| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include "base/process.h" |
| 9 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 10 #include "content/common/content_export.h" | 11 #include "content/common/content_export.h" |
| 11 | 12 |
| 12 #if defined(OS_WIN) | 13 #if defined(OS_WIN) |
| 13 namespace sandbox { | 14 namespace sandbox { |
| 14 struct SandboxInterfaceInfo; | 15 struct SandboxInterfaceInfo; |
| 15 } | 16 } |
| 16 #elif defined(OS_MACOSX) | 17 #elif defined(OS_MACOSX) |
| 17 class FilePath; | 18 class FilePath; |
| 18 #endif | 19 #endif |
| 19 | 20 |
| 20 namespace content { | 21 namespace content { |
| 21 | 22 |
| 22 #if defined(OS_WIN) | 23 #if defined(OS_WIN) |
| 24 |
| 23 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in | 25 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in |
| 24 // processes, depending on the command line flags. Although The browser process | 26 // processes, depending on the command line flags. Although The browser process |
| 25 // is not sandboxed, this also needs to be called because it will initialize | 27 // is not sandboxed, this also needs to be called because it will initialize |
| 26 // the broker code. | 28 // the broker code. |
| 27 // Returns true if the sandbox was initialized succesfully, false if an error | 29 // Returns true if the sandbox was initialized succesfully, false if an error |
| 28 // occurred. If process_type isn't one that needs sandboxing true is always | 30 // occurred. If process_type isn't one that needs sandboxing true is always |
| 29 // returned. | 31 // returned. |
| 30 CONTENT_EXPORT bool InitializeSandbox( | 32 CONTENT_EXPORT bool InitializeSandbox( |
| 31 sandbox::SandboxInterfaceInfo* sandbox_info); | 33 sandbox::SandboxInterfaceInfo* sandbox_info); |
| 34 |
| 35 // This is a restricted version of Windows' DuplicateHandle() function |
| 36 // that works inside the sandbox and can send handles but not retrieve |
| 37 // them. Unlike DuplicateHandle(), it takes a process ID rather than |
| 38 // a process handle. It returns true on success, false otherwise. |
| 39 CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle, |
| 40 DWORD target_process_id, |
| 41 HANDLE* target_handle, |
| 42 DWORD desired_access, |
| 43 DWORD options); |
| 44 |
| 32 #elif defined(OS_MACOSX) | 45 #elif defined(OS_MACOSX) |
| 46 |
| 33 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a | 47 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a |
| 34 // directory to allow access to. Note specifying a directory needs to be | 48 // directory to allow access to. Note specifying a directory needs to be |
| 35 // supported by the sandbox profile associated with the given |sandbox_type|. | 49 // supported by the sandbox profile associated with the given |sandbox_type|. |
| 36 // Valid values for |sandbox_type| are defined either by the enum SandboxType, | 50 // Valid values for |sandbox_type| are defined either by the enum SandboxType, |
| 37 // or by ContentClient::GetSandboxProfileForSandboxType(). | 51 // or by ContentClient::GetSandboxProfileForSandboxType(). |
| 38 // | 52 // |
| 39 // If the |sandbox_type| isn't one of the ones defined by content then the | 53 // If the |sandbox_type| isn't one of the ones defined by content then the |
| 40 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType(). | 54 // embedder is queried using ContentClient::GetSandboxPolicyForSandboxType(). |
| 41 // The embedder can use values for |sandbox_type| starting from | 55 // The embedder can use values for |sandbox_type| starting from |
| 42 // content::sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE. | 56 // content::sandbox::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE. |
| 43 // | 57 // |
| 44 // Returns true if the sandbox was initialized succesfully, false if an error | 58 // Returns true if the sandbox was initialized succesfully, false if an error |
| 45 // occurred. If process_type isn't one that needs sandboxing, no action is | 59 // occurred. If process_type isn't one that needs sandboxing, no action is |
| 46 // taken and true is always returned. | 60 // taken and true is always returned. |
| 47 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type, | 61 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type, |
| 48 const FilePath& allowed_path); | 62 const FilePath& allowed_path); |
| 63 |
| 49 #elif defined(OS_LINUX) | 64 #elif defined(OS_LINUX) |
| 65 |
| 50 CONTENT_EXPORT void InitializeSandbox(); | 66 CONTENT_EXPORT void InitializeSandbox(); |
| 67 |
| 51 #endif | 68 #endif |
| 52 | 69 |
| 53 } // namespace content | 70 } // namespace content |
| 54 | 71 |
| 55 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 72 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10082018:
Move BrokerDuplicateHandle() to be declared in content/public (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src