1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
8 #include "base/files/scoped_file.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/process/process.h"
11 #include "build/build_config.h"
12 #include "content/common/content_export.h"
23 struct SandboxInterfaceInfo
;
27 class SandboxedProcessLauncherDelegate
;
31 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plugin
32 // processes, depending on the command line flags. Although The browser process
33 // is not sandboxed, this also needs to be called because it will initialize
35 // Returns true if the sandbox was initialized succesfully, false if an error
36 // occurred. If process_type isn't one that needs sandboxing true is always
38 CONTENT_EXPORT
bool InitializeSandbox(
39 sandbox::SandboxInterfaceInfo
* sandbox_info
);
41 // This is a restricted version of Windows' DuplicateHandle() function
42 // that works inside the sandbox and can send handles but not retrieve
43 // them. Unlike DuplicateHandle(), it takes a process ID rather than
44 // a process handle. It returns true on success, false otherwise.
45 CONTENT_EXPORT
bool BrokerDuplicateHandle(HANDLE source_handle
,
46 DWORD target_process_id
,
47 HANDLE
* target_handle
,
51 // Inform the current process's sandbox broker (e.g. the broker for
52 // 32-bit processes) about a process created under a different sandbox
53 // broker (e.g. the broker for 64-bit processes). This allows
54 // BrokerDuplicateHandle() to send handles to a process managed by
55 // another broker. For example, it allows the 32-bit renderer to send
56 // handles to 64-bit NaCl processes. This returns true on success,
58 CONTENT_EXPORT
bool BrokerAddTargetPeer(HANDLE peer_process
);
60 // Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL
61 // then it just has to outlive this method call.
62 CONTENT_EXPORT
base::Process
StartSandboxedProcess(
63 SandboxedProcessLauncherDelegate
* delegate
,
64 base::CommandLine
* cmd_line
);
66 #elif defined(OS_MACOSX)
68 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
69 // directory to allow access to. Note specifying a directory needs to be
70 // supported by the sandbox profile associated with the given |sandbox_type|.
71 // Valid values for |sandbox_type| are defined either by the enum SandboxType,
72 // or by ContentClient::GetSandboxProfileForSandboxType().
74 // If the |sandbox_type| isn't one of the ones defined by content then the
75 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
76 // The embedder can use values for |sandbox_type| starting from
77 // sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
79 // Returns true if the sandbox was initialized succesfully, false if an error
80 // occurred. If process_type isn't one that needs sandboxing, no action is
81 // taken and true is always returned.
82 CONTENT_EXPORT
bool InitializeSandbox(int sandbox_type
,
83 const base::FilePath
& allowed_path
);
85 #elif defined(OS_LINUX)
87 class SandboxInitializerDelegate
;
89 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
90 // If an existing layer of sandboxing is present that would prevent access to
91 // /proc, |proc_fd| must be a valid file descriptor to /proc/.
92 // Returns true if the sandbox has been properly engaged.
93 CONTENT_EXPORT
bool InitializeSandbox(
94 scoped_ptr
<sandbox::bpf_dsl::Policy
> policy
,
95 base::ScopedFD proc_fd
);
97 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to
98 // implement a policy that is derived from the baseline.
99 CONTENT_EXPORT scoped_ptr
<sandbox::bpf_dsl::Policy
>
100 GetBPFSandboxBaselinePolicy();
101 #endif // defined(OS_LINUX)
103 } // namespace content
105 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_