Refactor configuration of sandboxes - first steps

content/public/common/sandboxed_process_launcher_delegate.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_
 #define CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_
 
+#include "base/environment.h"
 #include "base/process/process.h"
 
+#include "content/common/content_export.h"
+
 namespace base {
 class FilePath;
 }
 
 namespace sandbox {
 class TargetPolicy;
 }
 
 namespace content {
 
 // Allows a caller of StartSandboxedProcess or
 // BrowserChildProcessHost/ChildProcessLauncher to control the sandbox policy,
 // i.e. to loosen it if needed.
 // The methods below will be called on the PROCESS_LAUNCHER thread.
-class SandboxedProcessLauncherDelegate {
+class CONTENT_EXPORT SandboxedProcessLauncherDelegate {
  public:
-  virtual ~SandboxedProcessLauncherDelegate() {}
+  virtual ~SandboxedProcessLauncherDelegate() {
+  }

[jam, 2014/02/26 19:47:52]

nit: keep on one line as before, that's the convention for all the headers in
content/public

[aberent, 2014/02/28 08:51:07]

Done.

+
+#if defined(OS_WIN)
+  // Override to return true if the process should be launched as an elevated
+  // process (which implies no sandbox).
+  virtual bool LaunchElevated();

[jam, 2014/02/26 19:47:52]

nit: LaunchElevated could be confused in that content is telling the delegate to
launch something itself. ShouldLaunchElevated would be clearer (i.e. like
ShouldSandbox below)

[aberent, 2014/02/28 08:51:07]

Done.

 
   // By default, the process is launched sandboxed. Override this method and set
   // |in_sandbox| to false if this process should be launched without a sandbox
   // (i.e. through base::LaunchProcess directly).
   virtual void ShouldSandbox(bool* in_sandbox) {}

[jam, 2014/02/26 22:45:14]

oh i forgot to mention, I had added this method this way instead of bool
ShouldSandbox() to avoid a cc file. since you're adding one now, if you don't
mind please change this method to a more natural form

[aberent, 2014/02/28 08:51:07]

Done.

 
   // Called before the default sandbox is applied. If the default policy is too
   // restrictive, the caller should set |disable_default_policy| to true and
   // apply their policy in PreSpawnTarget. |exposed_dir| is used to allow a
   //directory through the sandbox.
   virtual void PreSandbox(bool* disable_default_policy,
                           base::FilePath* exposed_dir) {}
 
   // Called right before spawning the process.
   virtual void PreSpawnTarget(sandbox::TargetPolicy* policy,
                               bool* success) {}
 
   // Called right after the process is launched, but before its thread is run.
   virtual void PostSpawnTarget(base::ProcessHandle process) {}
+
+#elif defined(OS_POSIX)
+  // Override this to return true to use the setuid sandbox.
+  virtual bool UseZygote();

[jam, 2014/02/26 19:47:52]

nit: ditto re naming, this should be ShouldUseZygote

[aberent, 2014/02/28 08:51:07]

Done.

+
+  // Override this if the process needs a non-empty environment map.
+  virtual base::EnvironmentMap GetEnvironment();
+
+  // Return the File descriptor for the IPC channel.
+  virtual int IpcFd() = 0;

[jam, 2014/02/26 19:47:52]

nit: GetIPCFD

[aberent, 2014/02/28 08:51:07]

Done.

+
+#endif
 };
 
 }  // namespace content
 
 #endif  // CONTENT_PUBLIC_COMMON_SANDBOXED_PROCESS_LAUNCHER_DELEGATE_H_