sandbox_init.h revision 58e6fbe4ee35d65e14b626c557d37565bf8ad179
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ 6#define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ 7 8#include "base/callback_forward.h" 9#include "base/process/process.h" 10#include "build/build_config.h" 11#include "content/common/content_export.h" 12 13#if defined(OS_LINUX) 14#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h" 15#endif // defined(OS_LINUX) 16 17class CommandLine; 18 19namespace base { 20class FilePath; 21} 22 23namespace sandbox { 24struct SandboxInterfaceInfo; 25} 26 27namespace content { 28class SandboxedProcessLauncherDelegate; 29 30#if defined(OS_WIN) 31 32// Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in 33// processes, depending on the command line flags. Although The browser process 34// is not sandboxed, this also needs to be called because it will initialize 35// the broker code. 36// Returns true if the sandbox was initialized succesfully, false if an error 37// occurred. If process_type isn't one that needs sandboxing true is always 38// returned. 39CONTENT_EXPORT bool InitializeSandbox( 40 sandbox::SandboxInterfaceInfo* sandbox_info); 41 42// This is a restricted version of Windows' DuplicateHandle() function 43// that works inside the sandbox and can send handles but not retrieve 44// them. Unlike DuplicateHandle(), it takes a process ID rather than 45// a process handle. It returns true on success, false otherwise. 46CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle, 47 DWORD target_process_id, 48 HANDLE* target_handle, 49 DWORD desired_access, 50 DWORD options); 51 52// Inform the current process's sandbox broker (e.g. the broker for 53// 32-bit processes) about a process created under a different sandbox 54// broker (e.g. the broker for 64-bit processes). This allows 55// BrokerDuplicateHandle() to send handles to a process managed by 56// another broker. For example, it allows the 32-bit renderer to send 57// handles to 64-bit NaCl processes. This returns true on success, 58// false otherwise. 59CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process); 60 61// Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL 62// then it just has to outlive this method call. 63CONTENT_EXPORT base::ProcessHandle StartSandboxedProcess( 64 SandboxedProcessLauncherDelegate* delegate, 65 CommandLine* cmd_line); 66 67#elif defined(OS_MACOSX) 68 69// Initialize the sandbox of the given |sandbox_type|, optionally specifying a 70// directory to allow access to. Note specifying a directory needs to be 71// supported by the sandbox profile associated with the given |sandbox_type|. 72// Valid values for |sandbox_type| are defined either by the enum SandboxType, 73// or by ContentClient::GetSandboxProfileForSandboxType(). 74// 75// If the |sandbox_type| isn't one of the ones defined by content then the 76// embedder is queried using ContentClient::GetSandboxPolicyForSandboxType(). 77// The embedder can use values for |sandbox_type| starting from 78// sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE. 79// 80// Returns true if the sandbox was initialized succesfully, false if an error 81// occurred. If process_type isn't one that needs sandboxing, no action is 82// taken and true is always returned. 83CONTENT_EXPORT bool InitializeSandbox(int sandbox_type, 84 const base::FilePath& allowed_path); 85 86#elif defined(OS_LINUX) 87 88class SandboxInitializerDelegate; 89 90// Initialize a seccomp-bpf sandbox. |policy| may not be NULL. 91// Returns true if the sandbox has been properly engaged. 92CONTENT_EXPORT bool InitializeSandbox(playground2::BpfSandboxPolicy policy); 93 94// Return a Callback implementing the "baseline" policy. This is used by a 95// SandboxInitializerDelegate to implement a policy that is derived from 96// the baseline. 97CONTENT_EXPORT playground2::BpfSandboxPolicyCallback 98 GetBpfSandboxBaselinePolicy(); 99 100#endif // defined(OS_LINUX) 101 102} // namespace content 103 104#endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ 105