/external/chromium_org/chrome/app/ |
H A D | client_util.h | 16 namespace sandbox { namespace
|
/external/chromium_org/chrome_elf/ |
H A D | ntdll_cache.h | 10 namespace sandbox { namespace 19 extern sandbox::ThunkData g_nt_thunk_storage;
|
H A D | thunk_getter.h | 8 namespace sandbox { namespace 14 sandbox::ServiceResolverThunk* GetThunk(bool relaxed);
|
/external/chromium_org/components/nacl/loader/sandbox_linux/ |
H A D | nacl_sandbox_linux.h | 12 namespace sandbox { namespace 21 // layer-2 uses seccomp-bpf. It requires the layer-1 sandbox to not yet be 23 // For the layer-1 sandbox to work, the current process must be a child of 24 // the setuid sandbox. InitializeLayerOneSandbox() can only be called once 25 // per instance of the setuid sandbox. 42 // This API will only work if the layer-1 sandbox is not sealed and the 43 // layer-2 sandbox is not engaged. 48 // This API will only work if the layer-1 sandbox is not sealed and the 49 // layer-2 sandbox is not engaged. 51 // Will attempt to initialize the layer-1 sandbox, dependin [all...] |
/external/chromium_org/content/browser/ |
H A D | bootstrap_sandbox_mac.cc | 15 #include "sandbox/mac/bootstrap_sandbox.h" 27 sandbox::BootstrapSandbox* sandbox() const { function in class:content::__anon7026::BootstrapSandboxPolicy 44 scoped_ptr<sandbox::BootstrapSandbox> sandbox_; 53 sandbox()->ChildDied(data.handle); 58 sandbox()->ChildDied(data.handle); 62 : sandbox_(sandbox::BootstrapSandbox::Create()) { 82 sandbox::BootstrapSandbox* GetBootstrapSandbox() { 83 return BootstrapSandboxPolicy::GetInstance()->sandbox();
|
H A D | bootstrap_sandbox_mac.h | 8 namespace sandbox { namespace 14 // Whether or not the bootstrap sandbox should be enabled. 19 // On the first call to this function, the sandbox will be created and all 21 sandbox::BootstrapSandbox* GetBootstrapSandbox();
|
/external/chromium_org/content/browser/gpu/ |
H A D | gpu_process_host.cc | 50 #include "sandbox/win/src/sandbox_policy.h" 160 bool sandbox = !cmd_line_->HasSwitch(switches::kDisableGpuSandbox); variable 161 if(! sandbox) { 162 DVLOG(1) << "GPU sandbox is disabled"; 164 return sandbox; 176 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, 182 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, 183 sandbox::USER_LIMITED); 184 SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy); 185 policy->SetDelayedIntegrityLevel(sandbox [all...] |
/external/chromium_org/content/common/sandbox_linux/ |
H A D | bpf_gpu_policy_linux.h | 14 namespace sandbox { namespace 25 virtual sandbox::bpf_dsl::ResultExpr EvaluateSyscall( 31 // Start a broker process to handle open() inside the sandbox. 33 // suitable sandbox policy for the broker process itself. 38 sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)( 43 sandbox::BrokerProcess* broker_process() { return broker_process_; } 46 // A BrokerProcess is a helper that is started before the sandbox is engaged 48 // this runs from a SIGSYS handler triggered by the seccomp-bpf sandbox. 49 // This should never be destroyed, as after the sandbox is started it is 52 // which executes iff the sandbox i [all...] |
H A D | sandbox_linux.h | 23 namespace sandbox { class SetuidSandboxClient; } namespace 31 // This is a list of sandbox IPC methods which the renderer may send to the 32 // sandbox host. See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC 48 // are enabled. If using the setuid sandbox, this should be called manually 49 // before the setuid sandbox is engaged. 52 // Initialize the sandbox with the given pre-built configuration. Currently 53 // seccomp-bpf and address space limitations (the setuid sandbox works 59 // Stop |thread| in a way that can be trusted by the sandbox. 62 // Returns the status of the renderer, worker and ppapi sandbox. Can only 75 // Simple accessor for our instance of the setuid sandbox [all...] |
H A D | sandbox_seccomp_bpf_linux.cc | 18 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 30 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" 31 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 32 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 33 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 34 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 35 #include "sandbox/linux/services/linux_syscalls.h" 37 using sandbox::BaselinePolicy; 38 using sandbox::SandboxBPF; 39 using sandbox 149 SandboxBPF sandbox; local [all...] |
H A D | sandbox_seccomp_bpf_linux.h | 13 namespace sandbox { namespace 21 // This class has two main sets of APIs. One can be used to start the sandbox 26 // This is the API to enable a seccomp-bpf sandbox for content/ 28 // Is the sandbox globally enabled, can anything use it at all ? 29 // This looks at global command line flags to see if the sandbox 32 // Should the sandbox be enabled for process_type ? 34 // Check if the kernel supports this sandbox. It's useful to "prewarm" 37 // Start the sandbox and apply the policy for process_type, depending on 41 // This is the API to enable a seccomp-bpf sandbox by using an 44 scoped_ptr<sandbox [all...] |
/external/chromium_org/content/common/ |
