blob: e3ba8532a4193c8d09d51ba3198e5fef15c33db9 [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <lib/zx/channel.h>
#include "base/memory/ref_counted.h"
#include "services/service_manager/sandbox/sandbox_type.h"
namespace base {
struct LaunchOptions;
class SequencedTaskRunner;
namespace fuchsia {
class FilteredServiceDirectory;
} // namespace fuchsia
} // namespace base
namespace content {
class SandboxPolicyFuchsia {
// Initializes the policy of the given sandbox |type|. Must be called on the
// IO thread.
void Initialize(service_manager::SandboxType type);
// Modifies the process launch |options| to achieve the level of
// isolation appropriate for current the sandbox type. The caller may then add
// any descriptors or handles afterward to grant additional capabilities
// to the new process.
void UpdateLaunchOptionsForSandbox(base::LaunchOptions* options);
service_manager::SandboxType type_ = service_manager::SANDBOX_TYPE_INVALID;
// Services directory used for the /svc namespace of the child process.
std::unique_ptr<base::fuchsia::FilteredServiceDirectory> service_directory_;
zx::channel service_directory_client_channel_;
scoped_refptr<base::SequencedTaskRunner> service_directory_task_runner_;
} // namespace content