content/public/common/sandbox_init.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
   6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
   7
   8 #include "base/process.h"
   9 #include "build/build_config.h"
  10 #include "content/common/content_export.h"
  11 #include "ipc/ipc_platform_file.h"
  12
  13 class CommandLine;
  14 class FilePath;
  15
  16 namespace sandbox {
  17 struct SandboxInterfaceInfo;
  18 }
  19
  20 namespace content {
  21
  22 #if defined(OS_WIN)
  23
  24 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
  25 // processes, depending on the command line flags. Although The browser process
  26 // is not sandboxed, this also needs to be called because it will initialize
  27 // the broker code.
  28 // Returns true if the sandbox was initialized succesfully, false if an error
  29 // occurred.  If process_type isn't one that needs sandboxing true is always
  30 // returned.
  31 CONTENT_EXPORT bool InitializeSandbox(
  32     sandbox::SandboxInterfaceInfo* sandbox_info);
  33
  34 // This is a restricted version of Windows' DuplicateHandle() function
  35 // that works inside the sandbox and can send handles but not retrieve
  36 // them.  Unlike DuplicateHandle(), it takes a process ID rather than
  37 // a process handle.  It returns true on success, false otherwise.
  38 CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
  39                                           DWORD target_process_id,
  40                                           HANDLE* target_handle,
  41                                           DWORD desired_access,
  42                                           DWORD options);
  43
  44 // Inform the current process's sandbox broker (e.g. the broker for
  45 // 32-bit processes) about a process created under a different sandbox
  46 // broker (e.g. the broker for 64-bit processes).  This allows
  47 // BrokerDuplicateHandle() to send handles to a process managed by
  48 // another broker.  For example, it allows the 32-bit renderer to send
  49 // handles to 64-bit NaCl processes.  This returns true on success,
  50 // false otherwise.
  51 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process);
  52
  53 // Starts a sandboxed process with the given directory unsandboxed
  54 // and returns a handle to it.
  55 CONTENT_EXPORT base::ProcessHandle StartProcessWithAccess(
  56     CommandLine* cmd_line,
  57     const FilePath& exposed_dir);
  58
  59 #elif defined(OS_MACOSX)
  60
  61 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
  62 // directory to allow access to. Note specifying a directory needs to be
  63 // supported by the sandbox profile associated with the given |sandbox_type|.
  64 // Valid values for |sandbox_type| are defined either by the enum SandboxType,
  65 // or by ContentClient::GetSandboxProfileForSandboxType().
  66 //
  67 // If the |sandbox_type| isn't one of the ones defined by content then the
  68 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
  69 // The embedder can use values for |sandbox_type| starting from
  70 // content::sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
  71 //
  72 // Returns true if the sandbox was initialized succesfully, false if an error
  73 // occurred.  If process_type isn't one that needs sandboxing, no action is
  74 // taken and true is always returned.
  75 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
  76                                       const FilePath& allowed_path);
  77
  78 #elif defined(OS_LINUX)
  79
  80 // Initialize the sandbox (currently seccomp-legacy or seccomp-bpf, the setuid
  81 // sandbox works differently and is set-up in the Zygote).
  82 // The process sandbox type is determined at run time via the command line
  83 // switches. TODO(jln): switch to a model where the caller chooses a sandbox
  84 // type.
  85 // This should be called before any additional thread has been created.
  86 //
  87 // Returns true if a sandbox has been initialized successfully, false
  88 // otherwise.
  89 CONTENT_EXPORT bool InitializeSandbox();
  90
  91 #endif
  92
  93 // Platform neutral wrapper for making an exact copy of a handle for use in
  94 // the target process. On Windows this wraps BrokerDuplicateHandle() with the
  95 // DUPLICATE_SAME_ACCESS flag. On posix it behaves essentially the same as
  96 // IPC::GetFileHandleForProcess()
  97 CONTENT_EXPORT IPC::PlatformFileForTransit BrokerGetFileHandleForProcess(
  98     base::PlatformFile handle,
  99     base::ProcessId target_process_id,
 100     bool should_close_source);
 101
 102 }  // namespace content
 103
 104 #endif  // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_