Chromium Code Reviews Chromium Code Reviews
Issue 733303004:
Linux sandbox: change API to start the sandbox (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| 7 | 7 |
| 8 #include "base/files/scoped_file.h" | |
| 8 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/process/process.h" | 10 #include "base/process/process.h" |
| 10 #include "build/build_config.h" | 11 #include "build/build_config.h" |
| 11 #include "content/common/content_export.h" | 12 #include "content/common/content_export.h" |
| 12 | 13 |
| 13 namespace base { | 14 namespace base { |
| 14 class CommandLine; | 15 class CommandLine; |
| 15 class FilePath; | 16 class FilePath; |
| 16 } | 17 } |
| 17 | 18 |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 79 // occurred. If process_type isn't one that needs sandboxing, no action is | 80 // occurred. If process_type isn't one that needs sandboxing, no action is |
| 80 // taken and true is always returned. | 81 // taken and true is always returned. |
| 81 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type, | 82 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type, |
| 82 const base::FilePath& allowed_path); | 83 const base::FilePath& allowed_path); |
| 83 | 84 |
| 84 #elif defined(OS_LINUX) | 85 #elif defined(OS_LINUX) |
| 85 | 86 |
| 86 class SandboxInitializerDelegate; | 87 class SandboxInitializerDelegate; |
| 87 | 88 |
| 88 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL. | 89 // Initialize a seccomp-bpf sandbox. |policy| may not be NULL. |
| 90 // If an existing layer of sandboxing is present that would prevent access to | |
| 91 // /proc, | |
|
nasko
2014/11/24 23:01:02
nit: no need for a line break after the comma, joi
jln (very slow on Chromium)
2014/11/24 23:26:03
Done. I love clang-format, but it's not good for c
| |
| 92 // |proc_task_fd| must be a valid file descriptor to /proc/self/tasks. | |
| 89 // Returns true if the sandbox has been properly engaged. | 93 // Returns true if the sandbox has been properly engaged. |
| 90 CONTENT_EXPORT bool InitializeSandbox( | 94 CONTENT_EXPORT bool InitializeSandbox( |
| 91 scoped_ptr<sandbox::bpf_dsl::Policy> policy); | 95 scoped_ptr<sandbox::bpf_dsl::Policy> policy, |
| 96 base::ScopedFD proc_task_fd); | |
| 92 | 97 |
| 93 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to | 98 // Return a "baseline" policy. This is used by a SandboxInitializerDelegate to |
| 94 // implement a policy that is derived from the baseline. | 99 // implement a policy that is derived from the baseline. |
| 95 CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::Policy> | 100 CONTENT_EXPORT scoped_ptr<sandbox::bpf_dsl::Policy> |
| 96 GetBPFSandboxBaselinePolicy(); | 101 GetBPFSandboxBaselinePolicy(); |
| 97 #endif // defined(OS_LINUX) | 102 #endif // defined(OS_LINUX) |
| 98 | 103 |
| 99 } // namespace content | 104 } // namespace content |
| 100 | 105 |
| 101 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ | 106 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_ |
| OLD | NEW |
