OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
111 | 111 |
112 // Check the policy and eventually start the seccomp-bpf sandbox. This should | 112 // Check the policy and eventually start the seccomp-bpf sandbox. This should |
113 // never be called with threads started. If we detect that threads have | 113 // never be called with threads started. If we detect that threads have |
114 // started we will crash. | 114 // started we will crash. |
115 bool StartSeccompBPF(const std::string& process_type); | 115 bool StartSeccompBPF(const std::string& process_type); |
116 | 116 |
117 // Limit the address space of the current process (and its children). | 117 // Limit the address space of the current process (and its children). |
118 // to make some vulnerabilities harder to exploit. | 118 // to make some vulnerabilities harder to exploit. |
119 bool LimitAddressSpace(const std::string& process_type); | 119 bool LimitAddressSpace(const std::string& process_type); |
120 | 120 |
| 121 // Returns a file descriptor to proc. The file descriptor is no longer valid |
| 122 // after the sandbox has been sealed. |
| 123 int proc_fd() const { return proc_fd_; } |
| 124 |
121 #if defined(ANY_OF_AMTLU_SANITIZER) | 125 #if defined(ANY_OF_AMTLU_SANITIZER) |
122 __sanitizer_sandbox_arguments* sanitizer_args() const { | 126 __sanitizer_sandbox_arguments* sanitizer_args() const { |
123 return sanitizer_args_.get(); | 127 return sanitizer_args_.get(); |
124 }; | 128 }; |
125 #endif | 129 #endif |
126 | 130 |
127 private: | 131 private: |
128 friend struct DefaultSingletonTraits<LinuxSandbox>; | 132 friend struct DefaultSingletonTraits<LinuxSandbox>; |
129 | 133 |
130 LinuxSandbox(); | 134 LinuxSandbox(); |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
168 #if defined(ANY_OF_AMTLU_SANITIZER) | 172 #if defined(ANY_OF_AMTLU_SANITIZER) |
169 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; | 173 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; |
170 #endif | 174 #endif |
171 | 175 |
172 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); | 176 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); |
173 }; | 177 }; |
174 | 178 |
175 } // namespace content | 179 } // namespace content |
176 | 180 |
177 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 181 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
OLD | NEW |