diff options
Diffstat (limited to 'security/sandbox/win/src/sandboxbroker/sandboxBroker.h')
| -rw-r--r-- | security/sandbox/win/src/sandboxbroker/sandboxBroker.h | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h new file mode 100644 index 000000000..3f73ec890 --- /dev/null +++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h @@ -0,0 +1,63 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __SECURITY_SANDBOX_SANDBOXBROKER_H__ +#define __SECURITY_SANDBOX_SANDBOXBROKER_H__ + +#include <stdint.h> +#include <windows.h> + +namespace sandbox { + class BrokerServices; + class TargetPolicy; +} + +namespace mozilla { + +class SandboxBroker +{ +public: + SandboxBroker(); + + static void Initialize(sandbox::BrokerServices* aBrokerServices); + + bool LaunchApp(const wchar_t *aPath, + const wchar_t *aArguments, + const bool aEnableLogging, + void **aProcessHandle); + virtual ~SandboxBroker(); + + // Security levels for different types of processes +#if defined(MOZ_CONTENT_SANDBOX) + void SetSecurityLevelForContentProcess(int32_t aSandboxLevel); +#endif + bool SetSecurityLevelForPluginProcess(int32_t aSandboxLevel); + enum SandboxLevel { + LockDown, + Restricted + }; + bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel); + + // File system permissions + bool AllowReadFile(wchar_t const *file); + bool AllowReadWriteFile(wchar_t const *file); + bool AllowDirectory(wchar_t const *dir); + + // Exposes AddTargetPeer from broker services, so that none sandboxed + // processes can be added as handle duplication targets. + bool AddTargetPeer(HANDLE aPeerProcess); + + // Set up dummy interceptions via the broker, so we can log calls. + void ApplyLoggingPolicy(); + +private: + static sandbox::BrokerServices *sBrokerService; + sandbox::TargetPolicy *mPolicy; +}; + +} // mozilla + +#endif |