Chromium Code Reviews Chromium Code Reviews
Issue 721553002:
sandbox: Extend BrokerPolicy to support file creation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_ | |
| 6 #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/macros.h" | |
| 11 #include "sandbox/sandbox_export.h" | |
| 12 | |
| 13 namespace sandbox { | |
| 14 | |
| 15 namespace syscall_broker { | |
| 16 | |
| 17 // BrokerFilePermission defines a path for whitelisting. | |
| 18 // Pick the correct static factory method to create a permission. | |
| 19 // CheckOpen and CheckAccess are async signal safe. | |
| 20 // Constuction and Destruction are not async signal safe. | |
| 21 // |path| is the path to be whitelisted. | |
| 22 class SANDBOX_EXPORT BrokerFilePermission { | |
| 23 public: | |
| 24 ~BrokerFilePermission() {} | |
| 25 BrokerFilePermission(const BrokerFilePermission&) = default; | |
| 26 BrokerFilePermission& operator=(const BrokerFilePermission&) = default; | |
| 27 | |
| 28 static BrokerFilePermission ReadOnly(const std::string& path) { | |
| 29 return BrokerFilePermission(path, false, false, true, false, false); | |
| 30 } | |
| 31 | |
| 32 static BrokerFilePermission ReadOnlyRecursive(const std::string& path) { | |
| 33 return BrokerFilePermission(path, true, false, true, false, false); | |
| 34 } | |
| 35 | |
| 36 static BrokerFilePermission WriteOnly(const std::string& path) { | |
| 37 return BrokerFilePermission(path, false, false, false, true, false); | |
| 38 } | |
| 39 | |
| 40 static BrokerFilePermission ReadWrite(const std::string& path) { | |
| 41 return BrokerFilePermission(path, false, false, true, true, false); | |
| 42 } | |
| 43 | |
| 44 static BrokerFilePermission ReadWriteCreate(const std::string& path) { | |
| 45 return BrokerFilePermission(path, false, false, true, true, true); | |
| 46 } | |
| 47 | |
| 48 static BrokerFilePermission ReadWriteCreateUnlink(const std::string& path) { | |
| 49 return BrokerFilePermission(path, false, true, true, true, true); | |
| 50 } | |
| 51 | |
| 52 static BrokerFilePermission ReadWriteCreateUnlinkRecursive( | |
| 53 const std::string& path) { | |
| 54 return BrokerFilePermission(path, true, true, true, true, true); | |
| 55 } | |
| 56 | |
| 57 // Returns true if |requested_filename| is allowed to be opened | |
| 58 // by this permission. | |
| 59 // If |file_to_open| is not NULL it is set to point to either | |
| 60 // the |requested_filename| in the case of a recursive match, | |
| 61 // or a pointer the matched path in the whitelist if an absolute | |
| 62 // match. | |
| 63 // If not NULL |unlink_after_open| is set to point to true if the | |
| 64 // caller should unlink the path after openning. | |
| 65 // Async signal safe if |file_to_open| is NULL. | |
| 66 bool CheckOpen(const char* requested_filename, | |
| 67 int flags, | |
| 68 const char** file_to_open, | |
| 69 bool* unlink_after_open) const; | |
| 70 // Returns true if |requested_filename| is allowed to be accessed | |
| 71 // by this permission as per access(2). | |
| 72 // If |file_to_open| is not NULL it is set to point to either | |
| 73 // the |requested_filename| in the case of a recursive match, | |
| 74 // or a pointer to the matched path in the whitelist if an absolute | |
| 75 // match. | |
| 76 // |mode| is per mode argument of access(2). | |
| 77 // Async signal safe if |file_to_access| is NULL | |
| 78 bool CheckAccess(const char* requested_filename, | |
| 79 int mode, | |
| 80 const char** file_to_access) const; | |
| 81 | |
| 82 private: | |
| 83 friend class BrokerFilePermissionTester; | |
| 84 BrokerFilePermission(const std::string& path, | |
| 85 bool recursive, | |
| 86 bool unlink, | |
| 87 bool allow_read, | |
| 88 bool allow_write, | |
| 89 bool allow_create); | |
| 90 | |
| 91 // ValidatePath checks |path| and returns true if these conditions are met | |
| 92 // * Greater than 0 length | |
| 93 // * Is an absolute path | |
| 94 // * No trailing slash | |
| 95 // * No /../ path traversal | |
| 96 static bool ValidatePath(const char* path); | |
| 97 | |
| 98 // MatchPath returns true if |requested_filename| is covered by this instance | |
| 99 bool MatchPath(const char* requested_filename) const; | |
| 100 | |
| 101 // Used in by BrokerFilePermissionTester for tests. | |
| 102 static const char* GetErrorMessageForTests() { | |
| 103 return "Invalid BrokerFilePermission"; | |
|
jln (very slow on Chromium)
2014/11/26 19:49:06
Please do (in the .cc) file:
{
static char kInval
leecam
2014/11/26 20:55:47
Done.
| |
| 104 } | |
| 105 | |
| 106 // These are not const as std::vector requires copy-assignment and this class | |
| 107 // is stored in vectors. All methods are marked const so | |
| 108 // the compiler will still enforce no changes outside of the constructor. | |
| 109 std::string path_; | |
| 110 bool recursive_; // Allow everything under this path. |path| must be a dir. | |
| 111 bool unlink_; // unlink after opening. | |
| 112 bool allow_read_; | |
| 113 bool allow_write_; | |
| 114 bool allow_create_; | |
| 115 }; | |
| 116 | |
| 117 } // namespace syscall_broker | |
| 118 | |
| 119 } // namespace sandbox | |
| 120 | |
| 121 #endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_ | |
| OLD | NEW |
