content/common/sandbox_mac.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_
   6 #define CONTENT_COMMON_SANDBOX_MAC_H_
   7
   8 #include <map>
   9 #include <string>
  10
  11 #include "base/basictypes.h"
  12 #include "base/containers/hash_tables.h"
  13 #include "base/gtest_prod_util.h"
  14 #include "content/common/content_export.h"
  15 #include "content/public/common/sandbox_type.h"
  16
  17 namespace base {
  18 class FilePath;
  19 }
  20
  21 #if __OBJC__
  22 @class NSArray;
  23 @class NSString;
  24 #else
  25 class NSArray;
  26 class NSString;
  27 #endif
  28
  29 namespace content {
  30
  31 // This class wraps the C-style sandbox APIs in a class to ensure proper
  32 // initialization and cleanup.
  33 class CONTENT_EXPORT SandboxCompiler {
  34  public:
  35   explicit SandboxCompiler(const std::string& profile_str);
  36
  37   ~SandboxCompiler();
  38
  39   // Inserts a boolean into the parameters key/value map. A duplicate key is not
  40   // allowed, and will cause the function to return false. The value is not
  41   // inserted in this case.
  42   bool InsertBooleanParam(const std::string& key, bool value);
  43
  44   // Inserts a string into the parameters key/value map. A duplicate key is not
  45   // allowed, and will cause the function to return false. The value is not
  46   // inserted in this case.
  47   bool InsertStringParam(const std::string& key, const std::string& value);
  48
  49   // Compiles and applies the profile; returns true on success.
  50   bool CompileAndApplyProfile(std::string* error);
  51
  52  private:
  53   // Frees all of the system resources allocated for the sandbox.
  54   void FreeSandboxResources(void* profile, void* params, char* error);
  55
  56   // Storage of the key/value pairs of strings that are used in the sandbox
  57   // profile.
  58   std::map<std::string, std::string> params_map_;
  59
  60   // The sandbox profile source code.
  61   const std::string profile_str_;
  62
  63   DISALLOW_COPY_AND_ASSIGN(SandboxCompiler);
  64 };
  65
  66 class CONTENT_EXPORT Sandbox {
  67  public:
  68
  69   // Warm up System APIs that empirically need to be accessed before the
  70   // sandbox is turned on. |sandbox_type| is the type of sandbox to warm up.
  71   // Valid |sandbox_type| values are defined by the enum SandboxType, or can be
  72   // defined by the embedder via
  73   // ContentClient::GetSandboxProfileForProcessType().
  74   static void SandboxWarmup(int sandbox_type);
  75
  76   // Turns on the OS X sandbox for this process.
  77   // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal
  78   // values.
  79   // |allowed_dir| - directory to allow access to, currently the only sandbox
  80   // profile that supports this is SANDBOX_TYPE_UTILITY .
  81   //
  82   // Returns true on success, false if an error occurred enabling the sandbox.
  83   static bool EnableSandbox(int sandbox_type,
  84                             const base::FilePath& allowed_dir);
  85
  86   // Returns true if the sandbox has been enabled for the current process.
  87   static bool SandboxIsCurrentlyActive();
  88
  89   // Escape |src_utf8| for use in a plain string variable in a sandbox
  90   // configuraton file.  On return |dst| is set to the quoted output.
  91   // Returns: true on success, false otherwise.
  92   static bool QuotePlainString(const std::string& src_utf8, std::string* dst);
  93
  94   // Escape |str_utf8| for use in a regex literal in a sandbox
  95   // configuraton file.  On return |dst| is set to the utf-8 encoded quoted
  96   // output.
  97   //
  98   // The implementation of this function is based on empirical testing of the
  99   // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to
 100   // change.
 101   //
 102   // Note: If str_utf8 contains any characters < 32 || >125 then the function
 103   // fails and false is returned.
 104   //
 105   // Returns: true on success, false otherwise.
 106   static bool QuoteStringForRegex(const std::string& str_utf8,
 107                                   std::string* dst);
 108
 109  private:
 110   // Convert provided path into a "canonical" path matching what the Sandbox
 111   // expects i.e. one without symlinks.
 112   // This path is not necessarily unique e.g. in the face of hardlinks.
 113   static base::FilePath GetCanonicalSandboxPath(const base::FilePath& path);
 114
 115   FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape);
 116   FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape);
 117   FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess);
 118
 119   DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);
 120 };
 121
 122 }  // namespace content
 123
 124 #endif  // CONTENT_COMMON_SANDBOX_MAC_H_