sandbox/linux/syscall_broker/broker_file_permission.h - mojo-tools - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_
 #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_

 #include <string>

 #include "base/macros.h"
 #include "sandbox/sandbox_export.h"

 namespace sandbox {

 namespace syscall_broker {

 // BrokerFilePermission defines a path for whitelisting.
 // Pick the correct static factory method to create a permission.
 // CheckOpen and CheckAccess are async signal safe.
 // Constuction and Destruction are not async signal safe.
 // |path| is the path to be whitelisted.
 class SANDBOX_EXPORT BrokerFilePermission {
  public:
   ~BrokerFilePermission() {}
   BrokerFilePermission(const BrokerFilePermission&) = default;
   BrokerFilePermission& operator=(const BrokerFilePermission&) = default;

   static BrokerFilePermission ReadOnly(const std::string& path) {
     return BrokerFilePermission(path, false, false, true, false, false);
   }

   static BrokerFilePermission ReadOnlyRecursive(const std::string& path) {
     return BrokerFilePermission(path, true, false, true, false, false);
   }

   static BrokerFilePermission WriteOnly(const std::string& path) {
     return BrokerFilePermission(path, false, false, false, true, false);
   }

   static BrokerFilePermission ReadWrite(const std::string& path) {
     return BrokerFilePermission(path, false, false, true, true, false);
   }

   static BrokerFilePermission ReadWriteCreate(const std::string& path) {
     return BrokerFilePermission(path, false, false, true, true, true);
   }

   static BrokerFilePermission ReadWriteCreateUnlink(const std::string& path) {
     return BrokerFilePermission(path, false, true, true, true, true);
   }

   static BrokerFilePermission ReadWriteCreateUnlinkRecursive(
       const std::string& path) {
     return BrokerFilePermission(path, true, true, true, true, true);
   }

   // Returns true if |requested_filename| is allowed to be opened
   // by this permission.
   // If |file_to_open| is not NULL it is set to point to either
   // the |requested_filename| in the case of a recursive match,
   // or a pointer the matched path in the whitelist if an absolute
   // match.
   // If not NULL |unlink_after_open| is set to point to true if the
   // caller should unlink the path after openning.
   // Async signal safe if |file_to_open| is NULL.
   bool CheckOpen(const char* requested_filename,
                  int flags,
                  const char** file_to_open,
                  bool* unlink_after_open) const;
   // Returns true if |requested_filename| is allowed to be accessed
   // by this permission as per access(2).
   // If |file_to_open| is not NULL it is set to point to either
   // the |requested_filename| in the case of a recursive match,
   // or a pointer to the matched path in the whitelist if an absolute
   // match.
   // |mode| is per mode argument of access(2).
   // Async signal safe if |file_to_access| is NULL
   bool CheckAccess(const char* requested_filename,
                    int mode,
                    const char** file_to_access) const;

  private:
   friend class BrokerFilePermissionTester;
   BrokerFilePermission(const std::string& path,
                        bool recursive,
                        bool unlink,
                        bool allow_read,
                        bool allow_write,
                        bool allow_create);

   // ValidatePath checks |path| and returns true if these conditions are met
   // * Greater than 0 length
   // * Is an absolute path
   // * No trailing slash
   // * No /../ path traversal
   static bool ValidatePath(const char* path);

   // MatchPath returns true if |requested_filename| is covered by this instance
   bool MatchPath(const char* requested_filename) const;

   // Used in by BrokerFilePermissionTester for tests.
   static const char* GetErrorMessageForTests();

   // These are not const as std::vector requires copy-assignment and this class
   // is stored in vectors. All methods are marked const so
   // the compiler will still enforce no changes outside of the constructor.
   std::string path_;
   bool recursive_;  // Allow everything under this path. |path| must be a dir.
   bool unlink_;     // unlink after opening.
   bool allow_read_;
   bool allow_write_;
   bool allow_create_;
 };

 }  // namespace syscall_broker

 }  // namespace sandbox

 #endif  //  SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_
	#define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_

