1 // Copyright (c) 2017 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_POLICY_SANDBOX_DELEGATE_H_ 6 #define SANDBOX_POLICY_SANDBOX_DELEGATE_H_ 7 8 #include <string> 9 10 #include "base/process/process.h" 11 #include "build/build_config.h" 12 #include "sandbox/policy/sandbox_type.h" 13 14 namespace sandbox { 15 class TargetPolicy; 16 17 namespace policy { 18 19 class SandboxDelegate { 20 public: ~SandboxDelegate()21 virtual ~SandboxDelegate() {} 22 23 // Returns the SandboxType to enforce on the process, or 24 // SandboxType::kNoSandbox to run without a sandbox policy. 25 virtual SandboxType GetSandboxType() = 0; 26 27 #if defined(OS_WIN) 28 // Whether to disable the default policy specified in 29 // AddPolicyForSandboxedProcess. 30 virtual bool DisableDefaultPolicy() = 0; 31 32 // Get the AppContainer ID for the sandbox. If this returns false then the 33 // AppContainer will not be enabled for the process. 34 virtual bool GetAppContainerId(std::string* appcontainer_id) = 0; 35 36 // Called right before spawning the process. Returns false on failure. 37 virtual bool PreSpawnTarget(TargetPolicy* policy) = 0; 38 39 // Called right after the process is launched, but before its thread is run. 40 virtual void PostSpawnTarget(base::ProcessHandle process) = 0; 41 #endif // defined(OS_WIN) 42 }; 43 44 } // namespace policy 45 } // namespace sandbox 46 47 #endif // SANDBOX_POLICY_SANDBOX_DELEGATE_H_ 48