Add the SeatbeltExec classes to facilitate the V2 sandbox.

sandbox/mac/seatbelt_exec.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/mac/seatbelt_exec.h"
+
+#include <sys/socket.h>
+#include <sys/uio.h>
+#include <unistd.h>
+
+#include <vector>
+
+#include "base/logging.h"
+#include "base/macros.h"
+#include "base/posix/eintr_wrapper.h"
+#include "base/strings/stringprintf.h"
+#include "sandbox/mac/seatbelt.h"
+
+namespace sandbox {
+
+SeatbeltExecClient::SeatbeltExecClient() {
+  PCHECK(pipe(pipe_) == 0) << "pipe";
+}
+
+SeatbeltExecClient::~SeatbeltExecClient() {
+  if (pipe_[1] != -1)
+    IGNORE_EINTR(close(pipe_[1]));
+  // If pipe() fails, PCHECK() will be hit in the constructor, so this file
+  // descriptor should always be closed if the proess is alive at this point.
+  IGNORE_EINTR(close(pipe_[0]));
+}
+
+bool SeatbeltExecClient::SetBooleanParameter(const base::StringPiece key,
+                                             bool value) {
+  google::protobuf::MapPair<std::string, std::string> pair(
+      key.as_string(), value ? "TRUE" : "FALSE");
+  return policy_.mutable_params()->insert(pair).second;
+}
+
+bool SeatbeltExecClient::SetParameter(const base::StringPiece key,
+                                      const base::StringPiece value) {
+  google::protobuf::MapPair<std::string, std::string> pair(key.as_string(),
+                                                           value.as_string());
+  return policy_.mutable_params()->insert(pair).second;
+}
+
+void SeatbeltExecClient::SetProfile(const base::StringPiece policy) {
+  policy_.set_profile(policy.as_string());
+}
+
+int SeatbeltExecClient::SendProfileAndGetFD() {
+  std::string serialized_protobuf;
+  if (!policy_.SerializeToString(&serialized_protobuf))
+    return -1;
+
+  if (!WriteString(&serialized_protobuf))
+    return -1;
+
+  IGNORE_EINTR(close(pipe_[1]));
+  pipe_[1] = -1;
+
+  return pipe_[0];
+}
+
+bool SeatbeltExecClient::WriteString(std::string* str) {
+  struct iovec iov[1];
+  iov[0].iov_base = &(*str)[0];
+  iov[0].iov_len = str->size();
+
+  ssize_t written = HANDLE_EINTR(writev(pipe_[1], iov, arraysize(iov)));
+  if (written < 0) {
+    PLOG(ERROR) << "writev";
+    return false;
+  }
+  return static_cast<uint64_t>(written) == str->size();
+}
+
+SeatbeltExecServer::SeatbeltExecServer(int fd) : fd_(fd) {}
+
+SeatbeltExecServer::~SeatbeltExecServer() {}
+
+bool SeatbeltExecServer::InitializeSandbox() {
+  std::string policy_string;
+  if (!ReadString(&policy_string))
+    return false;
+
+  mac::SandboxPolicy policy;
+  if (!policy.ParseFromString(policy_string)) {
+    LOG(ERROR) << "ParseFromString failed";
+    return false;
+  }
+
+  return ApplySandboxProfile(policy);
+}
+
+bool SeatbeltExecServer::ApplySandboxProfile(const mac::SandboxPolicy& policy) {
+  std::vector<const char*> weak_params;
+  for (const auto& pair : policy.params()) {
+    weak_params.push_back(pair.first.c_str());
+    weak_params.push_back(pair.second.c_str());
+  }
+  weak_params.push_back(nullptr);
+
+  char* error = nullptr;
+  int rv = Seatbelt::InitWithParams(policy.profile().c_str(), 0,
+                                    weak_params.data(), &error);
+  if (error) {
+    LOG(ERROR) << "Failed to initialize sandbox: " << rv << " " << error;
+    Seatbelt::FreeError(error);
+    return false;
+  }
+
+  return rv == 0;
+}
+
+bool SeatbeltExecServer::ReadString(std::string* str) {
+  // 4 pages of memory is enough to hold the sandbox profiles.
+  std::vector<char> buffer(4096 * 4, '\0');
+
+  struct iovec iov[1];
+  iov[0].iov_base = buffer.data();
+  iov[0].iov_len = buffer.size();
+
+  ssize_t read_length = HANDLE_EINTR(readv(fd_.get(), iov, arraysize(iov)));
+  if (read_length < 0) {
+    PLOG(ERROR) << "readv";
+    return false;
+  }
+  str->assign(buffer.data());
+  return true;
+}
+
+}  // namespace sandbox