Make developerPrivate API available in stable.
[chromium-blink-merge.git] / content / common / sandbox_linux.h
blob412c04ab20bdf1915974443370025d853579ed9b
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_
6 #define CONTENT_COMMON_SANDBOX_LINUX_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "content/public/common/sandbox_linux.h"
14 template <typename T> struct DefaultSingletonTraits;
15 namespace sandbox { class SetuidSandboxClient; }
17 namespace content {
19 // A singleton class to represent and change our sandboxing state for the
20 // three main Linux sandboxes.
21 class LinuxSandbox {
22 public:
23 // This is a list of sandbox IPC methods which the renderer may send to the
24 // sandbox host. See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
25 // This isn't the full list, values < 32 are reserved for methods called from
26 // Skia.
27 enum LinuxSandboxIPCMethods {
28 METHOD_GET_FONT_FAMILY_FOR_CHAR = 32,
29 METHOD_LOCALTIME = 33,
30 METHOD_GET_CHILD_WITH_INODE = 34,
31 METHOD_GET_STYLE_FOR_STRIKE = 35,
32 METHOD_MAKE_SHARED_MEMORY_SEGMENT = 36,
33 METHOD_MATCH_WITH_FALLBACK = 37,
36 // Get our singleton instance.
37 static LinuxSandbox* GetInstance();
39 // Do some initialization that can only be done before any of the sandboxes
40 // are enabled. If using the setuid sandbox, this should be called manually
41 // before the setuid sandbox is engaged.
42 void PreinitializeSandbox();
44 // Initialize the sandbox with the given pre-built configuration. Currently
45 // seccomp-bpf and address space limitations (the setuid sandbox works
46 // differently and is set-up in the Zygote). This will instantiate the
47 // LinuxSandbox singleton if it doesn't already exist.
48 static bool InitializeSandbox();
50 // Returns the Status of the renderers' sandbox. Can only be queried after
51 // going through PreinitializeSandbox(). This is a bitmask and uses the
52 // constants defined in "enum LinuxSandboxStatus". Since the status needs to
53 // be provided before the sandboxes are actually started, this returns what
54 // will actually happen once the various Start* functions are called from
55 // inside a renderer.
56 int GetStatus() const;
57 // Returns true if the current process is single-threaded or if the number
58 // of threads cannot be determined.
59 bool IsSingleThreaded() const;
60 // Did we start Seccomp BPF?
61 bool seccomp_bpf_started() const;
63 // Simple accessor for our instance of the setuid sandbox. Will never return
64 // NULL.
65 // There is no StartSetuidSandbox(), the SetuidSandboxClient instance should
66 // be used directly.
67 sandbox::SetuidSandboxClient* setuid_sandbox_client() const;
69 // Check the policy and eventually start the seccomp-bpf sandbox. This should
70 // never be called with threads started. If we detect that threads have
71 // started we will crash.
72 bool StartSeccompBpf(const std::string& process_type);
74 // Limit the address space of the current process (and its children).
75 // to make some vulnerabilities harder to exploit.
76 bool LimitAddressSpace(const std::string& process_type);
78 private:
79 friend struct DefaultSingletonTraits<LinuxSandbox>;
81 // We must have been pre_initialized_ before using this.
82 bool seccomp_bpf_supported() const;
83 // The last part of the initialization is to make sure any temporary "hole"
84 // in the sandbox is closed. For now, this consists of closing proc_fd_.
85 void SealSandbox();
87 // A file descriptor to /proc. It's dangerous to have it around as it could
88 // allow for sandbox bypasses. It needs to be closed before we consider
89 // ourselves sandboxed.
90 int proc_fd_;
91 bool seccomp_bpf_started_;
92 // Did PreinitializeSandbox() run?
93 bool pre_initialized_;
94 bool seccomp_bpf_supported_; // Accurate if pre_initialized_.
95 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
97 ~LinuxSandbox();
98 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox);
101 } // namespace content
103 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_