SandboxSettings.h (1766B)
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* This Source Code Form is subject to the terms of the Mozilla Public 3 * License, v. 2.0. If a copy of the MPL was not distributed with this 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 5 6 #ifndef mozilla_SandboxSettings_h 7 #define mozilla_SandboxSettings_h 8 #include <cinttypes> 9 10 #if defined(MOZ_PROFILE_GENERATE) 11 # include <string> 12 #endif 13 14 #include "nsIXULRuntime.h" 15 16 #ifdef __OpenBSD__ 17 # include "nsXULAppAPI.h" 18 # include "mozilla/ipc/UtilityProcessSandboxing.h" 19 #endif 20 21 namespace mozilla { 22 23 // Return the current sandbox level. This is the 24 // "security.sandbox.content.level" preference, but rounded up to the current 25 // minimum allowed level. Returns 0 (disabled) if the env var 26 // MOZ_DISABLE_CONTENT_SANDBOX is set. 27 int GetEffectiveContentSandboxLevel(); 28 int GetEffectiveSocketProcessSandboxLevel(); 29 int GetEffectiveGpuSandboxLevel(); 30 31 #if defined(MOZ_PROFILE_GENERATE) 32 # if defined(XP_WIN) 33 bool GetLlvmProfileDir(std::wstring& parentPath); 34 # else 35 bool GetLlvmProfileDir(std::string& parentPath); 36 # endif 37 #endif 38 39 // Checks whether the effective content sandbox level is > 0. 40 bool IsContentSandboxEnabled(); 41 42 bool IsGPUSandboxEnabled(); 43 44 const char* ContentWin32kLockdownStateToString( 45 nsIXULRuntime::ContentWin32kLockdownState aValue); 46 47 bool GetContentWin32kLockdownEnabled(); 48 49 nsIXULRuntime::ContentWin32kLockdownState GetContentWin32kLockdownState(); 50 51 #if defined(XP_MACOSX) 52 int ClampFlashSandboxLevel(const int aLevel); 53 #endif 54 55 #if defined(__OpenBSD__) 56 bool StartOpenBSDSandbox(GeckoProcessType type, 57 ipc::SandboxingKind kind = ipc::SandboxingKind::COUNT); 58 #endif 59 60 } // namespace mozilla 61 #endif // mozilla_SandboxPolicies_h