author Bob Owen <>
Wed, 13 Apr 2016 15:37:35 +0100
changeset 323920 f9b9691fee9edfe9ce6bc02345d80465079de9e3
parent 323914 08693317e6581716cc6a8c3d95ed7ff6e16d2886
child 324028 0da1c375b5117d5113293f43a2fbaa4efbc7b722
permissions -rw-r--r--
Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley, a=ritu

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */


#define SANDBOX_EXPORT __declspec(dllexport)
#define SANDBOX_EXPORT __declspec(dllimport)

#include <stdint.h>
#include <windows.h>

namespace sandbox {
  class BrokerServices;
  class TargetPolicy;

namespace mozilla {

class SANDBOX_EXPORT SandboxBroker

  static bool Initialize();

  bool LaunchApp(const wchar_t *aPath,
                 const wchar_t *aArguments,
                 const bool aEnableLogging,
                 void **aProcessHandle);
  virtual ~SandboxBroker();

  // Security levels for different types of processes
  bool SetSecurityLevelForContentProcess(int32_t aSandboxLevel);
  bool SetSecurityLevelForPluginProcess(int32_t aSandboxLevel);
  bool SetSecurityLevelForIPDLUnitTestProcess();
  bool SetSecurityLevelForGMPlugin();

  // File system permissions
  bool AllowReadFile(wchar_t const *file);
  bool AllowReadWriteFile(wchar_t const *file);
  bool AllowDirectory(wchar_t const *dir);

  // Exposes AddTargetPeer from broker services, so that none sandboxed
  // processes can be added as handle duplication targets.
  bool AddTargetPeer(HANDLE aPeerProcess);
  static sandbox::BrokerServices *sBrokerService;
  sandbox::TargetPolicy *mPolicy;

} // mozilla