sandbox_init.h revision c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
6#define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
7
8#include "base/process.h"
9#include "build/build_config.h"
10#include "content/common/content_export.h"
11
12class CommandLine;
13
14namespace base {
15class FilePath;
16}
17
18namespace sandbox {
19struct SandboxInterfaceInfo;
20}
21
22namespace content {
23class SandboxedProcessLauncherDelegate;
24
25#if defined(OS_WIN)
26
27// Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
28// processes, depending on the command line flags. Although The browser process
29// is not sandboxed, this also needs to be called because it will initialize
30// the broker code.
31// Returns true if the sandbox was initialized succesfully, false if an error
32// occurred.  If process_type isn't one that needs sandboxing true is always
33// returned.
34CONTENT_EXPORT bool InitializeSandbox(
35    sandbox::SandboxInterfaceInfo* sandbox_info);
36
37// This is a restricted version of Windows' DuplicateHandle() function
38// that works inside the sandbox and can send handles but not retrieve
39// them.  Unlike DuplicateHandle(), it takes a process ID rather than
40// a process handle.  It returns true on success, false otherwise.
41CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
42                                          DWORD target_process_id,
43                                          HANDLE* target_handle,
44                                          DWORD desired_access,
45                                          DWORD options);
46
47// Inform the current process's sandbox broker (e.g. the broker for
48// 32-bit processes) about a process created under a different sandbox
49// broker (e.g. the broker for 64-bit processes).  This allows
50// BrokerDuplicateHandle() to send handles to a process managed by
51// another broker.  For example, it allows the 32-bit renderer to send
52// handles to 64-bit NaCl processes.  This returns true on success,
53// false otherwise.
54CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process);
55
56// Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL
57// then it just has to outlive this method call.
58CONTENT_EXPORT base::ProcessHandle StartSandboxedProcess(
59    SandboxedProcessLauncherDelegate* delegate,
60    CommandLine* cmd_line);
61
62#elif defined(OS_MACOSX)
63
64// Initialize the sandbox of the given |sandbox_type|, optionally specifying a
65// directory to allow access to. Note specifying a directory needs to be
66// supported by the sandbox profile associated with the given |sandbox_type|.
67// Valid values for |sandbox_type| are defined either by the enum SandboxType,
68// or by ContentClient::GetSandboxProfileForSandboxType().
69//
70// If the |sandbox_type| isn't one of the ones defined by content then the
71// embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
72// The embedder can use values for |sandbox_type| starting from
73// sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
74//
75// Returns true if the sandbox was initialized succesfully, false if an error
76// occurred.  If process_type isn't one that needs sandboxing, no action is
77// taken and true is always returned.
78CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
79                                      const base::FilePath& allowed_path);
80
81#endif
82
83}  // namespace content
84
85#endif  // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
86