blob: 6367806fd4c16c0fc6a2445f21ff6e67f35dbf58 [file] [log] [blame]
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include "base/process/process.h"
#include "build/build_config.h"
#include "sandbox/policy/sandbox_type.h"
namespace sandbox {
class TargetPolicy;
namespace policy {
class SandboxDelegate {
virtual ~SandboxDelegate() {}
// Returns the SandboxType to enforce on the process, or
// SandboxType::kNoSandbox to run without a sandbox policy.
virtual SandboxType GetSandboxType() = 0;
#if defined(OS_WIN)
// Whether to disable the default policy specified in
// AddPolicyForSandboxedProcess.
virtual bool DisableDefaultPolicy() = 0;
// Get the AppContainer ID for the sandbox. If this returns false then the
// AppContainer will not be enabled for the process.
virtual bool GetAppContainerId(std::string* appcontainer_id) = 0;
// Called right before spawning the process. Returns false on failure.
virtual bool PreSpawnTarget(TargetPolicy* policy) = 0;
// Called right after the process is launched, but before its thread is run.
virtual void PostSpawnTarget(base::ProcessHandle process) = 0;
// Whether this process should run inside a Job if running unsandboxed.
virtual bool ShouldUnsandboxedRunInJob() = 0;
// Whether this process will be compatible with Control-flow Enforcement
// Technology (CET) / Hardware-enforced Stack Protection.
virtual bool CetCompatible() = 0;
#endif // defined(OS_WIN)
} // namespace policy
} // namespace sandbox