1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96


content / public / common / sandboxed_process_launcher_delegate.cc [blame]

// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "content/public/common/sandboxed_process_launcher_delegate.h"

#include <optional>

#include "build/build_config.h"
#include "content/public/common/zygote/zygote_buildflags.h"

#if BUILDFLAG(IS_MAC)
#include "base/mac/process_requirement.h"
#endif  // BUILDFLAG(IS_MAC)

namespace content {

#if BUILDFLAG(IS_WIN)
std::string SandboxedProcessLauncherDelegate::GetSandboxTag() {
  // This implies that policies will not share backing data.
  return "";
}

bool SandboxedProcessLauncherDelegate::DisableDefaultPolicy() {
  return false;
}

bool SandboxedProcessLauncherDelegate::GetAppContainerId(
    std::string* appcontainer_id) {
  return false;
}

bool SandboxedProcessLauncherDelegate::InitializeConfig(
    sandbox::TargetConfig* config) {
  return true;
}

bool SandboxedProcessLauncherDelegate::PreSpawnTarget(
    sandbox::TargetPolicy* policy) {
  return true;
}

void SandboxedProcessLauncherDelegate::PostSpawnTarget(
    base::ProcessHandle process) {}

bool SandboxedProcessLauncherDelegate::ShouldUnsandboxedRunInJob() {
  return false;
}

bool SandboxedProcessLauncherDelegate::CetCompatible() {
  return true;
}
#endif  // BUILDFLAG(IS_WIN)

#if BUILDFLAG(IS_WIN)
bool SandboxedProcessLauncherDelegate::ShouldLaunchElevated() {
  return false;
}

bool SandboxedProcessLauncherDelegate::ShouldUseUntrustedMojoInvitation() {
  return false;
}
#endif  // BUILDFLAG(IS_WIN)

#if BUILDFLAG(USE_ZYGOTE)
ZygoteCommunication* SandboxedProcessLauncherDelegate::GetZygote() {
  // Default to the sandboxed zygote. If a more lax sandbox is needed, then the
  // child class should override this method and use the unsandboxed zygote.
  return GetGenericZygote();
}
#endif  // BUILDFLAG(USE_ZYGOTE)

#if BUILDFLAG(IS_POSIX)
base::EnvironmentMap SandboxedProcessLauncherDelegate::GetEnvironment() {
  return base::EnvironmentMap();
}
#endif  // BUILDFLAG(IS_POSIX)

#if BUILDFLAG(IS_MAC)

bool SandboxedProcessLauncherDelegate::DisclaimResponsibility() {
  return false;
}

bool SandboxedProcessLauncherDelegate::EnableCpuSecurityMitigations() {
  return false;
}

std::optional<base::mac::ProcessRequirement>
SandboxedProcessLauncherDelegate::GetProcessRequirement() {
  return std::nullopt;
}

#endif  // BUILDFLAG(IS_MAC)

}  // namespace content