sandbox_type_mac.h revision 6d86b77056ed63eb6871182f42a9fd5f07550f90 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_
6#define CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_
7
8namespace content {
9
10// Defines the Mac sandbox types known within content. Embedders can add
11// additional sandbox types with IDs starting with SANDBOX_TYPE_AFTER_LAST_TYPE.
12
13enum SandboxType {
14  // Not a valid sandbox type.
15  SANDBOX_TYPE_INVALID = -1,
16
17  SANDBOX_TYPE_FIRST_TYPE = 0,  // Placeholder to ease iteration.
18
19  SANDBOX_TYPE_RENDERER = SANDBOX_TYPE_FIRST_TYPE,
20
21  // The worker process uses the most restrictive sandbox which has almost
22  // *everything* locked down. Only a couple of /System/Library/ paths and
23  // some other very basic operations (e.g., reading metadata to allow
24  // following symlinks) are permitted.
25  SANDBOX_TYPE_WORKER,
26
27  // Utility process is as restrictive as the worker process except full
28  // access is allowed to one configurable directory.
29  SANDBOX_TYPE_UTILITY,
30
31  // GPU process.
32  SANDBOX_TYPE_GPU,
33
34  // The PPAPI plugin process.
35  SANDBOX_TYPE_PPAPI,
36
37  SANDBOX_TYPE_AFTER_LAST_TYPE,  // Placeholder to ease iteration.
38};
39
40}  // namespace content
41
42#endif  // CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_
43