Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(406)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_linux.h

Issue 2679323006: Remove content/browser dependency on WebFontRenderStyle. (Closed)
Patch Set: merge Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/common_sandbox_support_linux.cc ('k') | content/ppapi_plugin/ppapi_blink_platform_impl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
11 11
12 #include "base/logging.h" 12 #include "base/logging.h"
13 #include "base/macros.h" 13 #include "base/macros.h"
14 #include "base/posix/global_descriptors.h"
15 #include "content/public/common/content_descriptors.h"
14 #include "content/public/common/sandbox_linux.h" 16 #include "content/public/common/sandbox_linux.h"
15 17
16 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ 18 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
17 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \ 19 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \
18 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE) 20 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE)
19 #include <sanitizer/common_interface_defs.h> 21 #include <sanitizer/common_interface_defs.h>
20 #define ANY_OF_AMTLU_SANITIZER 1 22 #define ANY_OF_AMTLU_SANITIZER 1
21 #endif 23 #endif
22 24
23 namespace base { 25 namespace base {
24 template <typename T> 26 template <typename T>
25 struct DefaultSingletonTraits; 27 struct DefaultSingletonTraits;
26 class Thread; 28 class Thread;
27 } 29 }
28 namespace sandbox { class SetuidSandboxClient; } 30 namespace sandbox { class SetuidSandboxClient; }
29 31
30 namespace content { 32 namespace content {
31 33
34 inline int GetSandboxFD() {
35 return kSandboxIPCChannel + base::GlobalDescriptors::kBaseDescriptor;
36 }
37
32 // A singleton class to represent and change our sandboxing state for the 38 // A singleton class to represent and change our sandboxing state for the
33 // three main Linux sandboxes. 39 // three main Linux sandboxes.
34 // The sandboxing model allows using two layers of sandboxing. The first layer 40 // The sandboxing model allows using two layers of sandboxing. The first layer
35 // can be implemented either with unprivileged namespaces or with the setuid 41 // can be implemented either with unprivileged namespaces or with the setuid
36 // sandbox. This class provides a way to engage the namespace sandbox, but does 42 // sandbox. This class provides a way to engage the namespace sandbox, but does
37 // not deal with the legacy setuid sandbox directly. 43 // not deal with the legacy setuid sandbox directly.
38 // The second layer is mainly based on seccomp-bpf and is engaged with 44 // The second layer is mainly based on seccomp-bpf and is engaged with
39 // InitializeSandbox(). InitializeSandbox() is also responsible for "sealing" 45 // InitializeSandbox(). InitializeSandbox() is also responsible for "sealing"
40 // the first layer of sandboxing. That is, InitializeSandbox must always be 46 // the first layer of sandboxing. That is, InitializeSandbox must always be
41 // called to have any meaningful sandboxing at all. 47 // called to have any meaningful sandboxing at all.
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after
177 #if defined(ANY_OF_AMTLU_SANITIZER) 183 #if defined(ANY_OF_AMTLU_SANITIZER)
178 std::unique_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; 184 std::unique_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;
179 #endif 185 #endif
180 186
181 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); 187 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox);
182 }; 188 };
183 189
184 } // namespace content 190 } // namespace content
185 191
186 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 192 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
OLDNEW
« no previous file with comments | « content/common/common_sandbox_support_linux.cc ('k') | content/ppapi_plugin/ppapi_blink_platform_impl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698