sandbox/linux/syscall_broker/broker_process.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_
   6 #define SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/callback_forward.h"
  12 #include "base/macros.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/pickle.h"
  15 #include "base/process/process.h"
  16 #include "sandbox/linux/syscall_broker/broker_policy.h"
  17 #include "sandbox/sandbox_export.h"
  18
  19 namespace sandbox {
  20
  21 namespace syscall_broker {
  22
  23 class BrokerClient;
  24 class BrokerFilePermission;
  25
  26 // Create a new "broker" process to which we can send requests via an IPC
  27 // channel by forking the current process.
  28 // This is a low level IPC mechanism that is suitable to be called from a
  29 // signal handler.
  30 // A process would typically create a broker process before entering
  31 // sandboxing.
  32 // 1. BrokerProcess open_broker(read_whitelist, write_whitelist);
  33 // 2. CHECK(open_broker.Init(NULL));
  34 // 3. Enable sandbox.
  35 // 4. Use open_broker.Open() to open files.
  36 class SANDBOX_EXPORT BrokerProcess {
  37  public:
  38   // |denied_errno| is the error code returned when methods such as Open()
  39   // or Access() are invoked on a file which is not in the whitelist. EACCESS
  40   // would be a typical value.
  41   // |allowed_r_files| and |allowed_w_files| are white lists of files that can
  42   // be opened later via the Open() API, respectively for reading and writing.
  43   // A file available read-write should be listed in both.
  44   // |fast_check_in_client| and |quiet_failures_for_tests| are reserved for
  45   // unit tests, don't use it.
  46
  47   BrokerProcess(
  48       int denied_errno,
  49       const std::vector<syscall_broker::BrokerFilePermission>& permissions,
  50       bool fast_check_in_client = true,
  51       bool quiet_failures_for_tests = false);
  52
  53   ~BrokerProcess();
  54   // Will initialize the broker process. There should be no threads at this
  55   // point, since we need to fork().
  56   // broker_process_init_callback will be called in the new broker process,
  57   // after fork() returns.
  58   bool Init(const base::Callback<bool(void)>& broker_process_init_callback);
  59
  60   // Can be used in place of access(). Will be async signal safe.
  61   // X_OK will always return an error in practice since the broker process
  62   // doesn't support execute permissions.
  63   // It's similar to the access() system call and will return -errno on errors.
  64   int Access(const char* pathname, int mode) const;
  65   // Can be used in place of open(). Will be async signal safe.
  66   // The implementation only supports certain white listed flags and will
  67   // return -EPERM on other flags.
  68   // It's similar to the open() system call and will return -errno on errors.
  69   int Open(const char* pathname, int flags) const;
  70
  71   int broker_pid() const { return broker_pid_; }
  72
  73  private:
  74   friend class BrokerProcessTestHelper;
  75
  76   // Close the IPC channel with the other party. This should only be used
  77   // by tests an none of the class methods should be used afterwards.
  78   void CloseChannel();
  79
  80   bool initialized_;  // Whether we've been through Init() yet.
  81   const bool fast_check_in_client_;
  82   const bool quiet_failures_for_tests_;
  83   pid_t broker_pid_;                     // The PID of the broker (child).
  84   syscall_broker::BrokerPolicy policy_;  // The sandboxing policy.
  85   scoped_ptr<syscall_broker::BrokerClient> broker_client_;
  86
  87   DISALLOW_COPY_AND_ASSIGN(BrokerProcess);
  88 };
  89
  90 }  // namespace syscall_broker
  91
  92 }  // namespace sandbox
  93
  94 #endif  // SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_