sandbox/mac/seatbelt_exec.h - Issue 2869203003: Add the SeatbeltExec classes to facilitate the V2 sandbox.

Side by Side Diff: sandbox/mac/seatbelt_exec.h

Issue 2869203003: Add the SeatbeltExec classes to facilitate the V2 sandbox. (Closed)

Patch Set: Quiet logging from unit tests Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef SANDBOX_MAC_SEATBELT_EXEC_H_

	6 #define SANDBOX_MAC_SEATBELT_EXEC_H_

	7

	8 #include <string>

	9 #include <unordered_map>

	10

	11 #include "base/compiler_specific.h"

	12 #include "sandbox/mac/seatbelt.pb.h"

	13 #include "seatbelt_export.h"

	14

	15 namespace sandbox {

	16

	17 class SEATBELT_EXPORT SeatbeltExecClient {
	Robert Sesek 2017/05/10 15:25:29 These two classes need some high-level commentary. These two classes need some high-level commentary. Greg K 2017/05/11 17:44:15 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > These two classes need some high-level commentary. Done.
	18 public:

	19 SeatbeltExecClient();

	20 ~SeatbeltExecClient();

	21

	22 // The Set*Parameter functions return true if the parameter was successfully

	23 // inserted.

	24 // Check the return value, otherwise sandbox parameters will not be as

	25 // expected.

	26 // Set a boolean parameter in the sandbox profile.

	27 bool SetBooleanParameter(const std::string& key,

	28 bool value) WARN_UNUSED_RESULT;

	29 // Set a string parameter in the sandbox profile.

	30 bool SetParameter(const std::string& key,

	31 const std::string& value) WARN_UNUSED_RESULT;

	32 // Set the actual sandbox policy, using the scheme-like SBPL.

	33 void SetPolicy(const char* policy);

	34 // Sends the parameters to the SeatbeltServer and returns the communication
	Robert Sesek 2017/05/10 15:25:29 SeatbeltExecServer? SeatbeltExecServer? Greg K 2017/05/11 17:44:16 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > SeatbeltExecServer? Done.
	35 // FD.

	36 int GetSandboxFD();
	Robert Sesek 2017/05/10 15:25:29 This should probably be renamed to indicate that i This should probably be renamed to indicate that it does more than getting an FD. Greg K 2017/05/11 17:44:15 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > This should probably be renamed to indicate that it does more than getting an > FD. Done.
	37

	38 // Returns the underlying protobuf for testing purposes.

	39 sandbox::mac::SandboxParams GetParamsForTesting() { return params_; }
	Robert Sesek 2017/05/10 15:25:29 const& return value const& return value Greg K 2017/05/11 17:44:15 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > const& return value Done.
	40

	41 private:

	42 bool WriteString(const std::string& str);

	43

	44 sandbox::mac::SandboxParams params_;

	45

	46 bool got_fd_;
	Robert Sesek 2017/05/10 15:25:29 Document the members. Document the members. Greg K 2017/05/11 17:44:16 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > Document the members. Done.
	47

	48 int pipe_[2];

	49 };

	50

	51 class SEATBELT_EXPORT SeatbeltExecServer {

	52 public:

	53 explicit SeatbeltExecServer(int sandbox_fd);

	54 ~SeatbeltExecServer();

	55

	56 // Setup the profile to allow this process to be executed.

	57 void AllowProcessExec(const std::string& exec_path);
	Robert Sesek 2017/05/10 15:25:29 This interface is a little odd and I'm not sure it This interface is a little odd and I'm not sure it serves a point, since the caller could just set the EXECUTABLE_PATH variable themselves. Either way, this does end up defining a magic variable that isn't discussed at all in the interface documentation. Greg K 2017/05/11 17:44:16 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > This interface is a little odd and I'm not sure it serves a point, since the > caller could just set the EXECUTABLE_PATH variable themselves. Either way, this > does end up defining a magic variable that isn't discussed at all in the > interface documentation. Done.
	58

	59 // Read the parameters and policy from the client, and apply the sandbox.
	Robert Sesek 2017/05/10 15:25:29 What does this return? What does this return? Greg K 2017/05/11 17:44:15 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > What does this return? Done.
	60 int InitializeSandbox();

	61

	62 // Applies the given sandbox profile.
	Robert Sesek 2017/05/10 15:25:29 What does this return? What does this return? Greg K 2017/05/11 17:44:15 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > What does this return? Done.
	63 int ApplySandboxProfile(const mac::SandboxParams& sandbox_params);

	64

	65 private:

	66 // Reads from the global \|fd_\| and stores the data into a string. This does
	Robert Sesek 2017/05/10 15:25:29 global? global? Greg K 2017/05/11 17:44:15 Done. Show quoted text On 2017/05/10 15:25:29, Robert Sesek wrote: > global? Done.
	67 // not append a NUL terminator as protobuf does not expect one.

	68 bool ReadString(std::string* string);

	69

	70 std::string exec_path_;

	71

	72 int fd_;

	73 };

	74

	75 } // namespace sandbox

	76

	77 #endif // SANDBOX_MAC_SEATBELT_EXEC_H_

OLD	NEW

« sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc ('K') | « sandbox/mac/seatbelt.proto ('k') | sandbox/mac/seatbelt_exec.cc » ('j') | sandbox/mac/seatbelt_exec.cc » ('J')