content/common/sandbox_seccomp_bpf_linux.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_COMMON_SANDBOX_SECCOMP_BPF_LINUX_H_
   6 #define CONTENT_COMMON_SANDBOX_SECCOMP_BPF_LINUX_H_
   7
   8 #include "base/basictypes.h"
   9
  10 namespace content {
  11
  12 class SandboxSeccompBpf {
  13  public:
  14   // Is the sandbox globally enabled, can anything use it at all ?
  15   // This looks at global command line flags to see if the sandbox
  16   // should be enabled at all.
  17   static bool IsSeccompBpfDesired();
  18   // Should the sandbox be enabled for process_type ?
  19   static bool ShouldEnableSeccompBpf(const std::string& process_type);
  20   // Check if the kernel supports this sandbox. It's useful to "prewarm"
  21   // this, part of the result will be cached.
  22   static bool SupportsSandbox();
  23   // Start the sandbox and apply the policy for process_type, depending on
  24   // command line switches.
  25   static bool StartSandbox(const std::string& process_type);
  26
  27  private:
  28   DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBpf);
  29 };
  30
  31 }  // namespace content
  32
  33 #endif  // CONTENT_COMMON_SANDBOX_SECCOMP_BPF_LINUX_H_
  34