Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(545)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/public/common/sandbox_init.h

Issue 12163003: Add FilePath to base namespace. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/public/common/child_process_host.h ('k') | content/public/renderer/content_renderer_client.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
7 7
8 #include "base/process.h" 8 #include "base/process.h"
9 #include "build/build_config.h" 9 #include "build/build_config.h"
10 #include "content/common/content_export.h" 10 #include "content/common/content_export.h"
11 #include "ipc/ipc_platform_file.h" 11 #include "ipc/ipc_platform_file.h"
12 12
13 class CommandLine; 13 class CommandLine;
14
15 namespace base {
14 class FilePath; 16 class FilePath;
17 }
15 18
16 namespace sandbox { 19 namespace sandbox {
17 struct SandboxInterfaceInfo; 20 struct SandboxInterfaceInfo;
18 } 21 }
19 22
20 namespace content { 23 namespace content {
21 24
22 #if defined(OS_WIN) 25 #if defined(OS_WIN)
23 26
24 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in 27 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
(...skipping 22 matching lines...) Expand all
47 // BrokerDuplicateHandle() to send handles to a process managed by 50 // BrokerDuplicateHandle() to send handles to a process managed by
48 // another broker. For example, it allows the 32-bit renderer to send 51 // another broker. For example, it allows the 32-bit renderer to send
49 // handles to 64-bit NaCl processes. This returns true on success, 52 // handles to 64-bit NaCl processes. This returns true on success,
50 // false otherwise. 53 // false otherwise.
51 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process); 54 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process);
52 55
53 // Starts a sandboxed process with the given directory unsandboxed 56 // Starts a sandboxed process with the given directory unsandboxed
54 // and returns a handle to it. 57 // and returns a handle to it.
55 CONTENT_EXPORT base::ProcessHandle StartProcessWithAccess( 58 CONTENT_EXPORT base::ProcessHandle StartProcessWithAccess(
56 CommandLine* cmd_line, 59 CommandLine* cmd_line,
57 const FilePath& exposed_dir); 60 const base::FilePath& exposed_dir);
58 61
59 #elif defined(OS_MACOSX) 62 #elif defined(OS_MACOSX)
60 63
61 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a 64 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
62 // directory to allow access to. Note specifying a directory needs to be 65 // directory to allow access to. Note specifying a directory needs to be
63 // supported by the sandbox profile associated with the given |sandbox_type|. 66 // supported by the sandbox profile associated with the given |sandbox_type|.
64 // Valid values for |sandbox_type| are defined either by the enum SandboxType, 67 // Valid values for |sandbox_type| are defined either by the enum SandboxType,
65 // or by ContentClient::GetSandboxProfileForSandboxType(). 68 // or by ContentClient::GetSandboxProfileForSandboxType().
66 // 69 //
67 // If the |sandbox_type| isn't one of the ones defined by content then the 70 // If the |sandbox_type| isn't one of the ones defined by content then the
68 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType(). 71 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType().
69 // The embedder can use values for |sandbox_type| starting from 72 // The embedder can use values for |sandbox_type| starting from
70 // sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE. 73 // sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE.
71 // 74 //
72 // Returns true if the sandbox was initialized succesfully, false if an error 75 // Returns true if the sandbox was initialized succesfully, false if an error
73 // occurred. If process_type isn't one that needs sandboxing, no action is 76 // occurred. If process_type isn't one that needs sandboxing, no action is
74 // taken and true is always returned. 77 // taken and true is always returned.
75 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type, 78 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
76 const FilePath& allowed_path); 79 const base::FilePath& allowed_path);
77 80
78 #elif defined(OS_LINUX) 81 #elif defined(OS_LINUX)
79 82
80 // Initialize the sandbox (currently seccomp-legacy or seccomp-bpf, the setuid 83 // Initialize the sandbox (currently seccomp-legacy or seccomp-bpf, the setuid
81 // sandbox works differently and is set-up in the Zygote). 84 // sandbox works differently and is set-up in the Zygote).
82 // The process sandbox type is determined at run time via the command line 85 // The process sandbox type is determined at run time via the command line
83 // switches. TODO(jln): switch to a model where the caller chooses a sandbox 86 // switches. TODO(jln): switch to a model where the caller chooses a sandbox
84 // type. 87 // type.
85 // This should be called before any additional thread has been created. 88 // This should be called before any additional thread has been created.
86 // 89 //
87 // Returns true if a sandbox has been initialized successfully, false 90 // Returns true if a sandbox has been initialized successfully, false
88 // otherwise. 91 // otherwise.
89 CONTENT_EXPORT bool InitializeSandbox(); 92 CONTENT_EXPORT bool InitializeSandbox();
90 93
91 #endif 94 #endif
92 95
93 // Platform neutral wrapper for making an exact copy of a handle for use in 96 // Platform neutral wrapper for making an exact copy of a handle for use in
94 // the target process. On Windows this wraps BrokerDuplicateHandle() with the 97 // the target process. On Windows this wraps BrokerDuplicateHandle() with the
95 // DUPLICATE_SAME_ACCESS flag. On posix it behaves essentially the same as 98 // DUPLICATE_SAME_ACCESS flag. On posix it behaves essentially the same as
96 // IPC::GetFileHandleForProcess() 99 // IPC::GetFileHandleForProcess()
97 CONTENT_EXPORT IPC::PlatformFileForTransit BrokerGetFileHandleForProcess( 100 CONTENT_EXPORT IPC::PlatformFileForTransit BrokerGetFileHandleForProcess(
98 base::PlatformFile handle, 101 base::PlatformFile handle,
99 base::ProcessId target_process_id, 102 base::ProcessId target_process_id,
100 bool should_close_source); 103 bool should_close_source);
101 104
102 } // namespace content 105 } // namespace content
103 106
104 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ 107 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
OLDNEW
« no previous file with comments | « content/public/common/child_process_host.h ('k') | content/public/renderer/content_renderer_client.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698