sandbox/linux/syscall_broker/broker_file_permission.h - Issue 721553002: sandbox: Extend BrokerPolicy to support file creation

Side by Side Diff: sandbox/linux/syscall_broker/broker_file_permission.h

Issue 721553002: sandbox: Extend BrokerPolicy to support file creation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: make constructor private Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « sandbox/linux/syscall_broker/broker_client.cc ('k') | sandbox/linux/syscall_broker/broker_file_permission.cc » ('j') | sandbox/linux/syscall_broker/broker_process_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_

	6 #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_

	7

	8 #include <string>

	9

	10 #include "base/macros.h"

	11

	12 class Pickle;

	13

	14 namespace sandbox {

	15

	16 namespace syscall_broker {

	17

	18 class BrokerFilePermission {

	19 public:

	20 ~BrokerFilePermission() {}

	21 BrokerFilePermission(const BrokerFilePermission&) = default;

	22 BrokerFilePermission& operator=(const BrokerFilePermission&) = default;

	23

	24 static BrokerFilePermission ReadOnly(std::string path) {

	25 return BrokerFilePermission(path, false, false, true, false, false);

	26 }

	27

	28 static BrokerFilePermission ReadOnlyRecursive(std::string path) {

	29 return BrokerFilePermission(path, true, false, true, false, false);

	30 }

	31

	32 static BrokerFilePermission WriteOnly(std::string path) {

	33 return BrokerFilePermission(path, false, false, false, true, false);

	34 }

	35

	36 static BrokerFilePermission ReadWrite(std::string path) {

	37 return BrokerFilePermission(path, false, false, true, true, false);

	38 }

	39

	40 static BrokerFilePermission ReadWriteCreate(std::string path) {

	41 return BrokerFilePermission(path, false, false, true, true, true);

	42 }

	43

	44 static BrokerFilePermission ReadWriteCreateUnlink(std::string path) {

	45 return BrokerFilePermission(path, false, true, true, true, true);

	46 }

	47

	48 static BrokerFilePermission ReadWriteCreateUnlinkRecursive(std::string path) {

	49 return BrokerFilePermission(path, true, true, true, true, true);

	50 }

	51

	52 // Construct a permission from a serilized pickle buffer.
	Jorge Lucangeli Obes 2014/11/19 00:36:55 "serialized" More generally though, I don't think "serialized" More generally though, I don't think we need serialization right now, but if you've already done it I guess we can include it in this CL. jln (very slow on Chromium) 2014/11/19 00:44:24 Please, let's remove it from this CL. We should di Show quoted text On 2014/11/19 00:36:55, Jorge Lucangeli Obes wrote: > "serialized" > > More generally though, I don't think we need serialization right now, but if > you've already done it I guess we can include it in this CL. Please, let's remove it from this CL. We should discuss this separately, but when we need serialization, it has to be done with Chrome IPC, not a new, ad-hoc IPC mechanism. The current ad-hoc IPC mechanism should be limited to what we need it for: async signal safe IPCs.
	53 // Caller takes ownership of perm and must delete.

	54 static bool CreateFromPickleBuf(const char* buf,

	55 size_t len,

	56 BrokerFilePermission** perm);

	57

	58 // Serialize class to a Pickle that can be used with

	59 // UnixDomainSocket::SendRecvMsgWithFlags for IPC.

	60 Pickle Serialize();

	61

	62 // Returns true if \|requested_filename\| is allowed to be open

	63 // by this permission.

	64 // If \|file_to_open\| is not NULL it is set to point to either

	65 // the \|requested_filename\| in the case of a recursive match,

	66 // or a pointer the matched path in the whitelist if an absolute

	67 // match.

	68 // Async signal safe if \|file_to_open\| is NULL

	69 bool CheckOpen(const char* requested_filename,

	70 int flags,

	71 const char** file_to_open,

	72 bool* unlink_after_open) const;

	73 // Returns true if \|requested_filename\| is allowed to be accessed

	74 // by this permission.

	75 // If \|file_to_open\| is not NULL it is set to point to either

	76 // the \|requested_filename\| in the case of a recursive match,

	77 // or a pointer the matched path in the whitelist if an absolute

	78 // match.

	79 // Async signal safe if \|file_to_open\| is NULL

	80 bool CheckAccess(const char* requested_filename,

	81 int mode,

	82 const char** file_to_access) const;

	83

	84 private:

	85 BrokerFilePermission(std::string path,

	86 bool recursive,

	87 bool unlink,

	88 bool allow_read,

	89 bool allow_write,

	90 bool allow_create);

	91 bool IsPathCoveredByThisPermission(const char* requested_filename) const;

	92

	93 const std::string path_;

	94 const bool

	95 recursive_; // Allow everything under this path. \|path\| must be a dir.

	96 const bool unlink_; // unlink after openning.

	97 const bool allow_read_;

	98 const bool allow_write_;

	99 const bool allow_create_;

	100 };

	101

	102 } // namespace syscall_broker

	103

	104 } // namespace sandbox

	105

	106 #endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_

OLD	NEW