OLD | NEW |
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_COMMON_SANDBOX_MAC_H_ | 5 #ifndef CHROME_COMMON_SANDBOX_MAC_H_ |
6 #define CHROME_COMMON_SANDBOX_MAC_H_ | 6 #define CHROME_COMMON_SANDBOX_MAC_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
10 | 10 |
11 namespace sandbox { | 11 namespace sandbox { |
12 | 12 |
13 enum SandboxProcessType { | 13 enum SandboxProcessType { |
14 | 14 |
15 SANDBOX_TYPE_FIRST_TYPE, // Placeholder to ease iteration. | 15 SANDBOX_TYPE_FIRST_TYPE, // Placeholder to ease iteration. |
16 | 16 |
17 SANDBOX_TYPE_RENDERER = SANDBOX_TYPE_FIRST_TYPE, | 17 SANDBOX_TYPE_RENDERER = SANDBOX_TYPE_FIRST_TYPE, |
18 | 18 |
19 // The worker processes uses the most restrictive sandbox which has almost | 19 // The worker processes uses the most restrictive sandbox which has almost |
20 // *everything* locked down. Only a couple of /System/Library/ paths and | 20 // *everything* locked down. Only a couple of /System/Library/ paths and |
21 // some other very basic operations (e.g., reading metadata to allow | 21 // some other very basic operations (e.g., reading metadata to allow |
22 // following symlinks) are permitted. | 22 // following symlinks) are permitted. |
23 SANDBOX_TYPE_WORKER, | 23 SANDBOX_TYPE_WORKER, |
24 | 24 |
25 // Utility process is as restrictive as the worker process except full access | 25 // Utility process is as restrictive as the worker process except full access |
26 // is allowed to one configurable directory. | 26 // is allowed to one configurable directory. |
27 SANDBOX_TYPE_UTILITY, | 27 SANDBOX_TYPE_UTILITY, |
28 | 28 |
29 // Native Client sandboxes. The plugin contains trusted code and the | 29 // Native Client sandbox for the user's untrusted code. |
30 // loader contains the user's untrusted code. | |
31 SANDBOX_TYPE_NACL_PLUGIN, | |
32 SANDBOX_TYPE_NACL_LOADER, | 30 SANDBOX_TYPE_NACL_LOADER, |
33 | 31 |
34 SANDBOX_AFTER_TYPE_LAST_TYPE, // Placeholder to ease iteration. | 32 SANDBOX_AFTER_TYPE_LAST_TYPE, // Placeholder to ease iteration. |
35 }; | 33 }; |
36 | 34 |
37 // Warm up System APIs that empirically need to be accessed before the Sandbox | 35 // Warm up System APIs that empirically need to be accessed before the Sandbox |
38 // is turned on. | 36 // is turned on. |
39 void SandboxWarmup(); | 37 void SandboxWarmup(); |
40 | 38 |
41 // Turns on the OS X sandbox for this process. | 39 // Turns on the OS X sandbox for this process. |
(...skipping 10 matching lines...) Expand all Loading... |
52 const FilePath& allowed_dir); | 50 const FilePath& allowed_dir); |
53 | 51 |
54 // Convert provided path into a "canonical" path matching what the Sandbox | 52 // Convert provided path into a "canonical" path matching what the Sandbox |
55 // expects i.e. one without symlinks. | 53 // expects i.e. one without symlinks. |
56 // This path is not necessarily unique e.g. in the face of hardlinks. | 54 // This path is not necessarily unique e.g. in the face of hardlinks. |
57 void GetCanonicalSandboxPath(FilePath* path); | 55 void GetCanonicalSandboxPath(FilePath* path); |
58 | 56 |
59 } // namespace sandbox | 57 } // namespace sandbox |
60 | 58 |
61 #endif // CHROME_COMMON_SANDBOX_MAC_H_ | 59 #endif // CHROME_COMMON_SANDBOX_MAC_H_ |
OLD | NEW |