Create a LinuxSandbox class

content/common/sandbox_linux.h

+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_COMMON_SANDBOX_LINUX_H_
+#define CONTENT_COMMON_SANDBOX_LINUX_H_
+
+#include "content/public/common/sandbox_linux.h"
+
+// TODO(jln) move this somewhere else.
+#if defined(__i386__) || defined(__x86_64__)
+#define SECCOMP_BPF_SANDBOX
+#endif
+
+template <typename T> struct DefaultSingletonTraits;
+namespace sandbox { class SetuidSandboxClient; }
+
+namespace content {
+
+// A singleton class to represent and change our sandboxing state for the
+// three main Linux sandboxes.
+class LinuxSandbox {
+ public:
+  // This is a list of sandbox IPC methods which the renderer may send to the
+  // sandbox host. See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
+  // This isn't the full list, values < 32 are reserved for methods called from
+  // Skia.
+  enum LinuxSandboxIPCMethods {
+    METHOD_GET_FONT_FAMILY_FOR_CHARS = 32,
+    METHOD_LOCALTIME = 33,
+    METHOD_GET_CHILD_WITH_INODE = 34,
+    METHOD_GET_STYLE_FOR_STRIKE = 35,
+    METHOD_MAKE_SHARED_MEMORY_SEGMENT = 36,
+    METHOD_MATCH_WITH_FALLBACK = 37,
+  };
+
+  // Get our singleton instance.
+  static LinuxSandbox* GetInstance();
+
+  // Do some initialization that can only be done before any of the sandboxes
+  // is enabled.
+  //
+  // There are two versions of this function. One takes a process_type
+  // as an argument, the other doesn't.
+  // It may be necessary to call PreinitializeSandbox before knowing the
+  // process type (this is for instance the case with the Zygote).
+  // In that case, it is crucial that PreinitializeSandboxFinish() gets
+  // called for every child process.
+  // TODO(markus,jln) we know this is not always done at the moment
+  // (crbug.com/139877).
+  void PreinitializeSandbox(const std::string& process_type);
+  // These should be called together.
+  void PreinitializeSandbox();
+  void PreinitializeSandboxFinish(const std::string& process_type);
+
+  // Returns the Status of the sandbox. Can only be queried if we went through
+  // PreinitializeSandbox(). This is a bitmask and uses the constants defined
+  // in "enum LinuxSandboxStatus".
+  // Since we need to provide the status before the sandboxes are actually
+  // started, this returns what will actually happen once the various Start*
+  // functions are called from inside a renderer.
+  int GetStatus();
+
+  // Simple accessor for our instance of the setuid sandbox. Will never return
+  // NULL.
+  // There is no StartSetuidSandbox(), the SetuidSandboxClient instance should
+  // be used directly.
+  sandbox::SetuidSandboxClient* setuid_sandbox();
+
+  // Check the policy and eventually start the seccomp-legacy sandbox.
+  bool StartSeccompLegacy(const std::string& process_type);
+  // Check the policy and eventually start the seccomp-legacy sandbox.

[Jorge Lucangeli Obes, 2012/08/01 22:53:57]

seccomp-bpf

[jln (very slow on Chromium), 2012/08/01 22:57:36]

Not my day. Thanks.

+  // TODO(jln): not implemented at the moment.
+  bool StartSeccompBpf(const std::string& process_type);
+
+ private:
+  friend struct DefaultSingletonTraits<LinuxSandbox>;
+  bool ShouldEnableSeccompLegacy(const std::string& process_type);
+
+  int proc_fd_;
+  bool pre_initialized_;  // Have we been through PreinitializeSandbox() ?
+  bool seccomp_legacy_supported_;  // Accurate if pre_initialized_.
+  sandbox::SetuidSandboxClient* setuid_sandbox_;
+  LinuxSandbox();
+  ~LinuxSandbox();
+  DISALLOW_COPY_AND_ASSIGN(LinuxSandbox);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_COMMON_SANDBOX_LINUX_H_
+