Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(840)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/zygote/zygote_linux.h

Issue 10843059: Create a LinuxSandbox class. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/public/common/sandbox_linux.h ('k') | content/zygote/zygote_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_ZYGOTE_ZYGOTE_H_ 5 #ifndef CONTENT_ZYGOTE_ZYGOTE_H_
6 #define CONTENT_ZYGOTE_ZYGOTE_H_ 6 #define CONTENT_ZYGOTE_ZYGOTE_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/hash_tables.h" 11 #include "base/hash_tables.h"
12 #include "base/process.h" 12 #include "base/process.h"
13 #include "content/common/seccomp_sandbox.h"
14 13
15 class Pickle; 14 class Pickle;
16 class PickleIterator; 15 class PickleIterator;
17 16
18 namespace content { 17 namespace content {
19 18
20 class ZygoteForkDelegate; 19 class ZygoteForkDelegate;
21 20
22 // This is the object which implements the zygote. The ZygoteMain function, 21 // This is the object which implements the zygote. The ZygoteMain function,
23 // which is called from ChromeMain, simply constructs one of these objects and 22 // which is called from ChromeMain, simply constructs one of these objects and
24 // runs it. 23 // runs it.
25 class Zygote { 24 class Zygote {
26 public: 25 public:
27 // The proc_fd_for_seccomp should be a file descriptor to /proc under the
28 // seccomp sandbox. This is not needed when not using seccomp, and should be
29 // -1 in those cases.
30 Zygote(int sandbox_flags, 26 Zygote(int sandbox_flags,
31 ZygoteForkDelegate* helper, 27 ZygoteForkDelegate* helper);
32 int proc_fd_for_seccomp);
33 ~Zygote(); 28 ~Zygote();
34 29
35 bool ProcessRequests(); 30 bool ProcessRequests();
36 31
37 static const int kBrowserDescriptor = 3; 32 static const int kBrowserDescriptor = 3;
38 static const int kMagicSandboxIPCDescriptor = 5; 33 static const int kMagicSandboxIPCDescriptor = 5;
39 34
40 private: 35 private:
41 // Returns true if the SUID sandbox is active. 36 // Returns true if the SUID sandbox is active.
42 bool UsingSUIDSandbox() const; 37 bool UsingSUIDSandbox() const;
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 86
92 // In the SUID sandbox, we try to use a new PID namespace. Thus the PIDs 87 // In the SUID sandbox, we try to use a new PID namespace. Thus the PIDs
93 // fork() returns are not the real PIDs, so we need to map the Real PIDS 88 // fork() returns are not the real PIDs, so we need to map the Real PIDS
94 // into the sandbox PID namespace. 89 // into the sandbox PID namespace.
95 typedef base::hash_map<base::ProcessHandle, base::ProcessHandle> ProcessMap; 90 typedef base::hash_map<base::ProcessHandle, base::ProcessHandle> ProcessMap;
96 ProcessMap real_pids_to_sandbox_pids; 91 ProcessMap real_pids_to_sandbox_pids;
97 92
98 const int sandbox_flags_; 93 const int sandbox_flags_;
99 ZygoteForkDelegate* helper_; 94 ZygoteForkDelegate* helper_;
100 95
101 #if defined(SECCOMP_SANDBOX)
102 // File descriptor to proc under seccomp, -1 when not using seccomp.
103 int proc_fd_for_seccomp_;
104 #endif
105
106 // These might be set by helper_->InitialUMA. They supply a UMA enumeration 96 // These might be set by helper_->InitialUMA. They supply a UMA enumeration
107 // sample we should report on the first fork. 97 // sample we should report on the first fork.
108 std::string initial_uma_name_; 98 std::string initial_uma_name_;
109 int initial_uma_sample_; 99 int initial_uma_sample_;
110 int initial_uma_boundary_value_; 100 int initial_uma_boundary_value_;
111 }; 101 };
112 102
113 } // namespace content 103 } // namespace content
114 104
115 #endif // CONTENT_ZYGOTE_ZYGOTE_H_ 105 #endif // CONTENT_ZYGOTE_ZYGOTE_H_
OLDNEW
« no previous file with comments | « content/public/common/sandbox_linux.h ('k') | content/zygote/zygote_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698