H A D | sandbox_win.h | 9 #include "sandbox/win/src/security_level.h" 15 namespace sandbox { namespace 23 // Wrapper around sandbox::TargetPolicy::SetJobLevel that checks if the sandbox 26 sandbox::JobLevel job_level, 28 sandbox::TargetPolicy* policy); 31 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy); 33 bool InitBrokerServices(sandbox::BrokerServices* broker_services); 35 bool InitTargetServices(sandbox::TargetServices* target_services);
|
/external/chromium_org/content/gpu/ |
H A D | gpu_child_thread.h | 25 namespace sandbox { namespace 82 // Windows specific client sandbox interface. 83 sandbox::TargetServices* target_services_;
|
/external/chromium_org/content/public/app/ |
H A D | content_main.h | 18 namespace sandbox { namespace 45 sandbox::SandboxInterfaceInfo* sandbox_info;
|
H A D | startup_helper_win.h | 12 namespace sandbox { namespace 22 // Initializes the sandbox code and turns on DEP. Note: This function 24 // sandbox library); it will not work correctly if it is exported from a 26 void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* sandbox_info);
|
/external/chromium_org/content/public/browser/ |
H A D | content_browser_client.h | 70 namespace sandbox { namespace 629 // is launched. It gives the embedder a chance to add loosen the sandbox 631 virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy,
|
/external/chromium_org/content/public/common/ |
H A D | content_client.h | 36 namespace sandbox { namespace 126 // resource ID corresponding to the sandbox profile to use. The legal values 128 // SandboxType::SANDBOX_TYPE_AFTER_LAST_TYPE. Returns false if no sandbox 131 // the sandbox profile to use and true is returned.
|
H A D | main_function_params.h | 7 // (e.g., POSIX doesn't need to pass any sandbox information). 16 namespace sandbox { namespace 45 sandbox::SandboxInterfaceInfo* sandbox_info;
|
H A D | sandbox_init.h | 18 namespace sandbox { namespace 30 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in 34 // Returns true if the sandbox was initialized succesfully, false if an error 38 sandbox::SandboxInterfaceInfo* sandbox_info); 41 // that works inside the sandbox and can send handles but not retrieve 50 // Inform the current process's sandbox broker (e.g. the broker for 51 // 32-bit processes) about a process created under a different sandbox 67 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a 69 // supported by the sandbox profile associated with the given |sandbox_type|. 76 // sandbox [all...] |
H A D | sandboxed_process_launcher_delegate.h | 21 namespace sandbox { namespace 28 // BrowserChildProcessHost/ChildProcessLauncher to control the sandbox policy, 37 // process (which implies no sandbox). 41 // return false if the process should be launched without a sandbox 45 // Called before the default sandbox is applied. If the default policy is too 48 //directory through the sandbox. 53 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, 60 // Override this to return true to use the setuid sandbox. 71 // SANDBOX_TYPE_INVALID for no sandbox policy.
|
/external/chromium_org/content/renderer/ |
H A D | renderer_main_platform_delegate_android.cc | 13 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 48 sandbox::SandboxBPF sandbox; local 49 sandbox.SetSandboxPolicy(new SandboxBPFBasePolicyAndroid()); 50 CHECK(sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_MULTI_THREADED));
|
/external/chromium_org/sandbox/linux/bpf_dsl/ |
H A D | bpf_dsl.cc | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 13 #include "sandbox/linux/seccomp-bpf/errorcode.h" 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 16 namespace sandbox { namespace 384 } // namespace sandbox
|
H A D | bpf_dsl.h | 15 #include "sandbox/linux/bpf_dsl/cons.h" 16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" 17 #include "sandbox/linux/seccomp-bpf/trap.h" 18 #include "sandbox/sandbox_export.h" 20 namespace sandbox { namespace 25 // The sandbox::bpf_dsl namespace provides a domain-specific language 34 // #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 36 // using namespace sandbox::bpf_dsl; 78 namespace sandbox { namespace 102 // User extension point for writing custom sandbox policie [all...] |
H A D | bpf_dsl_more_unittest.cc | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 35 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 36 #include "sandbox/linux/seccomp-bpf/die.h" 37 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" 38 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 39 #include "sandbox/linux/seccomp-bpf/syscall.h" 40 #include "sandbox/linux/seccomp-bpf/trap.h" 41 #include "sandbox/linux/services/broker_process.h" 42 #include "sandbox/linux/services/linux_syscalls.h" 43 #include "sandbox/linu 56 namespace sandbox { namespace 135 SandboxBPF sandbox; local 396 SandboxBPF sandbox; local [all...] |
H A D | bpf_dsl_unittest.cc | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 18 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 19 #include "sandbox/linux/seccomp-bpf/errorcode.h" 20 #include "sandbox/linux/seccomp-bpf/syscall.h" 30 namespace sandbox { namespace 332 } // namespace sandbox
|