// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_PROCESS_H_ #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_PROCESS_H_ #include <sys/stat.h> #include <memory> #include <optional> #include <string> #include <vector> #include "base/functional/callback_forward.h" #include "sandbox/linux/syscall_broker/broker_sandbox_config.h" #include "sandbox/sandbox_export.h" namespace sandbox { namespace syscall_broker { class BrokerClient; // Create a new "broker" process to which we can send requests via an IPC // channel by forking the current process. // This is a low level IPC mechanism that is suitable to be called from a // signal handler. // A process would typically create a broker process before entering // sandboxing. // 1. BrokerProcess open_broker(read_allowlist, write_allowlist); // 2. CHECK(open_broker.Init(NULL)); // 3. Enable sandbox. // 4. Use open_broker.Open() to open files. class SANDBOX_EXPORT BrokerProcess { … }; } // namespace syscall_broker } // namespace sandbox #endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_PROCESS_H_
Codebase Browser
chromium