content/public/common/sandbox_init.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
   6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
   7
   8 #include "base/memory/scoped_ptr.h"
   9 #include "base/process/process.h"
  10 #include "build/build_config.h"
  11 #include "content/common/content_export.h"
  12
  13 namespace base {
  14 class CommandLine;
  15 class FilePath;
  16 }
  17
  18 namespace sandbox {
  19 namespace bpf_dsl {
  20 class SandboxBPFDSLPolicy;
  21 }
  22 struct SandboxInterfaceInfo;
  23 }
  24
  25 namespace content {
  26 class SandboxedProcessLauncherDelegate;
  27
  28 #if defined(OS_WIN)
  29
  30 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
  31 // processes, depending on the command line flags. Although The browser process
  32 // is not sandboxed, this also needs to be called because it will initialize
  33 // the broker code.
  34 // Returns true if the sandbox was initialized succesfully, false if an error
  35 // occurred.  If process_type isn't one that needs sandboxing true is always
  36 // returned.
  37 CONTENT_EXPORT bool InitializeSandbox(
  38     sandbox::SandboxInterfaceInfo* sandbox_info);
  39
  40 // This is a restricted version of Windows' DuplicateHandle() function
  41 // that works inside the sandbox and can send handles but not retrieve
  42 // them.  Unlike DuplicateHandle(), it takes a process ID rather than
  43 // a process handle.  It returns true on success, false otherwise.
  44 CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
  45                                           DWORD target_process_id,
  46                                           HANDLE* target_handle,
  47                                           DWORD desired_access,
  48                                           DWORD options);
  49
  50 // Inform the current process's sandbox broker (e.g. the broker for
  51 // 32-bit processes) about a process created under a different sandbox
  52 // broker (e.g. the broker for 64-bit processes).  This allows
  53 // BrokerDuplicateHandle() to send handles to a process managed by
  54 // another broker.  For example, it allows the 32-bit renderer to send
  55 // handles to 64-bit NaCl processes.  This returns true on success,
  56 // false otherwise.
  57 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process);
  58
  59 // Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL
  60 // then it just has to outlive this method call.
  61 CONTENT_EXPORT base::ProcessHandle StartSandboxedProcess(
  62     SandboxedProcessLauncherDelegate* delegate,
  63     base::CommandLine* cmd_line);
  64
  65 #elif defined(OS_MACOSX)
  66
  67 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
  68 // directory to allow access to. Note specifying a directory needs to be
  69 // supported by the sandbox profile associated with the given |sandbox_type|.
  70 // Valid values for |sandbox_type| are defined either by the enum SandboxType,
  71 // or by ContentClient::GetSandboxProfileForSandboxType().
  72 //
  73 // If the |sandbox_type| isn't one of the ones defined by content then the
  74 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
  75 // The embedder can use values for |sandbox_type| starting from
  76 // sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
  77 //
  78 // Returns true if the sandbox was initialized succesfully, false if an error
  79 // occurred.  If process_type isn't one that needs sandboxing, no action is
  80 // taken and true is always returned.
  81 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
  82                                       const base::FilePath& allowed_path);
  83
  84 #elif defined(OS_LINUX)
  85
  86 class SandboxInitializerDelegate;
  87
  88 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
  89 // Returns true if the sandbox has been properly engaged.
  90 CONTENT_EXPORT bool InitializeSandbox(
  91     scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> policy);
  92
  93 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to
  94 // implement a policy that is derived from the baseline.
  95 CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>
  96     GetBPFSandboxBaselinePolicy();
  97 #endif  // defined(OS_LINUX)
  98
  99 }  // namespace content
 100
 101 #endif  // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_