1 // Copyright 2017 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SERVICES_SERVICE_MANAGER_SANDBOX_SWITCHES_H_ 6 #define SERVICES_SERVICE_MANAGER_SANDBOX_SWITCHES_H_ 7 8 #include "build/build_config.h" 9 #include "services/service_manager/embedder/switches.h" 10 #include "services/service_manager/sandbox/export.h" 11 12 namespace service_manager { 13 namespace switches { 14 15 // Type of sandbox to apply to the process running the service, one of the 16 // values in the next block. 17 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kServiceSandboxType[]; 18 19 // Must be in sync with "sandbox_type" values as used in service manager's 20 // manifest.json catalog files. 21 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNoneSandbox[]; 22 SERVICE_MANAGER_SANDBOX_EXPORT extern const char 23 kNoneSandboxAndElevatedPrivileges[]; 24 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNetworkSandbox[]; 25 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiSandbox[]; 26 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kUtilitySandbox[]; 27 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kCdmSandbox[]; 28 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPrintCompositorSandbox[]; 29 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAudioSandbox[]; 30 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kSharingServiceSandbox[]; 31 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kSodaSandbox[]; 32 33 #if defined(OS_WIN) 34 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPdfConversionSandbox[]; 35 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kProxyResolverSandbox[]; 36 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kXrCompositingSandbox[]; 37 #endif // OS_WIN 38 39 #if defined(OS_CHROMEOS) 40 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kImeSandbox[]; 41 #endif // OS_CHROMEOS 42 43 // Flags owned by the service manager sandbox. 44 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAllowNoSandboxJob[]; 45 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAllowSandboxDebugging[]; 46 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableGpuSandbox[]; 47 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableNamespaceSandbox[]; 48 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableSeccompFilterSandbox[]; 49 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableSetuidSandbox[]; 50 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableWin32kLockDown[]; 51 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kEnableAudioServiceSandbox[]; 52 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuSandboxAllowSysVShm[]; 53 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuSandboxFailuresFatal[]; 54 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNoSandbox[]; 55 #if defined(OS_LINUX) 56 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNoZygoteSandbox[]; 57 #endif 58 #if defined(OS_WIN) 59 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAllowThirdPartyModules[]; 60 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAddGpuAppContainerCaps[]; 61 SERVICE_MANAGER_SANDBOX_EXPORT extern const char 62 kNoSandboxAndElevatedPrivileges[]; 63 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAddXrAppContainerCaps[]; 64 #endif 65 #if defined(OS_MACOSX) 66 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kEnableSandboxLogging[]; 67 #endif 68 69 // Flags spied upon from other layers. 70 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuProcess[]; 71 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNaClLoaderProcess[]; 72 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiBrokerProcess[]; 73 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiPluginProcess[]; 74 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kRendererProcess[]; 75 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kUtilityProcess[]; 76 77 } // namespace switches 78 79 #if defined(OS_WIN) 80 // Returns whether Win32k lockdown is enabled for child processes or not. 81 // Not really a switch, but uses one under the covers. 82 SERVICE_MANAGER_SANDBOX_EXPORT bool IsWin32kLockdownEnabled(); 83 #endif 84 85 } // namespace service_manager 86 87 #endif // SERVICES_SERVICE_MANAGER_SANDBOX_SWITCHES_H_ 88