	#include <string>

	#include "base/macros.h"
	#include "sandbox/sandbox_export.h"

	namespace sandbox {

	namespace syscall_broker {

	// BrokerFilePermission defines a path for whitelisting.
	// Pick the correct static factory method to create a permission.
	// CheckOpen and CheckAccess are async signal safe.
	// Constuction and Destruction are not async signal safe.
	// \|path\| is the path to be whitelisted.
	class SANDBOX_EXPORT BrokerFilePermission {
	public:
	~BrokerFilePermission() {}
	BrokerFilePermission(const BrokerFilePermission&) = default;
	BrokerFilePermission& operator=(const BrokerFilePermission&) = default;

	static BrokerFilePermission ReadOnly(const std::string& path) {
	return BrokerFilePermission(path, false, false, true, false, false);
	}

	static BrokerFilePermission ReadOnlyRecursive(const std::string& path) {
	return BrokerFilePermission(path, true, false, true, false, false);
	}

	static BrokerFilePermission WriteOnly(const std::string& path) {
	return BrokerFilePermission(path, false, false, false, true, false);
	}

	static BrokerFilePermission ReadWrite(const std::string& path) {
	return BrokerFilePermission(path, false, false, true, true, false);
	}

	static BrokerFilePermission ReadWriteCreate(const std::string& path) {
	return BrokerFilePermission(path, false, false, true, true, true);
	}

	static BrokerFilePermission ReadWriteCreateUnlink(const std::string& path) {
	return BrokerFilePermission(path, false, true, true, true, true);
	}

	static BrokerFilePermission ReadWriteCreateUnlinkRecursive(
	const std::string& path) {
	return BrokerFilePermission(path, true, true, true, true, true);
	}

	// Returns true if \|requested_filename\| is allowed to be opened
	// by this permission.
	// If \|file_to_open\| is not NULL it is set to point to either
	// the \|requested_filename\| in the case of a recursive match,
	// or a pointer the matched path in the whitelist if an absolute
	// match.
	// If not NULL \|unlink_after_open\| is set to point to true if the
	// caller should unlink the path after openning.
	// Async signal safe if \|file_to_open\| is NULL.
	bool CheckOpen(const char* requested_filename,
	int flags,
	const char** file_to_open,
	bool* unlink_after_open) const;
	// Returns true if \|requested_filename\| is allowed to be accessed
	// by this permission as per access(2).
	// If \|file_to_open\| is not NULL it is set to point to either
	// the \|requested_filename\| in the case of a recursive match,
	// or a pointer to the matched path in the whitelist if an absolute
	// match.
	// \|mode\| is per mode argument of access(2).
	// Async signal safe if \|file_to_access\| is NULL
	bool CheckAccess(const char* requested_filename,
	int mode,
	const char** file_to_access) const;

	private:
	friend class BrokerFilePermissionTester;
	BrokerFilePermission(const std::string& path,
	bool recursive,
	bool unlink,
	bool allow_read,
	bool allow_write,
	bool allow_create);

	// ValidatePath checks \|path\| and returns true if these conditions are met
	// * Greater than 0 length
	// * Is an absolute path
	// * No trailing slash
	// * No /../ path traversal
	static bool ValidatePath(const char* path);

	// MatchPath returns true if \|requested_filename\| is covered by this instance
	bool MatchPath(const char* requested_filename) const;

	// Used in by BrokerFilePermissionTester for tests.
	static const char* GetErrorMessageForTests();

	// These are not const as std::vector requires copy-assignment and this class
	// is stored in vectors. All methods are marked const so
	// the compiler will still enforce no changes outside of the constructor.
	std::string path_;
	bool recursive_; // Allow everything under this path. \|path\| must be a dir.
	bool unlink_; // unlink after opening.
	bool allow_read_;
	bool allow_write_;
	bool allow_create_;
	};

	} // namespace syscall_broker

	} // namespace sandbox

	#endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_