summaryrefslogtreecommitdiffstats
path: root/security/sandbox/win/SandboxInitialization.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/sandbox/win/SandboxInitialization.h
parentInitial commit. (diff)
downloadfirefox-esr-upstream.tar.xz
firefox-esr-upstream.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/sandbox/win/SandboxInitialization.h')
-rw-r--r--security/sandbox/win/SandboxInitialization.h52
1 files changed, 52 insertions, 0 deletions
diff --git a/security/sandbox/win/SandboxInitialization.h b/security/sandbox/win/SandboxInitialization.h
new file mode 100644
index 0000000000..1d49c0d899
--- /dev/null
+++ b/security/sandbox/win/SandboxInitialization.h
@@ -0,0 +1,52 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_sandboxing_SandboxInitialization_h
+#define mozilla_sandboxing_SandboxInitialization_h
+
+namespace sandbox {
+class BrokerServices;
+class TargetServices;
+} // namespace sandbox
+
+// Things that use this file will probably want access to the IsSandboxedProcess
+// function defined in one of the Chromium sandbox cc files.
+extern "C" bool IsSandboxedProcess();
+
+namespace mozilla {
+// Note the Chromium code just uses a bare sandbox namespace, which makes using
+// sandbox for our namespace painful.
+namespace sandboxing {
+
+/**
+ * Initializes (if required) and returns the Chromium sandbox TargetServices.
+ *
+ * @return the TargetServices or null if the creation or initialization failed.
+ */
+sandbox::TargetServices* GetInitializedTargetServices();
+
+/**
+ * Lowers the permissions on the process sandbox.
+ * Provided because the GMP sandbox needs to be lowered from the executable.
+ */
+void LowerSandbox();
+
+/**
+ * Initializes (if required) and returns the Chromium sandbox BrokerServices.
+ *
+ * @return the BrokerServices or null if the creation or initialization failed.
+ */
+sandbox::BrokerServices* GetInitializedBrokerServices();
+
+/**
+ * Apply mitigations for parent processes.
+ */
+void ApplyParentProcessMitigations();
+
+} // namespace sandboxing
+} // namespace mozilla
+
+#endif // mozilla_sandboxing_SandboxInitialization_h