1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_
6 #define SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_
11 #include "base/basictypes.h"
12 #include "base/callback_forward.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/process/process.h"
16 #include "sandbox/linux/syscall_broker/broker_policy.h"
17 #include "sandbox/sandbox_export.h"
21 namespace syscall_broker
{
24 class BrokerFilePermission
;
26 // Create a new "broker" process to which we can send requests via an IPC
27 // channel by forking the current process.
28 // This is a low level IPC mechanism that is suitable to be called from a
30 // A process would typically create a broker process before entering
32 // 1. BrokerProcess open_broker(read_whitelist, write_whitelist);
33 // 2. CHECK(open_broker.Init(NULL));
35 // 4. Use open_broker.Open() to open files.
36 class SANDBOX_EXPORT BrokerProcess
{
38 // |denied_errno| is the error code returned when methods such as Open()
39 // or Access() are invoked on a file which is not in the whitelist. EACCESS
40 // would be a typical value.
41 // |allowed_r_files| and |allowed_w_files| are white lists of files that can
42 // be opened later via the Open() API, respectively for reading and writing.
43 // A file available read-write should be listed in both.
44 // |fast_check_in_client| and |quiet_failures_for_tests| are reserved for
45 // unit tests, don't use it.
49 const std::vector
<syscall_broker::BrokerFilePermission
>& permissions
,
50 bool fast_check_in_client
= true,
51 bool quiet_failures_for_tests
= false);
54 // Will initialize the broker process. There should be no threads at this
55 // point, since we need to fork().
56 // broker_process_init_callback will be called in the new broker process,
57 // after fork() returns.
58 bool Init(const base::Callback
<bool(void)>& broker_process_init_callback
);
60 // Can be used in place of access(). Will be async signal safe.
61 // X_OK will always return an error in practice since the broker process
62 // doesn't support execute permissions.
63 // It's similar to the access() system call and will return -errno on errors.
64 int Access(const char* pathname
, int mode
) const;
65 // Can be used in place of open(). Will be async signal safe.
66 // The implementation only supports certain white listed flags and will
67 // return -EPERM on other flags.
68 // It's similar to the open() system call and will return -errno on errors.
69 int Open(const char* pathname
, int flags
) const;
71 int broker_pid() const { return broker_pid_
; }
74 friend class BrokerProcessTestHelper
;
76 // Close the IPC channel with the other party. This should only be used
77 // by tests an none of the class methods should be used afterwards.
80 bool initialized_
; // Whether we've been through Init() yet.
81 const bool fast_check_in_client_
;
82 const bool quiet_failures_for_tests_
;
83 pid_t broker_pid_
; // The PID of the broker (child).
84 syscall_broker::BrokerPolicy policy_
; // The sandboxing policy.
85 scoped_ptr
<syscall_broker::BrokerClient
> broker_client_
;
87 DISALLOW_COPY_AND_ASSIGN(BrokerProcess
);
90 } // namespace syscall_broker
92 } // namespace sandbox
94 #endif // SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_