Add the SeatbeltExec classes to facilitate the V2 sandbox.

sandbox/mac/seatbelt_exec.h

Index: sandbox/mac/seatbelt_exec.h
diff --git a/sandbox/mac/seatbelt_exec.h b/sandbox/mac/seatbelt_exec.h
new file mode 100644
index 0000000000000000000000000000000000000000..fe79f433972e3d0d5ccbbca86be4e2e91a451a01
--- /dev/null
+++ b/sandbox/mac/seatbelt_exec.h
@@ -0,0 +1,77 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_MAC_SEATBELT_EXEC_H_
+#define SANDBOX_MAC_SEATBELT_EXEC_H_
+
+#include <string>
+#include <unordered_map>
+
+#include "base/compiler_specific.h"
+#include "sandbox/mac/seatbelt.pb.h"
+#include "seatbelt_export.h"
+
+namespace sandbox {
+
+class SEATBELT_EXPORT SeatbeltExecClient {

[Robert Sesek, 2017/05/10 15:25:29]

These two classes need some high-level commentary.

[Greg K, 2017/05/11 17:44:15]

Done.

+ public:
+  SeatbeltExecClient();
+  ~SeatbeltExecClient();
+
+  // The Set*Parameter functions return true if the parameter was successfully
+  // inserted.
+  // Check the return value, otherwise sandbox parameters will not be as
+  // expected.
+  // Set a boolean parameter in the sandbox profile.
+  bool SetBooleanParameter(const std::string& key,
+                           bool value) WARN_UNUSED_RESULT;
+  // Set a string parameter in the sandbox profile.
+  bool SetParameter(const std::string& key,
+                    const std::string& value) WARN_UNUSED_RESULT;
+  // Set the actual sandbox policy, using the scheme-like SBPL.
+  void SetPolicy(const char* policy);
+  // Sends the parameters to the SeatbeltServer and returns the communication

[Robert Sesek, 2017/05/10 15:25:29]

SeatbeltExecServer?

[Greg K, 2017/05/11 17:44:16]

Done.

+  // FD.
+  int GetSandboxFD();

[Robert Sesek, 2017/05/10 15:25:29]

This should probably be renamed to indicate that it does more than getting an
FD.

[Greg K, 2017/05/11 17:44:15]

Done.

+
+  // Returns the underlying protobuf for testing purposes.
+  sandbox::mac::SandboxParams GetParamsForTesting() { return params_; }

[Robert Sesek, 2017/05/10 15:25:29]

const& return value

[Greg K, 2017/05/11 17:44:15]

Done.

+
+ private:
+  bool WriteString(const std::string& str);
+
+  sandbox::mac::SandboxParams params_;
+
+  bool got_fd_;

[Robert Sesek, 2017/05/10 15:25:29]

Document the members.

[Greg K, 2017/05/11 17:44:16]

Done.

+
+  int pipe_[2];
+};
+
+class SEATBELT_EXPORT SeatbeltExecServer {
+ public:
+  explicit SeatbeltExecServer(int sandbox_fd);
+  ~SeatbeltExecServer();
+
+  // Setup the profile to allow this process to be executed.
+  void AllowProcessExec(const std::string& exec_path);

[Robert Sesek, 2017/05/10 15:25:29]

This interface is a little odd and I'm not sure it serves a point, since the
caller could just set the EXECUTABLE_PATH variable themselves. Either way, this
does end up defining a magic variable that isn't discussed at all in the
interface documentation.

[Greg K, 2017/05/11 17:44:16]

Done.

+
+  // Read the parameters and policy from the client, and apply the sandbox.

[Robert Sesek, 2017/05/10 15:25:29]

What does this return?

[Greg K, 2017/05/11 17:44:15]

Done.

+  int InitializeSandbox();
+
+  // Applies the given sandbox profile.

[Robert Sesek, 2017/05/10 15:25:29]

What does this return?

[Greg K, 2017/05/11 17:44:15]

Done.

+  int ApplySandboxProfile(const mac::SandboxParams& sandbox_params);
+
+ private:
+  // Reads from the global |fd_| and stores the data into a string. This does

[Robert Sesek, 2017/05/10 15:25:29]

global?

[Greg K, 2017/05/11 17:44:15]

Done.

+  // not append a NUL terminator as protobuf does not expect one.
+  bool ReadString(std::string* string);
+
+  std::string exec_path_;
+
+  int fd_;
+};
+
+}  // namespace sandbox
+
+#endif  // SANDBOX_MAC_SEATBELT_EXEC_H_