sandbox_init.h revision 58e6fbe4ee35d65e14b626c557d37565bf8ad179 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
6#define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
7
8#include "base/callback_forward.h"
9#include "base/process/process.h"
10#include "build/build_config.h"
11#include "content/common/content_export.h"
12
13#if defined(OS_LINUX)
14#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h"
15#endif  // defined(OS_LINUX)
16
17class CommandLine;
18
19namespace base {
20class FilePath;
21}
22
23namespace sandbox {
24struct SandboxInterfaceInfo;
25}
26
27namespace content {
28class SandboxedProcessLauncherDelegate;
29
30#if defined(OS_WIN)
31
32// Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
33// processes, depending on the command line flags. Although The browser process
34// is not sandboxed, this also needs to be called because it will initialize
35// the broker code.
36// Returns true if the sandbox was initialized succesfully, false if an error
37// occurred.  If process_type isn't one that needs sandboxing true is always
38// returned.
39CONTENT_EXPORT bool InitializeSandbox(
40    sandbox::SandboxInterfaceInfo* sandbox_info);
41
42// This is a restricted version of Windows' DuplicateHandle() function
43// that works inside the sandbox and can send handles but not retrieve
44// them.  Unlike DuplicateHandle(), it takes a process ID rather than
45// a process handle.  It returns true on success, false otherwise.
46CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
47                                          DWORD target_process_id,
48                                          HANDLE* target_handle,
49                                          DWORD desired_access,
50                                          DWORD options);
51
52// Inform the current process's sandbox broker (e.g. the broker for
53// 32-bit processes) about a process created under a different sandbox
54// broker (e.g. the broker for 64-bit processes).  This allows
55// BrokerDuplicateHandle() to send handles to a process managed by
56// another broker.  For example, it allows the 32-bit renderer to send
57// handles to 64-bit NaCl processes.  This returns true on success,
58// false otherwise.
59CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process);
60
61// Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL
62// then it just has to outlive this method call.
63CONTENT_EXPORT base::ProcessHandle StartSandboxedProcess(
64    SandboxedProcessLauncherDelegate* delegate,
65    CommandLine* cmd_line);
66
67#elif defined(OS_MACOSX)
68
69// Initialize the sandbox of the given |sandbox_type|, optionally specifying a
70// directory to allow access to. Note specifying a directory needs to be
71// supported by the sandbox profile associated with the given |sandbox_type|.
72// Valid values for |sandbox_type| are defined either by the enum SandboxType,
73// or by ContentClient::GetSandboxProfileForSandboxType().
74//
75// If the |sandbox_type| isn't one of the ones defined by content then the
76// embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
77// The embedder can use values for |sandbox_type| starting from
78// sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
79//
80// Returns true if the sandbox was initialized succesfully, false if an error
81// occurred.  If process_type isn't one that needs sandboxing, no action is
82// taken and true is always returned.
83CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
84                                      const base::FilePath& allowed_path);
85
86#elif defined(OS_LINUX)
87
88class SandboxInitializerDelegate;
89
90// Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
91// Returns true if the sandbox has been properly engaged.
92CONTENT_EXPORT bool InitializeSandbox(playground2::BpfSandboxPolicy policy);
93
94// Return a Callback implementing the "baseline" policy. This is used by a
95// SandboxInitializerDelegate to implement a policy that is derived from
96// the baseline.
97CONTENT_EXPORT playground2::BpfSandboxPolicyCallback
98    GetBpfSandboxBaselinePolicy();
99
100#endif  // defined(OS_LINUX)
101
102}  // namespace content
103
104#endif  // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
105