sandbox/linux/syscall_broker/broker_file_permission.h - Issue 721553002: sandbox: Extend BrokerPolicy to support file creation

Side by Side Diff: sandbox/linux/syscall_broker/broker_file_permission.h

Issue 721553002: sandbox: Extend BrokerPolicy to support file creation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: jln review changes Created 6 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « sandbox/linux/syscall_broker/broker_client.cc ('k') | sandbox/linux/syscall_broker/broker_file_permission.cc » ('j') | sandbox/linux/syscall_broker/broker_process_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_

	6 #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_

	7

	8 #include <string>

	9

	10 #include "base/macros.h"

	11

	12 namespace sandbox {

	13

	14 namespace syscall_broker {

	15

	16 // BrokerFilePermission defines a path for whitelisting.

	17 // Pick the correct static factory method to create a permission.

	18 // CheckOpen and CheckAccess are async signal safe.

	19 // Constuction and Destruction are not async signal safe.

	20 // \|path\| is the path to be whitelisted.

	21 class BrokerFilePermission {

	22 public:

	23 ~BrokerFilePermission() {}

	24 BrokerFilePermission(const BrokerFilePermission&) = default;

	25 BrokerFilePermission& operator=(const BrokerFilePermission&) = default;

	26

	27 static BrokerFilePermission ReadOnly(const std::string& path) {

	28 return BrokerFilePermission(path, false, false, true, false, false);

	29 }

	30

	31 static BrokerFilePermission ReadOnlyRecursive(const std::string& path) {

	32 return BrokerFilePermission(path, true, false, true, false, false);

	33 }

	34

	35 static BrokerFilePermission WriteOnly(const std::string& path) {

	36 return BrokerFilePermission(path, false, false, false, true, false);

	37 }

	38

	39 static BrokerFilePermission ReadWrite(const std::string& path) {

	40 return BrokerFilePermission(path, false, false, true, true, false);

	41 }

	42

	43 static BrokerFilePermission ReadWriteCreate(const std::string& path) {

	44 return BrokerFilePermission(path, false, false, true, true, true);

	45 }

	46

	47 static BrokerFilePermission ReadWriteCreateUnlink(const std::string& path) {

	48 return BrokerFilePermission(path, false, true, true, true, true);

	49 }

	50

	51 static BrokerFilePermission ReadWriteCreateUnlinkRecursive(

	52 const std::string& path) {

	53 return BrokerFilePermission(path, true, true, true, true, true);

	54 }

	55

	56 // Returns true if \|requested_filename\| is allowed to be opened

	57 // by this permission.

	58 // If \|file_to_open\| is not NULL it is set to point to either

	59 // the \|requested_filename\| in the case of a recursive match,

	60 // or a pointer the matched path in the whitelist if an absolute

	61 // match.

	62 // \|unlink_after_open\| is set to point to true if the caller should unlink
	jln (very slow on Chromium) 2014/11/26 01:02:31 I would prefer "If not NULL, ...." I would prefer "If not NULL, ...." leecam 2014/11/26 18:35:33 Done. Show quoted text On 2014/11/26 01:02:31, jln wrote: > I would prefer "If not NULL, ...." Done.
	63 // the path after openning. It may be NULL.

	64 // Async signal safe if \|file_to_open\| is NULL.

	65 bool CheckOpen(const char* requested_filename,

	66 int flags,

	67 const char** file_to_open,

	68 bool* unlink_after_open) const;

	69 // Returns true if \|requested_filename\| is allowed to be accessed

	70 // by this permission as per access(2).

	71 // If \|file_to_open\| is not NULL it is set to point to either

	72 // the \|requested_filename\| in the case of a recursive match,

	73 // or a pointer to the matched path in the whitelist if an absolute

	74 // match.

	75 // \|mode\| is per mode argument of access(2).

	76 // Async signal safe if \|file_to_access\| is NULL

	77 bool CheckAccess(const char* requested_filename,

	78 int mode,

	79 const char** file_to_access) const;

	80

	81 private:

	82 friend class BrokerFilePermissionTester;

	83 BrokerFilePermission(const std::string& path,

	84 bool recursive,

	85 bool unlink,

	86 bool allow_read,

	87 bool allow_write,

	88 bool allow_create);

	89

	90 static bool ValidatePath(const char* path);

	91 bool MatchPath(const char* requested_filename) const;

	92

	93 // These are not const as std::vector may use std::move which

	94 // requires copyable members. All methods are marked const so

	95 // the compiler will still enforce no changes outside of the constructor.
	jln (very slow on Chromium) 2014/11/26 01:02:31 The issue is actually that std::vector requires co The issue is actually that std::vector requires copy-assignment (checked with jyasskin) Could you update the comment? Sad :( leecam 2014/11/26 18:35:33 Done. Show quoted text On 2014/11/26 01:02:31, jln wrote: > The issue is actually that std::vector requires copy-assignment (checked with > jyasskin) > Could you update the comment? > > Sad :( Done.
	96 std::string path_;

	97 bool recursive_; // Allow everything under this path. \|path\| must be a dir.

	98 bool unlink_; // unlink after opening.

	99 bool allow_read_;

	100 bool allow_write_;

	101 bool allow_create_;

	102 };

	103

	104 } // namespace syscall_broker

	105

	106 } // namespace sandbox

	107

	108 #endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_

OLD	NEW