1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef LIBBRILLO_BRILLO_MINIJAIL_MINIJAIL_H_ 6 #define LIBBRILLO_BRILLO_MINIJAIL_MINIJAIL_H_ 7 8 #include <vector> 9 10 extern "C" { 11 #include <linux/capability.h> 12 #include <sys/types.h> 13 } 14 15 #include <base/lazy_instance.h> 16 17 #include <libminijail.h> 18 19 namespace brillo { 20 21 // A Minijail abstraction allowing Minijail mocking in tests. 22 class Minijail { 23 public: 24 virtual ~Minijail(); 25 26 // This is a singleton -- use Minijail::GetInstance()->Foo(). 27 static Minijail* GetInstance(); 28 29 // minijail_new 30 virtual struct minijail* New(); 31 // minijail_destroy 32 virtual void Destroy(struct minijail* jail); 33 34 // minijail_change_uid/minijail_change_gid 35 virtual void DropRoot(struct minijail* jail, uid_t uid, gid_t gid); 36 37 // minijail_change_user/minijail_change_group 38 virtual bool DropRoot(struct minijail* jail, 39 const char* user, 40 const char* group); 41 42 // minijail_namespace_pids 43 virtual void EnterNewPidNamespace(struct minijail* jail); 44 45 // minijail_mount_tmp 46 virtual void MountTmp(struct minijail* jail); 47 48 // minijail_use_seccomp_filter/minijail_no_new_privs/ 49 // minijail_parse_seccomp_filters 50 virtual void UseSeccompFilter(struct minijail* jail, const char* path); 51 52 // minijail_use_caps 53 virtual void UseCapabilities(struct minijail* jail, uint64_t capmask); 54 55 // minijail_reset_signal_mask 56 virtual void ResetSignalMask(struct minijail* jail); 57 58 // minijail_enter 59 virtual void Enter(struct minijail* jail); 60 61 // minijail_run_pid 62 virtual bool Run(struct minijail* jail, std::vector<char*> args, pid_t* pid); 63 64 // minijail_run_pid and waitpid 65 virtual bool RunSync(struct minijail* jail, 66 std::vector<char*> args, 67 int* status); 68 69 // minijail_run_pid_pipes, with |pstdout_fd| and |pstderr_fd| set to NULL. 70 virtual bool RunPipe(struct minijail* jail, 71 std::vector<char*> args, 72 pid_t* pid, 73 int* stdin); 74 75 // minijail_run_pid_pipes 76 virtual bool RunPipes(struct minijail* jail, 77 std::vector<char*> args, 78 pid_t* pid, 79 int* stdin, 80 int* stdout, 81 int* stderr); 82 83 // Run() and Destroy() 84 virtual bool RunAndDestroy(struct minijail* jail, 85 std::vector<char*> args, 86 pid_t* pid); 87 88 // RunSync() and Destroy() 89 virtual bool RunSyncAndDestroy(struct minijail* jail, 90 std::vector<char*> args, 91 int* status); 92 93 // RunPipe() and Destroy() 94 virtual bool RunPipeAndDestroy(struct minijail* jail, 95 std::vector<char*> args, 96 pid_t* pid, 97 int* stdin); 98 99 // RunPipes() and Destroy() 100 virtual bool RunPipesAndDestroy(struct minijail* jail, 101 std::vector<char*> args, 102 pid_t* pid, 103 int* stdin, 104 int* stdout, 105 int* stderr); 106 107 protected: 108 Minijail(); 109 110 private: 111 friend struct base::DefaultLazyInstanceTraits<Minijail>; 112 113 DISALLOW_COPY_AND_ASSIGN(Minijail); 114 }; 115 116 } // namespace brillo 117 118 #endif // LIBBRILLO_BRILLO_MINIJAIL_MINIJAIL_H_ 119