Chromium Code Reviews Chromium Code Reviews
Issue 721553002:
sandbox: Extend BrokerPolicy to support file creation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: sandbox/linux/syscall_broker/broker_policy.h |
| diff --git a/sandbox/linux/syscall_broker/broker_policy.h b/sandbox/linux/syscall_broker/broker_policy.h |
| index ef5bdfa138c5872224a659d8655828d0ee78562b..75ac76363870be6780d33561de35594be02c11d4 100644 |
| --- a/sandbox/linux/syscall_broker/broker_policy.h |
| +++ b/sandbox/linux/syscall_broker/broker_policy.h |
| @@ -9,10 +9,54 @@ |
| #include <vector> |
| #include "base/macros.h" |
| +#include "base/memory/scoped_ptr.h" |
| namespace sandbox { |
| namespace syscall_broker { |
| +struct BrokerPermission { |
|
Jorge Lucangeli Obes
2014/11/12 17:29:42
I thought about this a little last night. I think
|
| + std::string path; // Allowed Path |
| + bool recursive; // Allow everything under this path. |path| must be a dir. |
| + bool unlink; // unlink after openning. |
| + bool allow_read; |
| + bool allow_write; |
| + bool allow_create; |
| + |
| + BrokerPermission(std::string path_, |
| + bool recursive_, |
| + bool unlink_, |
| + bool allow_read_, |
| + bool allow_write_, |
| + bool allow_create_) |
| + : path(path_), |
| + recursive(recursive_), |
| + unlink(unlink_), |
| + allow_read(allow_read_), |
| + allow_write(allow_write_), |
| + allow_create(allow_create_) {} |
| +}; |
| + |
| +#define BROKER_PERM_READ_ONLY(path) \ |
| + BrokerPermission(path, false, false, true, false, false) |
| + |
| +#define BROKER_PERM_READ_ONLY_RECURSIVE(path) \ |
| + BrokerPermission(path, true, false, true, false, false) |
| + |
| +#define BROKER_PERM_WRITE_ONLY(path) \ |
| + BrokerPermission(path, false, false, false, true, false) |
| + |
| +#define BROKER_PERM_READ_WRITE(path) \ |
| + BrokerPermission(path, false, false, true, true, false) |
| + |
| +#define BROKER_PERM_READ_WRITE_CREATE(path) \ |
| + BrokerPermission(path, false, false, true, true, true) |
| + |
| +#define BROKER_PERM_READ_WRITE_CREATE_UNLINK(path) \ |
| + BrokerPermission(path, false, true, true, true, true) |
| + |
| +#define BROKER_PERM_READ_WRITE_CREATE_UNLINK_RECURSIVE(path) \ |
| + BrokerPermission(path, true, true, true, true, true) |
| + |
| // BrokerPolicy allows to define the security policy enforced by a |
| // BrokerHost. The BrokerHost will evaluate requests sent over its |
| // IPC channel according to the BrokerPolicy. |
| @@ -23,12 +67,11 @@ class BrokerPolicy { |
| // |denied_errno| is the error code returned when IPC requests for system |
| // calls such as open() or access() are denied because a file is not in the |
| // whitelist. EACCESS would be a typical value. |
| - // |allowed_r_files| and |allowed_w_files| are white lists of files that |
| - // should be allowed for opening, respectively for reading and writing. |
| - // A file available read-write should be listed in both. |
| + // |permissions| is a list of BrokerPermission objects that define |
| + // what the broker will allow. |
| BrokerPolicy(int denied_errno, |
| - const std::vector<std::string>& allowed_r_files, |
| - const std::vector<std::string>& allowed_w_files_); |
| + const std::vector<BrokerPermission>& permissions); |
| + |
| ~BrokerPolicy(); |
| // Check if calling access() should be allowed on |requested_filename| with |
| @@ -56,13 +99,16 @@ class BrokerPolicy { |
| // Async signal safe if and only if |file_to_open| is NULL. |
| bool GetFileNameIfAllowedToOpen(const char* requested_filename, |
| int requested_flags, |
| - const char** file_to_open) const; |
| + const char** file_to_open, |
| + bool* unlink_after_open) const; |
| int denied_errno() const { return denied_errno_; } |
| private: |
| const int denied_errno_; |
| - const std::vector<std::string> allowed_r_files_; |
| - const std::vector<std::string> allowed_w_files_; |
| + const std::vector<BrokerPermission> permissions_; |
| + const BrokerPermission* permissions_array_; |
| + const size_t num_of_permissions_; |
| + |
| DISALLOW_COPY_AND_ASSIGN(BrokerPolicy); |
| }; |
