Upstreaming browser/ui/uikit_ui_util from iOS.
[chromium-blink-merge.git] / content / public / common / sandbox_init.h
blob1a312339ee8e58013604c64283055cdcbe102edb
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
8 #include "base/files/scoped_file.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/memory/shared_memory.h"
11 #include "base/process/process.h"
12 #include "base/process/process_handle.h"
13 #include "build/build_config.h"
14 #include "content/common/content_export.h"
16 namespace base {
17 class CommandLine;
18 class FilePath;
21 namespace sandbox {
22 namespace bpf_dsl {
23 class Policy;
25 struct SandboxInterfaceInfo;
28 namespace content {
29 class SandboxedProcessLauncherDelegate;
31 #if defined(OS_WIN) || defined(OS_MACOSX)
32 // This function allows a sandboxed process to duplicate a SharedMemoryHandle
33 // to itself or to another process. The duplicated SharedMemoryHandle has the
34 // same access rights as the original. Returns true on success, false
35 // otherwise.
36 CONTENT_EXPORT bool BrokerDuplicateSharedMemoryHandle(
37 const base::SharedMemoryHandle& source_handle,
38 base::ProcessId target_process_id,
39 base::SharedMemoryHandle* target_handle);
40 #endif // defined(OS_WIN) || defined(OS_MACOSX)
42 #if defined(OS_WIN)
44 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plugin
45 // processes, depending on the command line flags. Although The browser process
46 // is not sandboxed, this also needs to be called because it will initialize
47 // the broker code.
48 // Returns true if the sandbox was initialized succesfully, false if an error
49 // occurred. If process_type isn't one that needs sandboxing true is always
50 // returned.
51 CONTENT_EXPORT bool InitializeSandbox(
52 sandbox::SandboxInterfaceInfo* sandbox_info);
54 // This is a restricted version of Windows' DuplicateHandle() function
55 // that works inside the sandbox and can send handles but not retrieve
56 // them. Unlike DuplicateHandle(), it takes a process ID rather than
57 // a process handle. It returns true on success, false otherwise.
58 CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
59 DWORD target_process_id,
60 HANDLE* target_handle,
61 DWORD desired_access,
62 DWORD options);
64 // Inform the current process's sandbox broker (e.g. the broker for
65 // 32-bit processes) about a process created under a different sandbox
66 // broker (e.g. the broker for 64-bit processes). This allows
67 // BrokerDuplicateHandle() to send handles to a process managed by
68 // another broker. For example, it allows the 32-bit renderer to send
69 // handles to 64-bit NaCl processes. This returns true on success,
70 // false otherwise.
71 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process);
73 // Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL
74 // then it just has to outlive this method call.
75 CONTENT_EXPORT base::Process StartSandboxedProcess(
76 SandboxedProcessLauncherDelegate* delegate,
77 base::CommandLine* cmd_line);
79 #elif defined(OS_MACOSX)
81 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
82 // directory to allow access to. Note specifying a directory needs to be
83 // supported by the sandbox profile associated with the given |sandbox_type|.
84 // Valid values for |sandbox_type| are defined either by the enum SandboxType,
85 // or by ContentClient::GetSandboxProfileForSandboxType().
87 // If the |sandbox_type| isn't one of the ones defined by content then the
88 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
89 // The embedder can use values for |sandbox_type| starting from
90 // sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
92 // Returns true if the sandbox was initialized succesfully, false if an error
93 // occurred. If process_type isn't one that needs sandboxing, no action is
94 // taken and true is always returned.
95 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
96 const base::FilePath& allowed_path);
98 #elif defined(OS_LINUX) || defined(OS_NACL_NONSFI)
100 class SandboxInitializerDelegate;
102 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
103 // If an existing layer of sandboxing is present that would prevent access to
104 // /proc, |proc_fd| must be a valid file descriptor to /proc/.
105 // Returns true if the sandbox has been properly engaged.
106 CONTENT_EXPORT bool InitializeSandbox(
107 scoped_ptr<sandbox::bpf_dsl::Policy> policy,
108 base::ScopedFD proc_fd);
110 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to
111 // implement a policy that is derived from the baseline.
112 CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::Policy>
113 GetBPFSandboxBaselinePolicy();
114 #endif // defined(OS_LINUX) || defined(OS_NACL_NONSFI)
116 } // namespace content
118 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_