Fix crash on app list start page keyboard navigation with <4 apps.
[chromium-blink-merge.git] / sandbox / linux / syscall_broker / broker_process.h
blobc23ac3c438315ed7c2d2761349c74a7136933268
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_
6 #define SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_
8 #include <string>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "base/callback_forward.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/process/process.h"
16 #include "sandbox/linux/syscall_broker/broker_policy.h"
17 #include "sandbox/sandbox_export.h"
19 namespace sandbox {
21 namespace syscall_broker {
23 class BrokerClient;
24 class BrokerFilePermission;
26 // Create a new "broker" process to which we can send requests via an IPC
27 // channel by forking the current process.
28 // This is a low level IPC mechanism that is suitable to be called from a
29 // signal handler.
30 // A process would typically create a broker process before entering
31 // sandboxing.
32 // 1. BrokerProcess open_broker(read_whitelist, write_whitelist);
33 // 2. CHECK(open_broker.Init(NULL));
34 // 3. Enable sandbox.
35 // 4. Use open_broker.Open() to open files.
36 class SANDBOX_EXPORT BrokerProcess {
37 public:
38 // |denied_errno| is the error code returned when methods such as Open()
39 // or Access() are invoked on a file which is not in the whitelist. EACCESS
40 // would be a typical value.
41 // |allowed_r_files| and |allowed_w_files| are white lists of files that can
42 // be opened later via the Open() API, respectively for reading and writing.
43 // A file available read-write should be listed in both.
44 // |fast_check_in_client| and |quiet_failures_for_tests| are reserved for
45 // unit tests, don't use it.
47 BrokerProcess(
48 int denied_errno,
49 const std::vector<syscall_broker::BrokerFilePermission>& permissions,
50 bool fast_check_in_client = true,
51 bool quiet_failures_for_tests = false);
53 ~BrokerProcess();
54 // Will initialize the broker process. There should be no threads at this
55 // point, since we need to fork().
56 // broker_process_init_callback will be called in the new broker process,
57 // after fork() returns.
58 bool Init(const base::Callback<bool(void)>& broker_process_init_callback);
60 // Can be used in place of access(). Will be async signal safe.
61 // X_OK will always return an error in practice since the broker process
62 // doesn't support execute permissions.
63 // It's similar to the access() system call and will return -errno on errors.
64 int Access(const char* pathname, int mode) const;
65 // Can be used in place of open(). Will be async signal safe.
66 // The implementation only supports certain white listed flags and will
67 // return -EPERM on other flags.
68 // It's similar to the open() system call and will return -errno on errors.
69 int Open(const char* pathname, int flags) const;
71 int broker_pid() const { return broker_pid_; }
73 private:
74 friend class BrokerProcessTestHelper;
76 // Close the IPC channel with the other party. This should only be used
77 // by tests an none of the class methods should be used afterwards.
78 void CloseChannel();
80 bool initialized_; // Whether we've been through Init() yet.
81 const bool fast_check_in_client_;
82 const bool quiet_failures_for_tests_;
83 pid_t broker_pid_; // The PID of the broker (child).
84 syscall_broker::BrokerPolicy policy_; // The sandboxing policy.
85 scoped_ptr<syscall_broker::BrokerClient> broker_client_;
87 DISALLOW_COPY_AND_ASSIGN(BrokerProcess);
90 } // namespace syscall_broker
92 } // namespace sandbox
94 #endif // SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_