sandbox_type_mac.h revision 6d86b77056ed63eb6871182f42a9fd5f07550f90
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_ 6#define CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_ 7 8namespace content { 9 10// Defines the Mac sandbox types known within content. Embedders can add 11// additional sandbox types with IDs starting with SANDBOX_TYPE_AFTER_LAST_TYPE. 12 13enum SandboxType { 14 // Not a valid sandbox type. 15 SANDBOX_TYPE_INVALID = -1, 16 17 SANDBOX_TYPE_FIRST_TYPE = 0, // Placeholder to ease iteration. 18 19 SANDBOX_TYPE_RENDERER = SANDBOX_TYPE_FIRST_TYPE, 20 21 // The worker process uses the most restrictive sandbox which has almost 22 // *everything* locked down. Only a couple of /System/Library/ paths and 23 // some other very basic operations (e.g., reading metadata to allow 24 // following symlinks) are permitted. 25 SANDBOX_TYPE_WORKER, 26 27 // Utility process is as restrictive as the worker process except full 28 // access is allowed to one configurable directory. 29 SANDBOX_TYPE_UTILITY, 30 31 // GPU process. 32 SANDBOX_TYPE_GPU, 33 34 // The PPAPI plugin process. 35 SANDBOX_TYPE_PPAPI, 36 37 SANDBOX_TYPE_AFTER_LAST_TYPE, // Placeholder to ease iteration. 38}; 39 40} // namespace content 41 42#endif // CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_ 43