OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 24 matching lines...) Expand all Loading... |
35 // can be implemented either with unprivileged namespaces or with the setuid | 35 // can be implemented either with unprivileged namespaces or with the setuid |
36 // sandbox. This class provides a way to engage the namespace sandbox, but does | 36 // sandbox. This class provides a way to engage the namespace sandbox, but does |
37 // not deal with the legacy setuid sandbox directly. | 37 // not deal with the legacy setuid sandbox directly. |
38 // The second layer is mainly based on seccomp-bpf and is engaged with | 38 // The second layer is mainly based on seccomp-bpf and is engaged with |
39 // InitializeSandbox(). InitializeSandbox() is also responsible for "sealing" | 39 // InitializeSandbox(). InitializeSandbox() is also responsible for "sealing" |
40 // the first layer of sandboxing. That is, InitializeSandbox must always be | 40 // the first layer of sandboxing. That is, InitializeSandbox must always be |
41 // called to have any meaningful sandboxing at all. | 41 // called to have any meaningful sandboxing at all. |
42 class LinuxSandbox { | 42 class LinuxSandbox { |
43 public: | 43 public: |
44 // This is a list of sandbox IPC methods which the renderer may send to the | 44 // This is a list of sandbox IPC methods which the renderer may send to the |
45 // sandbox host. See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC | 45 // sandbox host. See https://chromium.googlesource.com/chromium/src/+/master/d
ocs/linux_sandbox_ipc.md |
46 // This isn't the full list, values < 32 are reserved for methods called from | 46 // This isn't the full list, values < 32 are reserved for methods called from |
47 // Skia. | 47 // Skia. |
48 enum LinuxSandboxIPCMethods { | 48 enum LinuxSandboxIPCMethods { |
49 METHOD_GET_FALLBACK_FONT_FOR_CHAR = 32, | 49 METHOD_GET_FALLBACK_FONT_FOR_CHAR = 32, |
50 METHOD_LOCALTIME = 33, | 50 METHOD_LOCALTIME = 33, |
51 DEPRECATED_METHOD_GET_CHILD_WITH_INODE = 34, | 51 DEPRECATED_METHOD_GET_CHILD_WITH_INODE = 34, |
52 METHOD_GET_STYLE_FOR_STRIKE = 35, | 52 METHOD_GET_STYLE_FOR_STRIKE = 35, |
53 METHOD_MAKE_SHARED_MEMORY_SEGMENT = 36, | 53 METHOD_MAKE_SHARED_MEMORY_SEGMENT = 36, |
54 METHOD_MATCH_WITH_FALLBACK = 37, | 54 METHOD_MATCH_WITH_FALLBACK = 37, |
55 }; | 55 }; |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
177 #if defined(ANY_OF_AMTLU_SANITIZER) | 177 #if defined(ANY_OF_AMTLU_SANITIZER) |
178 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; | 178 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; |
179 #endif | 179 #endif |
180 | 180 |
181 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); | 181 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); |
182 }; | 182 }; |
183 | 183 |
184 } // namespace content | 184 } // namespace content |
185 | 185 |
186 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 186 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
OLD | NEW |