1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
content / public / common / sandboxed_process_launcher_delegate.cc [blame]
// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/public/common/sandboxed_process_launcher_delegate.h"
#include <optional>
#include "build/build_config.h"
#include "content/public/common/zygote/zygote_buildflags.h"
#if BUILDFLAG(IS_MAC)
#include "base/mac/process_requirement.h"
#endif // BUILDFLAG(IS_MAC)
namespace content {
#if BUILDFLAG(IS_WIN)
std::string SandboxedProcessLauncherDelegate::GetSandboxTag() {
// This implies that policies will not share backing data.
return "";
}
bool SandboxedProcessLauncherDelegate::DisableDefaultPolicy() {
return false;
}
bool SandboxedProcessLauncherDelegate::GetAppContainerId(
std::string* appcontainer_id) {
return false;
}
bool SandboxedProcessLauncherDelegate::InitializeConfig(
sandbox::TargetConfig* config) {
return true;
}
bool SandboxedProcessLauncherDelegate::PreSpawnTarget(
sandbox::TargetPolicy* policy) {
return true;
}
void SandboxedProcessLauncherDelegate::PostSpawnTarget(
base::ProcessHandle process) {}
bool SandboxedProcessLauncherDelegate::ShouldUnsandboxedRunInJob() {
return false;
}
bool SandboxedProcessLauncherDelegate::CetCompatible() {
return true;
}
#endif // BUILDFLAG(IS_WIN)
#if BUILDFLAG(IS_WIN)
bool SandboxedProcessLauncherDelegate::ShouldLaunchElevated() {
return false;
}
bool SandboxedProcessLauncherDelegate::ShouldUseUntrustedMojoInvitation() {
return false;
}
#endif // BUILDFLAG(IS_WIN)
#if BUILDFLAG(USE_ZYGOTE)
ZygoteCommunication* SandboxedProcessLauncherDelegate::GetZygote() {
// Default to the sandboxed zygote. If a more lax sandbox is needed, then the
// child class should override this method and use the unsandboxed zygote.
return GetGenericZygote();
}
#endif // BUILDFLAG(USE_ZYGOTE)
#if BUILDFLAG(IS_POSIX)
base::EnvironmentMap SandboxedProcessLauncherDelegate::GetEnvironment() {
return base::EnvironmentMap();
}
#endif // BUILDFLAG(IS_POSIX)
#if BUILDFLAG(IS_MAC)
bool SandboxedProcessLauncherDelegate::DisclaimResponsibility() {
return false;
}
bool SandboxedProcessLauncherDelegate::EnableCpuSecurityMitigations() {
return false;
}
std::optional<base::mac::ProcessRequirement>
SandboxedProcessLauncherDelegate::GetProcessRequirement() {
return std::nullopt;
}
#endif // BUILDFLAG(IS_MAC)
} // namespace content