chrome/common/sandbox_mac.h - Issue 341033: Sandbox Worker process on the Mac.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: chrome/common/sandbox_mac.h

Issue 341033: Sandbox Worker process on the Mac. (Closed)

Patch Set: Fix latest round of comments Created 11 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROME_COMMON_SANDBOX_MAC_H_	5 #ifndef CHROME_COMMON_SANDBOX_MAC_H_

6 #define CHROME_COMMON_SANDBOX_MAC_H_	6 #define CHROME_COMMON_SANDBOX_MAC_H_

7	7

	8 #include "base/file_path.h"

	9

8 namespace sandbox {	10 namespace sandbox {

9	11

	12 enum SandboxProcessType {

	13 SANDBOX_TYPE_RENDERER,

	14

	15 // Worker process has everything not needed for Cocoa locked down.

	16 SANDBOX_TYPE_WORKER,

	17

	18 // Utility process is as restrictive as the worker process except full access

	19 // is allowed to one configurable directory.

	20 SANDBOX_TYPE_UTILITY,

	21 };

	22

10 // Warm up System APIs that empirically need to be accessed before the Sandbox	23 // Warm up System APIs that empirically need to be accessed before the Sandbox

11 // is turned on.	24 // is turned on.

12 void SandboxWarmup();	25 void SandboxWarmup();

13	26

14 // Turns on the OS X sandbox for this process.	27 // Turns on the OS X sandbox for this process.

15 bool EnableSandbox();	28 // \|sandbox_type\| - type of Sandbox to use.

	29 // \|allowed_dir\| - directory to allow access to, currently the only sandbox

	30 // profile that supports this is SANDBOX_TYPE_UTILITY .

	31 //

	32 // \|allowed_dir\| must be a "simple" string since it's placed as is in a regex

	33 // i.e. it must not contain quotation characters, escaping or any characters

	34 // that might have special meaning when blindly substituted into a regular

	35 // expression - crbug.com/26492 .

	36 // Returns true on success, false if an error occurred enabling the sandbox.

	37 bool EnableSandbox(SandboxProcessType sandbox_type,

	38 const FilePath& allowed_dir);

16	39

17 } // namespace sandbox	40 } // namespace sandbox

18	41

19 #endif // CHROME_COMMON_SANDBOX_MAC_H_	42 #endif // CHROME_COMMON_SANDBOX_MAC_H_

OLD	NEW

« no previous file with comments | « chrome/common/sandbox_init_wrapper_win.cc ('k') | chrome/common/sandbox_mac.mm » ('j') | no next file with comments »