Home | History | Annotate | Download | only in common 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
      6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
      7 
      8 #include "base/callback_forward.h"
      9 #include "base/process/process.h"
     10 #include "build/build_config.h"
     11 #include "content/common/content_export.h"
     12 
     13 #if defined(OS_LINUX)
     14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h"
     15 #endif  // defined(OS_LINUX)
     16 
     17 class CommandLine;
     18 
     19 namespace base {
     20 class FilePath;
     21 }
     22 
     23 namespace sandbox {
     24 struct SandboxInterfaceInfo;
     25 }
     26 
     27 namespace content {
     28 class SandboxedProcessLauncherDelegate;
     29 
     30 #if defined(OS_WIN)
     31 
     32 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
     33 // processes, depending on the command line flags. Although The browser process
     34 // is not sandboxed, this also needs to be called because it will initialize
     35 // the broker code.
     36 // Returns true if the sandbox was initialized succesfully, false if an error
     37 // occurred.  If process_type isn't one that needs sandboxing true is always
     38 // returned.
     39 CONTENT_EXPORT bool InitializeSandbox(
     40     sandbox::SandboxInterfaceInfo* sandbox_info);
     41 
     42 // This is a restricted version of Windows' DuplicateHandle() function
     43 // that works inside the sandbox and can send handles but not retrieve
     44 // them.  Unlike DuplicateHandle(), it takes a process ID rather than
     45 // a process handle.  It returns true on success, false otherwise.
     46 CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
     47                                           DWORD target_process_id,
     48                                           HANDLE* target_handle,
     49                                           DWORD desired_access,
     50                                           DWORD options);
     51 
     52 // Inform the current process's sandbox broker (e.g. the broker for
     53 // 32-bit processes) about a process created under a different sandbox
     54 // broker (e.g. the broker for 64-bit processes).  This allows
     55 // BrokerDuplicateHandle() to send handles to a process managed by
     56 // another broker.  For example, it allows the 32-bit renderer to send
     57 // handles to 64-bit NaCl processes.  This returns true on success,
     58 // false otherwise.
     59 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process);
     60 
     61 // Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL
     62 // then it just has to outlive this method call.
     63 CONTENT_EXPORT base::ProcessHandle StartSandboxedProcess(
     64     SandboxedProcessLauncherDelegate* delegate,
     65     CommandLine* cmd_line);
     66 
     67 #elif defined(OS_MACOSX)
     68 
     69 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
     70 // directory to allow access to. Note specifying a directory needs to be
     71 // supported by the sandbox profile associated with the given |sandbox_type|.
     72 // Valid values for |sandbox_type| are defined either by the enum SandboxType,
     73 // or by ContentClient::GetSandboxProfileForSandboxType().
     74 //
     75 // If the |sandbox_type| isn't one of the ones defined by content then the
     76 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
     77 // The embedder can use values for |sandbox_type| starting from
     78 // sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
     79 //
     80 // Returns true if the sandbox was initialized succesfully, false if an error
     81 // occurred.  If process_type isn't one that needs sandboxing, no action is
     82 // taken and true is always returned.
     83 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
     84                                       const base::FilePath& allowed_path);
     85 
     86 #elif defined(OS_LINUX)
     87 
     88 class SandboxInitializerDelegate;
     89 
     90 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL.
     91 // Returns true if the sandbox has been properly engaged.
     92 CONTENT_EXPORT bool InitializeSandbox(playground2::BpfSandboxPolicy policy);
     93 
     94 // Return a Callback implementing the "baseline" policy. This is used by a
     95 // SandboxInitializerDelegate to implement a policy that is derived from
     96 // the baseline.
     97 CONTENT_EXPORT playground2::BpfSandboxPolicyCallback
     98     GetBpfSandboxBaselinePolicy();
     99 
    100 #endif  // defined(OS_LINUX)
    101 
    102 }  // namespace content
    103 
    104 #endif  // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
    105