Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(204)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/syscall_broker/broker_file_permission.h

Issue 761903003: Update from https://crrev.com/306655 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/syscall_broker/broker_client.cc ('k') | sandbox/linux/syscall_broker/broker_file_permission.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_
6 #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_
7
8 #include <string>
9
10 #include "base/macros.h"
11 #include "sandbox/sandbox_export.h"
12
13 namespace sandbox {
14
15 namespace syscall_broker {
16
17 // BrokerFilePermission defines a path for whitelisting.
18 // Pick the correct static factory method to create a permission.
19 // CheckOpen and CheckAccess are async signal safe.
20 // Constuction and Destruction are not async signal safe.
21 // |path| is the path to be whitelisted.
22 class SANDBOX_EXPORT BrokerFilePermission {
23 public:
24 ~BrokerFilePermission() {}
25 BrokerFilePermission(const BrokerFilePermission&) = default;
26 BrokerFilePermission& operator=(const BrokerFilePermission&) = default;
27
28 static BrokerFilePermission ReadOnly(const std::string& path) {
29 return BrokerFilePermission(path, false, false, true, false, false);
30 }
31
32 static BrokerFilePermission ReadOnlyRecursive(const std::string& path) {
33 return BrokerFilePermission(path, true, false, true, false, false);
34 }
35
36 static BrokerFilePermission WriteOnly(const std::string& path) {
37 return BrokerFilePermission(path, false, false, false, true, false);
38 }
39
40 static BrokerFilePermission ReadWrite(const std::string& path) {
41 return BrokerFilePermission(path, false, false, true, true, false);
42 }
43
44 static BrokerFilePermission ReadWriteCreate(const std::string& path) {
45 return BrokerFilePermission(path, false, false, true, true, true);
46 }
47
48 static BrokerFilePermission ReadWriteCreateUnlink(const std::string& path) {
49 return BrokerFilePermission(path, false, true, true, true, true);
50 }
51
52 static BrokerFilePermission ReadWriteCreateUnlinkRecursive(
53 const std::string& path) {
54 return BrokerFilePermission(path, true, true, true, true, true);
55 }
56
57 // Returns true if |requested_filename| is allowed to be opened
58 // by this permission.
59 // If |file_to_open| is not NULL it is set to point to either
60 // the |requested_filename| in the case of a recursive match,
61 // or a pointer the matched path in the whitelist if an absolute
62 // match.
63 // If not NULL |unlink_after_open| is set to point to true if the
64 // caller should unlink the path after openning.
65 // Async signal safe if |file_to_open| is NULL.
66 bool CheckOpen(const char* requested_filename,
67 int flags,
68 const char** file_to_open,
69 bool* unlink_after_open) const;
70 // Returns true if |requested_filename| is allowed to be accessed
71 // by this permission as per access(2).
72 // If |file_to_open| is not NULL it is set to point to either
73 // the |requested_filename| in the case of a recursive match,
74 // or a pointer to the matched path in the whitelist if an absolute
75 // match.
76 // |mode| is per mode argument of access(2).
77 // Async signal safe if |file_to_access| is NULL
78 bool CheckAccess(const char* requested_filename,
79 int mode,
80 const char** file_to_access) const;
81
82 private:
83 friend class BrokerFilePermissionTester;
84 BrokerFilePermission(const std::string& path,
85 bool recursive,
86 bool unlink,
87 bool allow_read,
88 bool allow_write,
89 bool allow_create);
90
91 // ValidatePath checks |path| and returns true if these conditions are met
92 // * Greater than 0 length
93 // * Is an absolute path
94 // * No trailing slash
95 // * No /../ path traversal
96 static bool ValidatePath(const char* path);
97
98 // MatchPath returns true if |requested_filename| is covered by this instance
99 bool MatchPath(const char* requested_filename) const;
100
101 // Used in by BrokerFilePermissionTester for tests.
102 static const char* GetErrorMessageForTests();
103
104 // These are not const as std::vector requires copy-assignment and this class
105 // is stored in vectors. All methods are marked const so
106 // the compiler will still enforce no changes outside of the constructor.
107 std::string path_;
108 bool recursive_; // Allow everything under this path. |path| must be a dir.
109 bool unlink_; // unlink after opening.
110 bool allow_read_;
111 bool allow_write_;
112 bool allow_create_;
113 };
114
115 } // namespace syscall_broker
116
117 } // namespace sandbox
118
119 #endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_
OLDNEW
« no previous file with comments | « sandbox/linux/syscall_broker/broker_client.cc ('k') | sandbox/linux/syscall_broker/broker_file_permission.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698