Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(433)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/public/common/sandboxed_process_launcher_delegate.h

Issue 1532423003: Have each SandboxedProcessLauncherDelegate maintain a zygote. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fetch sandbox status Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/zygote_host/zygote_communication_linux.cc ('K') | « content/public/browser/zygote_host_linux.h ('k') | content/public/common/sandboxed_process_launcher_delegate.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_
6 #define CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 6 #define CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_
7 7
8 #include "base/environment.h" 8 #include "base/environment.h"
9 #include "base/files/scoped_file.h" 9 #include "base/files/scoped_file.h"
10 #include "base/process/process.h" 10 #include "base/process/process.h"
11 #include "content/common/content_export.h" 11 #include "content/common/content_export.h"
12 #include "content/public/common/sandbox_type.h" 12 #include "content/public/common/sandbox_type.h"
13 13
14 namespace base { 14 namespace base {
15 class FilePath; 15 class FilePath;
16 } 16 }
17 17
18 namespace sandbox { 18 namespace sandbox {
19 class TargetPolicy; 19 class TargetPolicy;
20 } 20 }
21 21
22 namespace content { 22 namespace content {
23 23
24 #if defined(OS_LINUX)
25 class ZygoteCommunication;
26 using ZygoteHandle = ZygoteCommunication*;
27 #else
28 struct ZygoteHandle {};
29 #endif
30
24 // Allows a caller of StartSandboxedProcess or 31 // Allows a caller of StartSandboxedProcess or
25 // BrowserChildProcessHost/ChildProcessLauncher to control the sandbox policy, 32 // BrowserChildProcessHost/ChildProcessLauncher to control the sandbox policy,
26 // i.e. to loosen it if needed. 33 // i.e. to loosen it if needed.
27 // The methods below will be called on the PROCESS_LAUNCHER thread. 34 // The methods below will be called on the PROCESS_LAUNCHER thread.
28 class CONTENT_EXPORT SandboxedProcessLauncherDelegate { 35 class CONTENT_EXPORT SandboxedProcessLauncherDelegate {
29 public: 36 public:
30 virtual ~SandboxedProcessLauncherDelegate() {} 37 virtual ~SandboxedProcessLauncherDelegate() {}
31 38
32 #if defined(OS_WIN) 39 #if defined(OS_WIN)
33 // Override to return true if the process should be launched as an elevated 40 // Override to return true if the process should be launched as an elevated
(...skipping 10 matching lines...) Expand all
44 virtual bool DisableDefaultPolicy(); 51 virtual bool DisableDefaultPolicy();
45 52
46 // Called right before spawning the process. Returns false on failure. 53 // Called right before spawning the process. Returns false on failure.
47 virtual bool PreSpawnTarget(sandbox::TargetPolicy* policy); 54 virtual bool PreSpawnTarget(sandbox::TargetPolicy* policy);
48 55
49 // Called right after the process is launched, but before its thread is run. 56 // Called right after the process is launched, but before its thread is run.
50 virtual void PostSpawnTarget(base::ProcessHandle process) {} 57 virtual void PostSpawnTarget(base::ProcessHandle process) {}
51 58
52 #elif defined(OS_POSIX) 59 #elif defined(OS_POSIX)
53 // Override this to return true to use the setuid sandbox. 60 // Override this to return true to use the setuid sandbox.
54 virtual bool ShouldUseZygote(); 61 virtual ZygoteHandle* GetZygote();
55 62
56 // Override this if the process needs a non-empty environment map. 63 // Override this if the process needs a non-empty environment map.
57 virtual base::EnvironmentMap GetEnvironment(); 64 virtual base::EnvironmentMap GetEnvironment();
58 65
59 // Return the file descriptor for the IPC channel. 66 // Return the file descriptor for the IPC channel.
60 virtual base::ScopedFD TakeIpcFd() = 0; 67 virtual base::ScopedFD TakeIpcFd() = 0;
61 #endif 68 #endif
62 69
63 // Returns the SandboxType to enforce on the process, or SANDBOX_TYPE_INVALID 70 // Returns the SandboxType to enforce on the process, or SANDBOX_TYPE_INVALID
64 // for no sandbox policy. 71 // for no sandbox policy.
65 virtual SandboxType GetSandboxType(); 72 virtual SandboxType GetSandboxType();
66 }; 73 };
67 74
68 } // namespace content 75 } // namespace content
69 76
70 #endif // CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_ 77 #endif // CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_
OLDNEW
« content/browser/zygote_host/zygote_communication_linux.cc ('K') | « content/public/browser/zygote_host_linux.h ('k') | content/public/common/sandboxed_process_launcher_delegate.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698