search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Removing uses of X11 native key events.
[chromium-blink-merge.git] / content / common / sandbox_linux / sandbox_seccomp_bpf_linux.h
blobee12dfb74e5f529a1c2c8f2882f5abcbb61f7571
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
7
8 #include <string>
9
10 #include "base/basictypes.h"
11 #include "base/memory/scoped_ptr.h"
12
13 namespace sandbox {
14 namespace bpf_dsl {
15 class SandboxBPFDSLPolicy;
16 }
17 }
18
19 namespace content {
20
21 // This class has two main sets of APIs. One can be used to start the sandbox
22 // for internal content process types, the other is indirectly exposed as
23 // a public content/ API and uses a supplied policy.
24 class SandboxSeccompBPF {
25 public:
26 // This is the API to enable a seccomp-bpf sandbox for content/
27 // process-types:
28 // Is the sandbox globally enabled, can anything use it at all ?
29 // This looks at global command line flags to see if the sandbox
30 // should be enabled at all.
31 static bool IsSeccompBPFDesired();
32 // Should the sandbox be enabled for process_type ?
33 static bool ShouldEnableSeccompBPF(const std::string& process_type);
34 // Check if the kernel supports this sandbox. It's useful to "prewarm"
35 // this, part of the result will be cached.
36 static bool SupportsSandbox();
37 // Start the sandbox and apply the policy for process_type, depending on
38 // command line switches.
39 static bool StartSandbox(const std::string& process_type);
40
41 // This is the API to enable a seccomp-bpf sandbox by using an
42 // external policy.
43 static bool StartSandboxWithExternalPolicy(
44 scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy);
45 // The "baseline" policy can be a useful base to build a sandbox policy.
46 static scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> GetBaselinePolicy();
47
48 private:
49 DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBPF);
50 };
51
52 } // namespace content
53
54 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_