// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_COMMON_GPU_PRE_SANDBOX_HOOK_LINUX_H_
#define CONTENT_COMMON_GPU_PRE_SANDBOX_HOOK_LINUX_H_

#include <vector>

#include "sandbox/policy/linux/sandbox_linux.h"

namespace sandbox::syscall_broker {
class BrokerFilePermission;
}  // namespace sandbox::syscall_broker

namespace content {

// A pre-sandbox hook to use on Linux-based systems in sandboxed processes that
// require general GPU usage.
bool GpuPreSandboxHook(sandbox::policy::SandboxLinux::Options options);

// These functions can be used by other pre-sandbox hooks that need GPU access
// in addition to their other permissions.

// Returns the set of commands (open, stat, unlink, rename, etc...) that are
// needed for a process to use the GPU.
sandbox::syscall_broker::BrokerCommandSet CommandSetForGPU(
    const sandbox::policy::SandboxLinux::Options& options);

// Returns a list of file permissions that are needed for a process to use
// the GPU. These will include the libraries that make up the graphics driver.
std::vector<sandbox::syscall_broker::BrokerFilePermission>
FilePermissionsForGpu(
    const sandbox::policy::SandboxSeccompBPF::Options& options);

// Loads the libraries needed for a process to use the GPU.
bool LoadLibrariesForGpu(
    const sandbox::policy::SandboxSeccompBPF::Options& options);

}  // namespace content

#endif  // CONTENT_COMMON_GPU_PRE_SANDBOX_HOOK_LINUX_H_