Home | History | Annotate | Download | only in syscall_broker 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_
      6 #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_
      7 
      8 #include "base/macros.h"
      9 #include "sandbox/linux/syscall_broker/broker_channel.h"
     10 #include "sandbox/linux/syscall_broker/broker_common.h"
     11 
     12 namespace sandbox {
     13 
     14 namespace syscall_broker {
     15 
     16 class BrokerPolicy;
     17 
     18 // This class can be embedded in a sandboxed process and can be
     19 // used to perform certain system calls in another, presumably
     20 // non-sandboxed process (which embeds BrokerHost).
     21 // A key feature of this class is the ability to use some of its methods in a
     22 // thread-safe and async-signal safe way. The goal is to be able to use it to
     23 // replace the open() or access() system calls happening anywhere in a process
     24 // (as allowed for instance by seccomp-bpf's SIGSYS mechanism).
     25 class BrokerClient {
     26  public:
     27   // |policy| needs to match the policy used by BrokerHost. This
     28   // allows to predict some of the requests which will be denied
     29   // and save an IPC round trip.
     30   // |ipc_channel| needs to be a suitable SOCK_SEQPACKET unix socket.
     31   // |fast_check_in_client| should be set to true and
     32   // |quiet_failures_for_tests| to false unless you are writing tests.
     33   BrokerClient(const BrokerPolicy& policy,
     34                BrokerChannel::EndPoint ipc_channel,
     35                bool fast_check_in_client,
     36                bool quiet_failures_for_tests);
     37   ~BrokerClient();
     38 
     39   // Can be used in place of access().
     40   // X_OK will always return an error in practice since the broker process
     41   // doesn't support execute permissions.
     42   // It's similar to the access() system call and will return -errno on errors.
     43   // This is async signal safe.
     44   int Access(const char* pathname, int mode) const;
     45   // Can be used in place of open().
     46   // The implementation only supports certain white listed flags and will
     47   // return -EPERM on other flags.
     48   // It's similar to the open() system call and will return -errno on errors.
     49   // This is async signal safe.
     50   int Open(const char* pathname, int flags) const;
     51 
     52   // Get the file descriptor used for IPC. This is used for tests.
     53   int GetIPCDescriptor() const { return ipc_channel_.get(); }
     54 
     55  private:
     56   const BrokerPolicy& broker_policy_;
     57   const BrokerChannel::EndPoint ipc_channel_;
     58   const bool fast_check_in_client_;  // Whether to forward a request that we
     59                                      // know will be denied to the broker. (Used
     60                                      // for tests).
     61   const bool quiet_failures_for_tests_;  // Disable certain error message when
     62                                          // testing for failures.
     63 
     64   int PathAndFlagsSyscall(IPCCommand syscall_type,
     65                           const char* pathname,
     66                           int flags) const;
     67 
     68   DISALLOW_COPY_AND_ASSIGN(BrokerClient);
     69 };
     70 
     71 }  // namespace syscall_broker
     72 
     73 }  // namespace sandbox
     74 
     75 #endif  //  SANDBOX_LINUX_SYSCALL_BROKER_BROKER_CLIENT_H_
     76