// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SANDBOX_MAC_SEATBELT_H_
#define SANDBOX_MAC_SEATBELT_H_

#include <cstdint>

#include "base/macros.h"
#include "sandbox/mac/seatbelt_export.h"

namespace sandbox {

// This class exists because OS X deprecated the sandbox functions,
// and did not supply replacements that are suitable for Chrome.
// This class wraps the functions in deprecation warning supressions.
class SEATBELT_EXPORT Seatbelt {
 public:
  // Initializes the specified sandbox profile. Returns 0 on success, else -1
  // and |errorbuf| is populated. |errorbuf| is allocated by the API and must be
  // freed with FreeError().
  static int Init(const char* profile, uint64_t flags, char** errorbuf);

  // Initializes the specified sandbox profile and passes the parameters to the
  // |profile|. |parameters| is a null terminated list containing key,value
  // pairs in sequence. [key1,val1,key2,val2,nullptr]. |errorbuf| is allocated
  // by the API and is set to a string description of the error. |errorbuf| must
  // be freed with FreeError(). This function eturns 0 on success, else -1 and
  // |errorbuf| is populated.
  static int InitWithParams(const char* profile,
                            uint64_t flags,
                            const char* const parameters[],
                            char** errorbuf);

  // Frees the |errorbuf| allocated and set by InitWithParams.
  static void FreeError(char* errorbuf);

  // Returns whether or not the process is currently sandboxed.
  static bool IsSandboxed();

  static const char* kProfileNoInternet;

  static const char* kProfileNoNetwork;

  static const char* kProfileNoWrite;

  static const char* kProfileNoWriteExceptTemporary;

  static const char* kProfilePureComputation;

 private:
  Seatbelt();
  DISALLOW_COPY_AND_ASSIGN(Seatbelt);
};

}  // sandbox

#endif  // SANDBOX_MAC_SEATBELT_H_