OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
7 | 7 |
8 #include "base/files/scoped_file.h" | 8 #include "base/files/scoped_file.h" |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "base/memory/shared_memory.h" | 10 #include "base/memory/shared_memory.h" |
(...skipping 23 matching lines...) Expand all Loading... |
34 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plugin | 34 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plugin |
35 // processes, depending on the command line flags. Although The browser process | 35 // processes, depending on the command line flags. Although The browser process |
36 // is not sandboxed, this also needs to be called because it will initialize | 36 // is not sandboxed, this also needs to be called because it will initialize |
37 // the broker code. | 37 // the broker code. |
38 // Returns true if the sandbox was initialized succesfully, false if an error | 38 // Returns true if the sandbox was initialized succesfully, false if an error |
39 // occurred. If process_type isn't one that needs sandboxing true is always | 39 // occurred. If process_type isn't one that needs sandboxing true is always |
40 // returned. | 40 // returned. |
41 CONTENT_EXPORT bool InitializeSandbox( | 41 CONTENT_EXPORT bool InitializeSandbox( |
42 sandbox::SandboxInterfaceInfo* sandbox_info); | 42 sandbox::SandboxInterfaceInfo* sandbox_info); |
43 | 43 |
44 // This is a restricted version of Windows' DuplicateHandle() function | |
45 // that works inside the sandbox and can send handles but not retrieve | |
46 // them. Unlike DuplicateHandle(), it takes a process ID rather than | |
47 // a process handle. It returns true on success, false otherwise. | |
48 CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle, | |
49 DWORD target_process_id, | |
50 HANDLE* target_handle, | |
51 DWORD desired_access, | |
52 DWORD options); | |
53 | |
54 // Inform the current process's sandbox broker (e.g. the broker for | 44 // Inform the current process's sandbox broker (e.g. the broker for |
55 // 32-bit processes) about a process created under a different sandbox | 45 // 32-bit processes) about a process created under a different sandbox |
56 // broker (e.g. the broker for 64-bit processes). This allows | 46 // broker (e.g. the broker for 64-bit processes). This allows |
57 // BrokerDuplicateHandle() to send handles to a process managed by | 47 // BrokerDuplicateHandle() to send handles to a process managed by |
58 // another broker. For example, it allows the 32-bit renderer to send | 48 // another broker. For example, it allows the 32-bit renderer to send |
59 // handles to 64-bit NaCl processes. This returns true on success, | 49 // handles to 64-bit NaCl processes. This returns true on success, |
60 // false otherwise. | 50 // false otherwise. |
61 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process); | 51 CONTENT_EXPORT bool BrokerAddTargetPeer(HANDLE peer_process); |
62 | 52 |
63 // Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL | 53 // Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
102 | 92 |
103 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to | 93 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to |
104 // implement a policy that is derived from the baseline. | 94 // implement a policy that is derived from the baseline. |
105 CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::Policy> | 95 CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::Policy> |
106 GetBPFSandboxBaselinePolicy(); | 96 GetBPFSandboxBaselinePolicy(); |
107 #endif // defined(OS_LINUX) || defined(OS_NACL_NONSFI) | 97 #endif // defined(OS_LINUX) || defined(OS_NACL_NONSFI) |
108 | 98 |
109 } // namespace content | 99 } // namespace content |
110 | 100 |
111 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 101 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
OLD | NEW |