// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_DELEGATE_H_
#define SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_DELEGATE_H_

#include <string>

#include "base/process/process.h"
#include "build/build_config.h"
#include "services/service_manager/sandbox/sandbox_type.h"

namespace sandbox {
class TargetPolicy;
}

namespace service_manager {

class SandboxDelegate {
 public:
  virtual ~SandboxDelegate() {}

  // Returns the SandboxType to enforce on the process, or
  // SANDBOX_TYPE_NO_SANDBOX to run without a sandbox policy.
  virtual service_manager::SandboxType GetSandboxType() = 0;

#if defined(OS_WIN)
  // Whether to disable the default policy specified in
  // AddPolicyForSandboxedProcess.
  virtual bool DisableDefaultPolicy() = 0;

  // Get the AppContainer ID for the sandbox. If this returns false then the
  // AppContainer will not be enabled for the process.
  virtual bool GetAppContainerId(std::string* appcontainer_id) = 0;

  // Called right before spawning the process. Returns false on failure.
  virtual bool PreSpawnTarget(sandbox::TargetPolicy* policy) = 0;

  // Called right after the process is launched, but before its thread is run.
  virtual void PostSpawnTarget(base::ProcessHandle process) = 0;
#endif  // defined(OS_WIN)
};

}  // namespace service_manager

#endif  // SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_DELEGATE_H_