Update from chromium 62675d9fb31fb8cedc40f68e78e8445a74f362e7

sandbox/linux/services/broker_process.h

Index: sandbox/linux/services/broker_process.h
diff --git a/sandbox/linux/services/broker_process.h b/sandbox/linux/services/broker_process.h
new file mode 100644
index 0000000000000000000000000000000000000000..ddde42ebfc1b258277c503e84c5e14215fb230c7
--- /dev/null
+++ b/sandbox/linux/services/broker_process.h
@@ -0,0 +1,106 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_
+#define SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/callback_forward.h"
+#include "base/pickle.h"
+#include "base/process/process.h"
+#include "sandbox/sandbox_export.h"
+
+namespace sandbox {
+
+// Create a new "broker" process to which we can send requests via an IPC
+// channel.
+// This is a low level IPC mechanism that is suitable to be called from a
+// signal handler.
+// A process would typically create a broker process before entering
+// sandboxing.
+// 1. BrokerProcess open_broker(read_whitelist, write_whitelist);
+// 2. CHECK(open_broker.Init(NULL));
+// 3. Enable sandbox.
+// 4. Use open_broker.Open() to open files.
+class SANDBOX_EXPORT BrokerProcess {
+ public:
+  // |denied_errno| is the error code returned when methods such as Open()
+  // or Access() are invoked on a file which is not in the whitelist. EACCESS
+  // would be a typical value.
+  // |allowed_r_files| and |allowed_w_files| are white lists of files that can
+  // be opened later via the Open() API, respectively for reading and writing.
+  // A file available read-write should be listed in both.
+  // |fast_check_in_client| and |quiet_failures_for_tests| are reserved for
+  // unit tests, don't use it.
+  explicit BrokerProcess(int denied_errno,
+                         const std::vector<std::string>& allowed_r_files,
+                         const std::vector<std::string>& allowed_w_files,
+                         bool fast_check_in_client = true,
+                         bool quiet_failures_for_tests = false);
+  ~BrokerProcess();
+  // Will initialize the broker process. There should be no threads at this
+  // point, since we need to fork().
+  // broker_process_init_callback will be called in the new broker process,
+  // after fork() returns.
+  bool Init(const base::Callback<bool(void)>& broker_process_init_callback);
+
+  // Can be used in place of access(). Will be async signal safe.
+  // X_OK will always return an error in practice since the broker process
+  // doesn't support execute permissions.
+  // It's similar to the access() system call and will return -errno on errors.
+  int Access(const char* pathname, int mode) const;
+  // Can be used in place of open(). Will be async signal safe.
+  // The implementation only supports certain white listed flags and will
+  // return -EPERM on other flags.
+  // It's similar to the open() system call and will return -errno on errors.
+  int Open(const char* pathname, int flags) const;
+
+  int broker_pid() const { return broker_pid_; }
+
+ private:
+  enum IPCCommands {
+    kCommandInvalid = 0,
+    kCommandOpen,
+    kCommandAccess,
+  };
+  int PathAndFlagsSyscall(enum IPCCommands command_type,
+                          const char* pathname,
+                          int flags) const;
+  bool HandleRequest() const;
+  bool HandleRemoteCommand(IPCCommands command_type,
+                           int reply_ipc,
+                           const Pickle& read_pickle,
+                           PickleIterator iter) const;
+
+  void AccessFileForIPC(const std::string& requested_filename,
+                        int mode,
+                        Pickle* write_pickle) const;
+  void OpenFileForIPC(const std::string& requested_filename,
+                      int flags,
+                      Pickle* write_pickle,
+                      std::vector<int>* opened_files) const;
+  bool GetFileNameIfAllowedToAccess(const char*, int, const char**) const;
+  bool GetFileNameIfAllowedToOpen(const char*, int, const char**) const;
+  const int denied_errno_;
+  bool initialized_;               // Whether we've been through Init() yet.
+  bool is_child_;                  // Whether we're the child (broker process).
+  bool fast_check_in_client_;      // Whether to forward a request that we know
+                                   // will be denied to the broker.
+  bool quiet_failures_for_tests_;  // Disable certain error message when
+                                   // testing for failures.
+  pid_t broker_pid_;               // The PID of the broker (child).
+  const std::vector<std::string> allowed_r_files_;  // Files allowed for read.
+  const std::vector<std::string> allowed_w_files_;  // Files allowed for write.
+  int ipc_socketpair_;  // Our communication channel to parent or child.
+  DISALLOW_IMPLICIT_CONSTRUCTORS(BrokerProcess);
+
+  friend class BrokerProcessTestHelper;
+};
+
+}  // namespace sandbox
+
+#endif  // SANDBOX_LINUX_SERVICES_BROKER_PROCESS_H_