sandbox: Extend BrokerPolicy to support file creation

sandbox/linux/syscall_broker/broker_policy.h

Index: sandbox/linux/syscall_broker/broker_policy.h
diff --git a/sandbox/linux/syscall_broker/broker_policy.h b/sandbox/linux/syscall_broker/broker_policy.h
index ef5bdfa138c5872224a659d8655828d0ee78562b..691b151240cabdda73f594aae2a1a7c013af7758 100644
--- a/sandbox/linux/syscall_broker/broker_policy.h
+++ b/sandbox/linux/syscall_broker/broker_policy.h
@@ -9,6 +9,9 @@
 #include <vector>
 
 #include "base/macros.h"
+#include "base/memory/scoped_ptr.h"

[jln (very slow on Chromium), 2014/11/24 20:12:17]

This doesn't seem required, is it?

[leecam, 2014/11/25 02:06:50]

Nope :)

+
+#include "sandbox/linux/syscall_broker/broker_file_permission.h"
 
 namespace sandbox {
 namespace syscall_broker {
@@ -23,21 +26,21 @@ class BrokerPolicy {
   // |denied_errno| is the error code returned when IPC requests for system
   // calls such as open() or access() are denied because a file is not in the
   // whitelist. EACCESS would be a typical value.
-  // |allowed_r_files| and |allowed_w_files| are white lists of files that
-  // should be allowed for opening, respectively for reading and writing.
-  // A file available read-write should be listed in both.
+  // |permissions| is a list of BrokerPermission objects that define
+  // what the broker will allow.
   BrokerPolicy(int denied_errno,
-               const std::vector<std::string>& allowed_r_files,
-               const std::vector<std::string>& allowed_w_files_);
+               const std::vector<BrokerFilePermission>& permissions);
+
   ~BrokerPolicy();
 
   // Check if calling access() should be allowed on |requested_filename| with
   // mode |requested_mode|.
   // Note: access() being a system call to check permissions, this can get a bit
   // confusing. We're checking if calling access() should even be allowed with
-  // the same policy we would use for open().
-  // If |file_to_access| is not NULL, we will return the matching pointer from
-  // the whitelist. For paranoia a caller should then use |file_to_access|. See
+  // If |file_to_open| is not NULL, a pointer to the path will be returned.
+  // In the case of a recursive match, this will be the requested_filename,
+  // otherwise it will return the matching pointer from the
+  // whitelist. For paranoia a caller should then use |file_to_access|. See
   // GetFileNameIfAllowedToOpen() for more explanation.
   // return true if calling access() on this file should be allowed, false
   // otherwise.
@@ -47,22 +50,29 @@ class BrokerPolicy {
                                     const char** file_to_access) const;
 
   // Check if |requested_filename| can be opened with flags |requested_flags|.
-  // If |file_to_open| is not NULL, we will return the matching pointer from the
+  // If |file_to_open| is not NULL, a pointer to the path will be returned.
+  // In the case of a recursive match, this will be the requested_filename,
+  // otherwise it will return the matching pointer from the
   // whitelist. For paranoia, a caller should then use |file_to_open| rather
   // than |requested_filename|, so that it never attempts to open an
   // attacker-controlled file name, even if an attacker managed to fool the
   // string comparison mechanism.
+  // |unlink_after_open| if not NULL will be set to point to true if the
+  // policy requests the caller unlink the path after opening.
   // Return true if opening should be allowed, false otherwise.
   // Async signal safe if and only if |file_to_open| is NULL.
   bool GetFileNameIfAllowedToOpen(const char* requested_filename,
                                   int requested_flags,
-                                  const char** file_to_open) const;
+                                  const char** file_to_open,
+                                  bool* unlink_after_open) const;
   int denied_errno() const { return denied_errno_; }
 
  private:
   const int denied_errno_;
-  const std::vector<std::string> allowed_r_files_;
-  const std::vector<std::string> allowed_w_files_;
+  const std::vector<BrokerFilePermission> permissions_;
+  const BrokerFilePermission* permissions_array_;

[jln (very slow on Chromium), 2014/11/24 20:12:17]

Add comment.

[leecam, 2014/11/25 02:06:50]

Done.

+  const size_t num_of_permissions_;
+
   DISALLOW_COPY_AND_ASSIGN(BrokerPolicy);
 };