| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef SANDBOX_MAC_SEATBELT_EXEC_H_ |
| 6 #define SANDBOX_MAC_SEATBELT_EXEC_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/compiler_specific.h" |
| 11 #include "base/files/scoped_file.h" |
| 12 #include "base/strings/string_piece.h" |
| 13 #include "sandbox/mac/seatbelt.pb.h" |
| 14 #include "sandbox/mac/seatbelt_export.h" |
| 15 |
| 16 namespace sandbox { |
| 17 |
| 18 // SeatbeltExecClient is used by the process that is launching another sandboxed |
| 19 // process. The API allows the launcher process to supply a sandbox profile and |
| 20 // parameters, which will be communicated to the sandboxed process over IPC. |
| 21 class SEATBELT_EXPORT SeatbeltExecClient { |
| 22 public: |
| 23 SeatbeltExecClient(); |
| 24 ~SeatbeltExecClient(); |
| 25 |
| 26 // The Set*Parameter functions return true if the parameter was successfully |
| 27 // inserted. Check the return value, which indicates if the parameter was |
| 28 // added successfully. |
| 29 |
| 30 // Set a boolean parameter in the sandbox profile. |
| 31 bool SetBooleanParameter(const base::StringPiece key, |
| 32 bool value) WARN_UNUSED_RESULT; |
| 33 |
| 34 // Set a string parameter in the sandbox profile. |
| 35 bool SetParameter(const base::StringPiece key, |
| 36 const base::StringPiece value) WARN_UNUSED_RESULT; |
| 37 |
| 38 // Set the actual sandbox profile, using the scheme-like SBPL. |
| 39 void SetProfile(const base::StringPiece policy); |
| 40 |
| 41 // Sends the policy to the SeatbeltExecServer and returns the communication |
| 42 // FD. The FD should be mapped into the sandboxed child process. |
| 43 int SendProfileAndGetFD(); |
| 44 |
| 45 // Returns the underlying protobuf for testing purposes. |
| 46 const mac::SandboxPolicy& GetPolicyForTesting() { return policy_; } |
| 47 |
| 48 private: |
| 49 // This writes a string (the serialized protobuf) to the |pipe_|. |
| 50 bool WriteString(std::string* str); |
| 51 |
| 52 // This is the protobuf which contains the sandbox profile and parameters, |
| 53 // and is serialized and sent to the other process. |
| 54 mac::SandboxPolicy policy_; |
| 55 |
| 56 // A file descriptor pair used for interprocess communication. |
| 57 int pipe_[2]; |
| 58 }; |
| 59 |
| 60 // SeatbeltExecServer is used by the process that will be sandboxed to receive |
| 61 // the profile and parameters from the launcher process. It can then initialize |
| 62 // the profile, sandboxing the process. |
| 63 class SEATBELT_EXPORT SeatbeltExecServer { |
| 64 public: |
| 65 // |sandbox_fd| should be the result of SendProfileAndGetFD(). |
| 66 explicit SeatbeltExecServer(int sandbox_fd); |
| 67 ~SeatbeltExecServer(); |
| 68 |
| 69 // Reads the policy from the client, applies the profile, and returns whether |
| 70 // or not the operation succeeds. |
| 71 bool InitializeSandbox(); |
| 72 |
| 73 // Applies the given sandbox policy, and returns whether or not the operation |
| 74 // succeeds. |
| 75 bool ApplySandboxProfile(const mac::SandboxPolicy& sandbox_policy); |
| 76 |
| 77 private: |
| 78 // Reads from the |fd_| and stores the data into a string. This does |
| 79 // not append a NUL terminator as protobuf does not expect one. |
| 80 bool ReadString(std::string* string); |
| 81 |
| 82 // The file descriptor used to communicate with the launcher process. |
| 83 base::ScopedFD fd_; |
| 84 }; |
| 85 |
| 86 } // namespace sandbox |
| 87 |
| 88 #endif // SANDBOX_MAC_SEATBELT_EXEC_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2869203003:
Add the SeatbeltExec classes to facilitate the V2 sandbox. (Closed)
