sandboxed_process_launcher_delegate.h revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 6#define CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 7 8#include "base/process.h" 9 10namespace base { 11class FilePath; 12} 13 14namespace sandbox { 15class TargetPolicy; 16} 17 18namespace content { 19 20// Allows a caller of StartSandboxedProcess or 21// BrowserChildProcessHost/ChildProcessLauncher to control the sandbox policy, 22// i.e. to loosen it if needed. 23// The methods below will be called on the PROCESS_LAUNCHER thread. 24class SandboxedProcessLauncherDelegate { 25 public: 26 virtual ~SandboxedProcessLauncherDelegate() {} 27 28 // By default, the process is launched sandboxed. Override this method and set 29 // |in_sandbox| to false if this process should be launched without a sandbox 30 // (i.e. through base::LaunchProcess directly). 31 virtual void ShouldSandbox(bool* in_sandbox) {} 32 33 // Called before the default sandbox is applied. If the default policy is too 34 // restrictive, the caller should set |disable_default_policy| to true and 35 // apply their policy in PreSpawnTarget. |exposed_dir| is used to allow a 36 //directory through the sandbox. 37 virtual void PreSandbox(bool* disable_default_policy, 38 base::FilePath* exposed_dir) {} 39 40 // Called right before spawning the process. 41 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, 42 bool* success) {} 43 44 // Called right after the process is launched, but before its thread is run. 45 virtual void PostSpawnTarget(base::ProcessHandle process) {} 46}; 47 48} // namespace content 49 50#endif // CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 51