Index: sandbox/linux/syscall_broker/broker_file_permission.h |
diff --git a/sandbox/linux/syscall_broker/broker_file_permission.h b/sandbox/linux/syscall_broker/broker_file_permission.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..03300d1d7440b287158804d319c1eea21f2579ef |
--- /dev/null |
+++ b/sandbox/linux/syscall_broker/broker_file_permission.h |
@@ -0,0 +1,119 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_ |
+#define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_ |
+ |
+#include <string> |
+ |
+#include "base/macros.h" |
+#include "sandbox/sandbox_export.h" |
+ |
+namespace sandbox { |
+ |
+namespace syscall_broker { |
+ |
+// BrokerFilePermission defines a path for whitelisting. |
+// Pick the correct static factory method to create a permission. |
+// CheckOpen and CheckAccess are async signal safe. |
+// Constuction and Destruction are not async signal safe. |
+// |path| is the path to be whitelisted. |
+class SANDBOX_EXPORT BrokerFilePermission { |
+ public: |
+ ~BrokerFilePermission() {} |
+ BrokerFilePermission(const BrokerFilePermission&) = default; |
+ BrokerFilePermission& operator=(const BrokerFilePermission&) = default; |
+ |
+ static BrokerFilePermission ReadOnly(const std::string& path) { |
+ return BrokerFilePermission(path, false, false, true, false, false); |
+ } |
+ |
+ static BrokerFilePermission ReadOnlyRecursive(const std::string& path) { |
+ return BrokerFilePermission(path, true, false, true, false, false); |
+ } |
+ |
+ static BrokerFilePermission WriteOnly(const std::string& path) { |
+ return BrokerFilePermission(path, false, false, false, true, false); |
+ } |
+ |
+ static BrokerFilePermission ReadWrite(const std::string& path) { |
+ return BrokerFilePermission(path, false, false, true, true, false); |
+ } |
+ |
+ static BrokerFilePermission ReadWriteCreate(const std::string& path) { |
+ return BrokerFilePermission(path, false, false, true, true, true); |
+ } |
+ |
+ static BrokerFilePermission ReadWriteCreateUnlink(const std::string& path) { |
+ return BrokerFilePermission(path, false, true, true, true, true); |
+ } |
+ |
+ static BrokerFilePermission ReadWriteCreateUnlinkRecursive( |
+ const std::string& path) { |
+ return BrokerFilePermission(path, true, true, true, true, true); |
+ } |
+ |
+ // Returns true if |requested_filename| is allowed to be opened |
+ // by this permission. |
+ // If |file_to_open| is not NULL it is set to point to either |
+ // the |requested_filename| in the case of a recursive match, |
+ // or a pointer the matched path in the whitelist if an absolute |
+ // match. |
+ // If not NULL |unlink_after_open| is set to point to true if the |
+ // caller should unlink the path after openning. |
+ // Async signal safe if |file_to_open| is NULL. |
+ bool CheckOpen(const char* requested_filename, |
+ int flags, |
+ const char** file_to_open, |
+ bool* unlink_after_open) const; |
+ // Returns true if |requested_filename| is allowed to be accessed |
+ // by this permission as per access(2). |
+ // If |file_to_open| is not NULL it is set to point to either |
+ // the |requested_filename| in the case of a recursive match, |
+ // or a pointer to the matched path in the whitelist if an absolute |
+ // match. |
+ // |mode| is per mode argument of access(2). |
+ // Async signal safe if |file_to_access| is NULL |
+ bool CheckAccess(const char* requested_filename, |
+ int mode, |
+ const char** file_to_access) const; |
+ |
+ private: |
+ friend class BrokerFilePermissionTester; |
+ BrokerFilePermission(const std::string& path, |
+ bool recursive, |
+ bool unlink, |
+ bool allow_read, |
+ bool allow_write, |
+ bool allow_create); |
+ |
+ // ValidatePath checks |path| and returns true if these conditions are met |
+ // * Greater than 0 length |
+ // * Is an absolute path |
+ // * No trailing slash |
+ // * No /../ path traversal |
+ static bool ValidatePath(const char* path); |
+ |
+ // MatchPath returns true if |requested_filename| is covered by this instance |
+ bool MatchPath(const char* requested_filename) const; |
+ |
+ // Used in by BrokerFilePermissionTester for tests. |
+ static const char* GetErrorMessageForTests(); |
+ |
+ // These are not const as std::vector requires copy-assignment and this class |
+ // is stored in vectors. All methods are marked const so |
+ // the compiler will still enforce no changes outside of the constructor. |
+ std::string path_; |
+ bool recursive_; // Allow everything under this path. |path| must be a dir. |
+ bool unlink_; // unlink after opening. |
+ bool allow_read_; |
+ bool allow_write_; |
+ bool allow_create_; |
+}; |
+ |
+} // namespace syscall_broker |
+ |
+} // namespace sandbox |
+ |
+#endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_ |