscall.h"
40 #include "sandbox/linux/seccomp-bpf/trap.h"
41 #include "sandbox/linux/services/broker_process.h"
42 #include "sandbox/linux/services/linux_syscalls.h"
43 #include "sandbox/linu
56 namespace sandbox { namespace
135 SandboxBPF sandbox; local
396 SandboxBPF sandbox; local
[all...]
H A Dbpf_dsl_unittest.cc5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
18 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
19 #include "sandbox/linux/seccomp-bpf/errorcode.h"
20 #include "sandbox/linux/seccomp-bpf/syscall.h"
30 namespace sandbox { namespace
332 } // namespace sandbox

Completed in 2251 milliseconds

1234567891011>>