sandbox/mac/seatbelt_exec.h - Issue 2869203003: Add the SeatbeltExec classes to facilitate the V2 sandbox.

Side by Side Diff: sandbox/mac/seatbelt_exec.h

Issue 2869203003: Add the SeatbeltExec classes to facilitate the V2 sandbox. (Closed)

Patch Set: Remove path which is not on 10.9 Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef SANDBOX_MAC_SEATBELT_EXEC_H_

	6 #define SANDBOX_MAC_SEATBELT_EXEC_H_

	7

	8 #include <string>

	9 #include <unordered_map>

	10

	11 #include "base/compiler_specific.h"

	12 #include "sandbox/mac/seatbelt.pb.h"

	13 #include "seatbelt_export.h"
	Robert Sesek 2017/05/15 21:05:24 nit: fully-qualified include paths nit: fully-qualified include paths Greg K 2017/05/17 17:57:24 Done. Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > nit: fully-qualified include paths Done.
	14

	15 namespace sandbox {

	16

	17 // SeatbeltExecClient is used by the process that is launching another sandboxed

	18 // process. The API allows the launcher process to supply a sandbox profile and

	19 // parameters, which will be communicated to the sandboxed process over IPC.

	20 class SEATBELT_EXPORT SeatbeltExecClient {

	21 public:

	22 SeatbeltExecClient();

	23 ~SeatbeltExecClient();

	24

	25 // The Set*Parameter functions return true if the parameter was successfully

	26 // inserted. Check the return value, which indicates if the parameter was

	27 // added successfully.

	28

	29 // Set a boolean parameter in the sandbox profile.

	30 bool SetBooleanParameter(const std::string& key,

	31 bool value) WARN_UNUSED_RESULT;

	32 // Set a string parameter in the sandbox profile.

	33 bool SetParameter(const std::string& key,

	34 const std::string& value) WARN_UNUSED_RESULT;

	35 // Set the actual sandbox profile, using the scheme-like SBPL.
	Robert Sesek 2017/05/15 21:05:24 nit: blank line above nit: blank line above Greg K 2017/05/17 17:57:24 Done. Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > nit: blank line above Done.
	36 void SetProfile(const char* policy);
	Robert Sesek 2017/05/15 21:05:24 \|const char\| -> \|base::StringPiece\| May also wan \|const char\| -> \|base::StringPiece\| May also want to do the above SetParameter functions, so that an implicit conversion to std::string can be avoided for const char keys. Greg K* 2017/05/17 17:57:24 Done. Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > \|const char\| -> \|base::StringPiece\| > > May also want to do the above SetParameter functions, so that an implicit > conversion to std::string can be avoided for const char keys. Done.
	37 // Sends the policy to the SeatbeltExecServer and returns the communication
	Robert Sesek 2017/05/15 21:05:24 nit: blank line above nit: blank line above Greg K 2017/05/17 17:57:24 Done. Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > nit: blank line above Done.
	38 // FD.
	Robert Sesek 2017/05/15 21:05:24 What is the caller supposed to do with the FD? What is the caller supposed to do with the FD? Greg K 2017/05/17 17:57:24 Done. Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > What is the caller supposed to do with the FD? Done.
	39 int SendProfileAndGetFD();

	40

	41 // Returns the underlying protobuf for testing purposes.

	42 const sandbox::mac::SandboxPolicy& GetPolicyForTesting() { return policy_; }

	43

	44 private:

	45 // This writes a string (the serialized protobuf) to the \|pipe_\|.

	46 bool WriteString(const std::string& str);

	47

	48 // This is the protobuf which contains the sandbox profile and parameters,

	49 // and is serialized and sent to the other process.

	50 sandbox::mac::SandboxPolicy policy_;

	51

	52 // A file descriptor pair used for interprocess communication.

	53 int pipe_[2];

	54 };

	55

	56 // SeatbeltExecServer is used by the process that will be sandboxed to receive

	57 // the profile and parameters from the launcher process. It can then initialize

	58 // the profiel, sandboxing the process.
	Robert Sesek 2017/05/15 21:05:24 spelling: profile spelling: profile Greg K 2017/05/17 17:57:24 Done. Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > spelling: profile Done.
	59 class SEATBELT_EXPORT SeatbeltExecServer {

	60 public:

	61 explicit SeatbeltExecServer(int sandbox_fd);

	62 ~SeatbeltExecServer();

	63

	64 // Read the parameters and policy from the client, and apply the sandbox. This

	65 // returns 0 on success, otherwise -1.
	Robert Sesek 2017/05/15 21:05:24 Should this function and the one below just return Should this function and the one below just return bool then? Greg K 2017/05/17 17:57:24 Done. Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > Should this function and the one below just return bool then? Done.
	66 int InitializeSandbox();

	67

	68 // Applies the given sandbox profile, and returns 0 on success, otherwise -1.

	69 int ApplySandboxProfile(const mac::SandboxPolicy& sandbox_policy);
	Robert Sesek 2017/05/15 21:05:24 Does this need to be public? Does this need to be public? Greg K 2017/05/17 17:57:24 If this method isn't public, it's hard to test fro Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > Does this need to be public? If this method isn't public, it's hard to test from the multiprocess unit test. And ifs called "ForTesting," then it cannot be called from the InitializeSandbox() method. Robert Sesek* 2017/05/17 18:35:26 Got it. How about making it static then? Show quoted text On 2017/05/17 17:57:24, Greg K wrote: > On 2017/05/15 21:05:24, Robert Sesek wrote: > > Does this need to be public? > > If this method isn't public, it's hard to test from the multiprocess unit test. > And ifs called "*ForTesting," then it cannot be called from the > InitializeSandbox() method. Got it. How about making it static then?
	70

	71 private:

	72 // Reads from the \|fd_\| and stores the data into a string. This does

	73 // not append a NUL terminator as protobuf does not expect one.

	74 bool ReadString(std::string* string);

	75

	76 // The file descriptor used to communicate with the launcher process.

	77 int fd_;
	Robert Sesek 2017/05/15 21:05:24 Maybe ScopedFD? Maybe also for pipe_ above but it' Maybe ScopedFD? Maybe also for pipe_ above but it's probably a bit more clumsy there. Greg K 2017/05/17 17:57:24 Done. And I do think it's a bit clumsy for the pip Show quoted text On 2017/05/15 21:05:24, Robert Sesek wrote: > Maybe ScopedFD? Maybe also for pipe_ above but it's probably a bit more clumsy > there. Done. And I do think it's a bit clumsy for the pipe_.
	78 };

	79

	80 } // namespace sandbox

	81

	82 #endif // SANDBOX_MAC_SEATBELT_EXEC_H_

OLD	NEW

« sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc ('K') | « sandbox/mac/seatbelt.proto ('k') | sandbox/mac/seatbelt_exec.cc » ('j') | sandbox/mac/seatbelt_exec.cc » ('J')