| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| 7 | 7 |
| 8 #include "base/callback_forward.h" |
| 8 #include "base/process.h" | 9 #include "base/process.h" |
| 9 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 10 #include "content/common/content_export.h" | 11 #include "content/common/content_export.h" |
| 11 #include "ipc/ipc_platform_file.h" | 12 #include "ipc/ipc_platform_file.h" |
| 12 | 13 |
| 13 class CommandLine; | 14 class CommandLine; |
| 14 | 15 |
| 15 namespace base { | 16 namespace base { |
| 16 class FilePath; | 17 class FilePath; |
| 17 } | 18 } |
| 18 | 19 |
| 19 namespace sandbox { | 20 namespace sandbox { |
| 21 class TargetPolicy; |
| 20 struct SandboxInterfaceInfo; | 22 struct SandboxInterfaceInfo; |
| 21 } | 23 } |
| 22 | 24 |
| 23 namespace content { | 25 namespace content { |
| 24 | 26 |
| 25 #if defined(OS_WIN) | 27 #if defined(OS_WIN) |
| 26 | 28 |
| 27 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in | 29 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in |
| 28 // processes, depending on the command line flags. Although The browser process | 30 // processes, depending on the command line flags. Although The browser process |
| 29 // is not sandboxed, this also needs to be called because it will initialize | 31 // is not sandboxed, this also needs to be called because it will initialize |
| (...skipping 22 matching lines...) Expand all Loading... |
| 52 // handles to 64-bit NaCl processes. This returns true on success, | 54 // handles to 64-bit NaCl processes. This returns true on success, |
| 53 // false otherwise. | 55 // false otherwise. |
| 54 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process); | 56 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process); |
| 55 | 57 |
| 56 // Starts a sandboxed process with the given directory unsandboxed | 58 // Starts a sandboxed process with the given directory unsandboxed |
| 57 // and returns a handle to it. | 59 // and returns a handle to it. |
| 58 CONTENT_EXPORT base::ProcessHandle StartProcessWithAccess( | 60 CONTENT_EXPORT base::ProcessHandle StartProcessWithAccess( |
| 59 CommandLine* cmd_line, | 61 CommandLine* cmd_line, |
| 60 const base::FilePath& exposed_dir); | 62 const base::FilePath& exposed_dir); |
| 61 | 63 |
| 64 // Allows an embeddder to modify the security policy used for the sandboxxed |
| 65 // process. |
| 66 // TODO(jam): this should be on ContentClient instead of a static, but it's done |
| 67 // this way since chrome_nacl_win64 needs this but doesn't pull in |
| 68 // ContentClient. Once we don't have the chrome_nacl_win64 target, we can move |
| 69 // this to ContentClient. |
| 70 typedef base::Callback<void(CommandLine*, sandbox::TargetPolicy*)> |
| 71 SandboxedProcessStartingCallback; |
| 72 CONTENT_EXPORT void SetSandboxedProcessStartingCallback( |
| 73 const SandboxedProcessStartingCallback& callback); |
| 74 |
| 62 #elif defined(OS_MACOSX) | 75 #elif defined(OS_MACOSX) |
| 63 | 76 |
| 64 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a | 77 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a |
| 65 // directory to allow access to. Note specifying a directory needs to be | 78 // directory to allow access to. Note specifying a directory needs to be |
| 66 // supported by the sandbox profile associated with the given |sandbox_type|. | 79 // supported by the sandbox profile associated with the given |sandbox_type|. |
| 67 // Valid values for |sandbox_type| are defined either by the enum SandboxType, | 80 // Valid values for |sandbox_type| are defined either by the enum SandboxType, |
| 68 // or by ContentClient::GetSandboxProfileForSandboxType(). | 81 // or by ContentClient::GetSandboxProfileForSandboxType(). |
| 69 // | 82 // |
| 70 // If the |sandbox_type| isn't one of the ones defined by content then the | 83 // If the |sandbox_type| isn't one of the ones defined by content then the |
| 71 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType(). | 84 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType(). |
| (...skipping 26 matching lines...) Expand all Loading... |
| 98 // DUPLICATE_SAME_ACCESS flag. On posix it behaves essentially the same as | 111 // DUPLICATE_SAME_ACCESS flag. On posix it behaves essentially the same as |
| 99 // IPC::GetFileHandleForProcess() | 112 // IPC::GetFileHandleForProcess() |
| 100 CONTENT_EXPORT IPC::PlatformFileForTransit BrokerGetFileHandleForProcess( | 113 CONTENT_EXPORT IPC::PlatformFileForTransit BrokerGetFileHandleForProcess( |
| 101 base::PlatformFile handle, | 114 base::PlatformFile handle, |
| 102 base::ProcessId target_process_id, | 115 base::ProcessId target_process_id, |
| 103 bool should_close_source); | 116 bool should_close_source); |
| 104 | 117 |
| 105 } // namespace content | 118 } // namespace content |
| 106 | 119 |
| 107 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 120 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12805004:
Remove mention of the nacl process in content. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/