/** * Starts the seccomp sandbox for a content process. Should be called * only once, and before any potentially harmful content is loaded. * * Will normally make the process exit on failure. */ void SetContentProcessSandbox() { if (!SandboxInfo::Get().Test(SandboxInfo::kEnabledForContent)) { return; } SetCurrentProcessSandbox(GetContentSandboxPolicy()); }
/** * Starts the seccomp sandbox for a content process. Should be called * only once, and before any potentially harmful content is loaded. * * Will normally make the process exit on failure. */ void SetContentProcessSandbox(int aBrokerFd) { if (!SandboxInfo::Get().Test(SandboxInfo::kEnabledForContent)) { if (aBrokerFd >= 0) { close(aBrokerFd); } return; } // This needs to live until the process exits. static Maybe<SandboxBrokerClient> sBroker; if (aBrokerFd >= 0) { sBroker.emplace(aBrokerFd); } SetCurrentProcessSandbox(GetContentSandboxPolicy(sBroker.ptrOr(nullptr))); }