| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_ |
| 6 #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_ |
| 7 |
| 8 #include "base/macros.h" |
| 9 #include "sandbox/linux/syscall_broker/broker_common.h" |
| 10 |
| 11 namespace sandbox { |
| 12 |
| 13 namespace syscall_broker { |
| 14 |
| 15 class BrokerPolicy; |
| 16 |
| 17 // This class can be embedded in a sandboxed process and can be |
| 18 // used to perform certain system calls in another, presumably |
| 19 // non-sandboxed process (which embeds BrokerHost). |
| 20 // A key feature of this class is the ability to use some of its methods in a |
| 21 // thread-safe and async-signal safe way. The goal is to be able to use it to |
| 22 // replace the open() or access() system calls happening anywhere in a process |
| 23 // (as allowed for instance by seccomp-bpf's SIGSYS mechanism). |
| 24 class BrokerClient { |
| 25 public: |
| 26 // |policy| needs to match the policy used by BrokerHost. This |
| 27 // allows to predict some of the requests which will be denied |
| 28 // and save an IPC round trip. |
| 29 // |ipc_channel| needs to be a suitable SOCK_SEQPACKET unix socket. |
| 30 // |fast_check_in_client| should be set to true and |
| 31 // |quiet_failures_for_tests| to false unless you are writing tests. |
| 32 BrokerClient(const BrokerPolicy& policy, |
| 33 int ipc_channel, |
| 34 bool fast_check_in_client, |
| 35 bool quiet_failures_for_tests); |
| 36 ~BrokerClient(); |
| 37 |
| 38 // Can be used in place of access(). |
| 39 // X_OK will always return an error in practice since the broker process |
| 40 // doesn't support execute permissions. |
| 41 // It's similar to the access() system call and will return -errno on errors. |
| 42 // This is async signal safe. |
| 43 int Access(const char* pathname, int mode) const; |
| 44 // Can be used in place of open(). |
| 45 // The implementation only supports certain white listed flags and will |
| 46 // return -EPERM on other flags. |
| 47 // It's similar to the open() system call and will return -errno on errors. |
| 48 // This is async signal safe. |
| 49 int Open(const char* pathname, int flags) const; |
| 50 |
| 51 private: |
| 52 const BrokerPolicy& broker_policy_; |
| 53 const int ipc_channel_; |
| 54 const bool fast_check_in_client_; // Whether to forward a request that we |
| 55 // know will be denied to the broker. (Used |
| 56 // for tests). |
| 57 const bool quiet_failures_for_tests_; // Disable certain error message when |
| 58 // testing for failures. |
| 59 |
| 60 int PathAndFlagsSyscall(IPCCommand syscall_type, |
| 61 const char* pathname, |
| 62 int flags) const; |
| 63 |
| 64 DISALLOW_COPY_AND_ASSIGN(BrokerClient); |
| 65 }; |
| 66 |
| 67 } // namespace syscall_broker |
| 68 |
| 69 } // namespace sandbox |
| 70 |
| 71 #endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 693943003:
Update from https://crrev.com/302630 (Closed)
Base URL: git@github.com:domokit/mojo.git@master