OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
45 // process type (this is for instance the case with the Zygote). | 45 // process type (this is for instance the case with the Zygote). |
46 // In that case, it is crucial that PreinitializeSandboxFinish() gets | 46 // In that case, it is crucial that PreinitializeSandboxFinish() gets |
47 // called for every child process. | 47 // called for every child process. |
48 // TODO(markus, jln) we know this is not always done at the moment | 48 // TODO(markus, jln) we know this is not always done at the moment |
49 // (crbug.com/139877). | 49 // (crbug.com/139877). |
50 void PreinitializeSandbox(const std::string& process_type); | 50 void PreinitializeSandbox(const std::string& process_type); |
51 // These should be called together. | 51 // These should be called together. |
52 void PreinitializeSandboxBegin(); | 52 void PreinitializeSandboxBegin(); |
53 void PreinitializeSandboxFinish(const std::string& process_type); | 53 void PreinitializeSandboxFinish(const std::string& process_type); |
54 | 54 |
55 // Returns the Status of the sandbox. Can only be queried if we went through | 55 // Initialize the sandbox with the given pre-built configuration. Currently |
56 // PreinitializeSandbox() or PreinitializeSandboxBegin(). This is a bitmask | 56 // seccomp-legacy, seccomp-bpf, address space limitations (the setuid sandbox |
57 // and uses the constants defined in "enum LinuxSandboxStatus". | 57 // works differently and is set-up in the Zygote). This will instantiate the |
| 58 // LinuxSandbox singleton if it doesn't already exist. |
| 59 static bool InitializeSandbox(); |
| 60 |
| 61 // Returns the Status of the renderers' sandbox. Can only be queried if we |
| 62 // went through PreinitializeSandbox() or PreinitializeSandboxBegin(). This |
| 63 // is a bitmask and uses the constants defined in "enum LinuxSandboxStatus". |
58 // Since we need to provide the status before the sandboxes are actually | 64 // Since we need to provide the status before the sandboxes are actually |
59 // started, this returns what will actually happen once the various Start* | 65 // started, this returns what will actually happen once the various Start* |
60 // functions are called from inside a renderer. | 66 // functions are called from inside a renderer. |
61 int GetStatus() const; | 67 int GetStatus() const; |
62 // Is the current process single threaded? | 68 // Is the current process single threaded? |
63 bool IsSingleThreaded() const; | 69 bool IsSingleThreaded() const; |
64 // Did we start Seccomp BPF? | 70 // Did we start Seccomp BPF? |
65 bool seccomp_bpf_started() const; | 71 bool seccomp_bpf_started() const; |
66 | 72 |
67 // Simple accessor for our instance of the setuid sandbox. Will never return | 73 // Simple accessor for our instance of the setuid sandbox. Will never return |
(...skipping 29 matching lines...) Expand all Loading... |
97 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; | 103 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; |
98 | 104 |
99 ~LinuxSandbox(); | 105 ~LinuxSandbox(); |
100 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); | 106 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); |
101 }; | 107 }; |
102 | 108 |
103 } // namespace content | 109 } // namespace content |
104 | 110 |
105 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ | 111 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ |
106 | 112 |
OLD | NEW |