blob: 2dfef8150cad8a0a1a892fd4e00f5e6837672a68 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_
#define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_
#include "base/macros.h"
#include "sandbox/linux/syscall_broker/broker_channel.h"
#include "sandbox/linux/syscall_broker/broker_common.h"
namespace sandbox {
namespace syscall_broker {
class BrokerPolicy;
// This class can be embedded in a sandboxed process and can be
// used to perform certain system calls in another, presumably
// non-sandboxed process (which embeds BrokerHost).
// A key feature of this class is the ability to use some of its methods in a
// thread-safe and async-signal safe way. The goal is to be able to use it to
// replace the open() or access() system calls happening anywhere in a process
// (as allowed for instance by seccomp-bpf's SIGSYS mechanism).
class BrokerClient {
public:
// |policy| needs to match the policy used by BrokerHost. This
// allows to predict some of the requests which will be denied
// and save an IPC round trip.
// |ipc_channel| needs to be a suitable SOCK_SEQPACKET unix socket.
// |fast_check_in_client| should be set to true and
// |quiet_failures_for_tests| to false unless you are writing tests.
BrokerClient(const BrokerPolicy& policy,
BrokerChannel::EndPoint ipc_channel,
bool fast_check_in_client,
bool quiet_failures_for_tests);
~BrokerClient();
// Can be used in place of access().
// X_OK will always return an error in practice since the broker process
// doesn't support execute permissions.
// It's similar to the access() system call and will return -errno on errors.
// This is async signal safe.
int Access(const char* pathname, int mode) const;
// Can be used in place of open().
// The implementation only supports certain white listed flags and will
// return -EPERM on other flags.
// It's similar to the open() system call and will return -errno on errors.
// This is async signal safe.
int Open(const char* pathname, int flags) const;
// Get the file descriptor used for IPC. This is used for tests.
int GetIPCDescriptor() const { return ipc_channel_.get(); }
private:
const BrokerPolicy& broker_policy_;
const BrokerChannel::EndPoint ipc_channel_;
const bool fast_check_in_client_; // Whether to forward a request that we
// know will be denied to the broker. (Used
// for tests).
const bool quiet_failures_for_tests_; // Disable certain error message when
// testing for failures.
int PathAndFlagsSyscall(IPCCommand syscall_type,
const char* pathname,
int flags) const;
DISALLOW_COPY_AND_ASSIGN(BrokerClient);
};
} // namespace syscall_broker
} // namespace sandbox
#endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_
|
