| rsesek | dba8411 | 2015-09-18 19:22:07 | [diff] [blame] | 1 | // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CONTENT_BROWSER_BOOTSTRAP_SANDBOX_MANAGER_MAC_H_ |
| 6 | #define CONTENT_BROWSER_BOOTSTRAP_SANDBOX_MANAGER_MAC_H_ |
| 7 | |
| dcheng | 5971627 | 2016-04-09 05:19:08 | [diff] [blame] | 8 | #include <memory> |
| 9 | |
| avi | b734894 | 2015-12-25 20:57:10 | [diff] [blame] | 10 | #include "base/macros.h" |
| rsesek | dba8411 | 2015-09-18 19:22:07 | [diff] [blame] | 11 | #include "base/memory/singleton.h" |
| 12 | #include "content/public/browser/browser_child_process_observer.h" |
| 13 | #include "content/public/browser/render_process_host_observer.h" |
| 14 | #include "content/public/common/sandbox_type.h" |
| 15 | |
| 16 | namespace sandbox { |
| 17 | class BootstrapSandbox; |
| 18 | struct BootstrapSandboxPolicy; |
| 19 | } |
| 20 | |
| 21 | namespace content { |
| 22 | |
| 23 | // This class is responsible for creating the BootstrapSandbox global |
| 24 | // singleton, as well as registering all associated policies with it. |
| 25 | // |
| 26 | // This class is thread-safe. |
| 27 | class BootstrapSandboxManager : public BrowserChildProcessObserver, |
| 28 | public RenderProcessHostObserver { |
| 29 | public: |
| 30 | // Whether or not the bootstrap sandbox should be enabled globally. |
| 31 | static bool ShouldEnable(); |
| 32 | |
| 33 | // Gets the singleton instance. The first call to this function, which |
| 34 | // instantiates the object, must be on the UI thread. |
| 35 | static BootstrapSandboxManager* GetInstance(); |
| 36 | |
| 37 | // Whether or not the bootstrap sandbox applies to the given sandbox type. |
| 38 | bool EnabledForSandbox(SandboxType sandbox_type); |
| 39 | |
| 40 | // BrowserChildProcessObserver: |
| 41 | void BrowserChildProcessHostDisconnected( |
| 42 | const ChildProcessData& data) override; |
| 43 | void BrowserChildProcessCrashed( |
| 44 | const ChildProcessData& data, |
| 45 | int exit_code) override; |
| 46 | |
| 47 | // RenderProcessHostObserver: |
| 48 | void RenderProcessExited(RenderProcessHost* host, |
| 49 | base::TerminationStatus status, |
| 50 | int exit_code) override; |
| 51 | |
| 52 | sandbox::BootstrapSandbox* sandbox() const { return sandbox_.get(); } |
| 53 | |
| 54 | private: |
| 55 | friend struct base::DefaultSingletonTraits<BootstrapSandboxManager>; |
| 56 | BootstrapSandboxManager(); |
| 57 | ~BootstrapSandboxManager() override; |
| 58 | |
| 59 | void RegisterSandboxPolicies(); |
| 60 | void RegisterRendererPolicy(); |
| 61 | |
| 62 | void AddBaselinePolicy(sandbox::BootstrapSandboxPolicy* policy); |
| 63 | |
| dcheng | 5971627 | 2016-04-09 05:19:08 | [diff] [blame] | 64 | std::unique_ptr<sandbox::BootstrapSandbox> sandbox_; |
| rsesek | dba8411 | 2015-09-18 19:22:07 | [diff] [blame] | 65 | |
| 66 | DISALLOW_COPY_AND_ASSIGN(BootstrapSandboxManager); |
| 67 | }; |
| 68 | |
| 69 | } // namespace content |
| 70 | |
| 71 | #endif // CONTENT_BROWSER_BOOTSTRAP_SANDBOX_MANAGER_MAC_H_ |
