/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "SandboxInitialization.h"

#include "sandbox/win/src/sandbox_factory.h"

namespace mozilla {
namespace sandboxing {

static sandbox::TargetServices*
InitializeTargetServices()
{
  sandbox::TargetServices* targetServices =
    sandbox::SandboxFactory::GetTargetServices();
  if (!targetServices) {
    return nullptr;
  }

  if (targetServices->Init() != sandbox::SBOX_ALL_OK) {
    return nullptr;
  }

  return targetServices;
}

sandbox::TargetServices*
GetInitializedTargetServices()
{
  static sandbox::TargetServices* sInitializedTargetServices =
    InitializeTargetServices();

  return sInitializedTargetServices;
}

void
LowerSandbox()
{
  GetInitializedTargetServices()->LowerToken();
}

static sandbox::BrokerServices*
InitializeBrokerServices()
{
  sandbox::BrokerServices* brokerServices =
    sandbox::SandboxFactory::GetBrokerServices();
  if (!brokerServices) {
    return nullptr;
  }

  if (brokerServices->Init() != sandbox::SBOX_ALL_OK) {
    return nullptr;
  }

  // Comment below copied from Chromium code.
  // Precreate the desktop and window station used by the renderers.
  // IMPORTANT: This piece of code needs to run as early as possible in the
  // process because it will initialize the sandbox broker, which requires
  // the process to swap its window station. During this time all the UI
  // will be broken. This has to run before threads and windows are created.
  sandbox::TargetPolicy* policy = brokerServices->CreatePolicy();
  sandbox::ResultCode result = policy->CreateAlternateDesktop(true);
  policy->Release();

  return brokerServices;
}

sandbox::BrokerServices*
GetInitializedBrokerServices()
{
  static sandbox::BrokerServices* sInitializedBrokerServices =
    InitializeBrokerServices();

  return sInitializedBrokerServices;
}

} // sandboxing
} // mozilla