// Copyright (c) 2012 The Chromium OS Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef LIBBRILLO_BRILLO_PROCESS_H_ #define LIBBRILLO_BRILLO_PROCESS_H_ #include #include #include #include #include #include #include #include #include #include #include namespace brillo { // Manages a process. Can create the process, attach to an existing // process by pid or pid file, and kill the process. Upon destruction // any managed process is killed with SIGKILL. Use Release() to // release the process from management. A given system process may // only be managed by one Process at a time. class BRILLO_EXPORT Process { public: Process(); virtual ~Process(); // Adds |arg| to the executable command-line to be run. The // executable name itself is the first argument. virtual void AddArg(const std::string& arg) = 0; // Adds |option| and |value| as an option with a string value to the // command line to be run. inline void AddStringOption(const std::string& option, const std::string& value) { AddArg(option); AddArg(value); } // Adds |option| and |value| as an option which takes an integer // value to the command line to be run. inline void AddIntOption(const std::string& option, int value) { AddArg(option); AddArg(base::StringPrintf("%d", value)); } // Redirects to read stdin from |input_file|. |input_file| must not be // a symlink. virtual void RedirectInput(const std::string& input_file) = 0; // Redirects stderr and stdout to |output_file|. |output_file| must not be // a symlink. virtual void RedirectOutput(const std::string& output_file) = 0; // Indicates we want to redirect |child_fd| in the child process's // file table to a pipe. |child_fd| will be available for reading // from child process's perspective iff |is_input|. virtual void RedirectUsingPipe(int child_fd, bool is_input) = 0; // Binds the given file descriptor in the parent to the given file // descriptor in the child. virtual void BindFd(int parent_fd, int child_fd) = 0; // Set a flag |close_unused_fds| to indicate if the child process // should close all unused file descriptors inherited from the // parent process. This will not close the file descriptors for // the standard streams (stdin, stdout, and stderr). virtual void SetCloseUnusedFileDescriptors(bool close_unused_fds) = 0; // Set the real/effective/saved user ID of the child process. virtual void SetUid(uid_t uid) = 0; // Set the real/effective/saved group ID of the child process. virtual void SetGid(gid_t gid) = 0; // Set the capabilities assigned to the child process. // NOTE: |capmask| is indeed a mask and should be passed in as the result of // the CAP_TO_MASK(capability) macro, e.g. // my_process.SetCapabilities(CAP_TO_MASK(CAP_SETUID) | // CAP_TO_MASK(CAP_SETGID)); // NOTE: supporting this sandboxing feature is optional (provide no-op // implementation if your Process implementation does not support this). virtual void SetCapabilities(uint64_t capmask) = 0; // Apply a syscall filter to the process using the policy file at |path|. // NOTE: supporting this sandboxing feature is optional (provide no-op // implementation if your Process implementation does not support this). virtual void ApplySyscallFilter(const std::string& path) = 0; // Enter new PID namespace when this process is run. // NOTE: supporting this sandboxing feature is optional (provide no-op // implementation if your Process implementation does not support this). virtual void EnterNewPidNamespace() = 0; // Set a flag |inherit| to indicate if the child process intend to // inherit signal mask from the parent process. When |inherit| is // set to true, the child process will inherit signal mask from the // parent process. This could cause unintended side effect, where all // the signals to the child process might be blocked if they are set // in the parent's signal mask. virtual void SetInheritParentSignalMask(bool inherit) = 0; typedef base::Callback PreExecCallback; // Set the pre-exec callback. This is called after all setup is complete but // before we exec() the process. The callback may return false to cause Start // to return false without starting the process. virtual void SetPreExecCallback(const PreExecCallback& cb) = 0; // Sets whether starting the process should search the system path or not. // By default the system path will not be searched. virtual void SetSearchPath(bool search_path) = 0; // Gets the pipe file descriptor mapped to the process's |child_fd|. virtual int GetPipe(int child_fd) = 0; // Starts this process, returning true if successful. virtual bool Start() = 0; // Waits for this process to finish. Returns the process's exit // status if it exited normally, or otherwise returns -1. Note // that kErrorExitStatus may be returned if an error occurred // after forking and before execing the child process. virtual int Wait() = 0; // Start and wait for this process to finish. Returns same value as // Wait(). virtual int Run() = 0; // Returns the pid of this process or else returns 0 if there is no // corresponding process (either because it has not yet been started // or has since exited). virtual pid_t pid() = 0; // Sends |signal| to process and wait |timeout| seconds until it // dies. If process is not a child, returns immediately with a // value based on whether kill was successful. If the process is a // child and |timeout| is non-zero, returns true if the process is // able to be reaped within the given |timeout| in seconds. virtual bool Kill(int signal, int timeout) = 0; // Resets this Process object to refer to the process with |pid|. // If |pid| is zero, this object no longer refers to a process. virtual void Reset(pid_t new_pid) = 0; // Same as Reset but reads the pid from |pid_file|. Returns false // only when the file cannot be read/parsed. virtual bool ResetPidByFile(const std::string& pid_file) = 0; // Releases the process so that on destruction, the process is not killed. virtual pid_t Release() = 0; // Returns if |pid| is a currently running process. static bool ProcessExists(pid_t pid); // When returned from Wait or Run, indicates an error may have occurred // creating the process. enum { kErrorExitStatus = 127 }; }; class BRILLO_EXPORT ProcessImpl : public Process { public: ProcessImpl(); virtual ~ProcessImpl(); virtual void AddArg(const std::string& arg); virtual void RedirectInput(const std::string& input_file); virtual void RedirectOutput(const std::string& output_file); virtual void RedirectUsingPipe(int child_fd, bool is_input); virtual void BindFd(int parent_fd, int child_fd); virtual void SetCloseUnusedFileDescriptors(bool close_unused_fds); virtual void SetUid(uid_t uid); virtual void SetGid(gid_t gid); virtual void SetCapabilities(uint64_t capmask); virtual void ApplySyscallFilter(const std::string& path); virtual void EnterNewPidNamespace(); virtual void SetInheritParentSignalMask(bool inherit); virtual void SetPreExecCallback(const PreExecCallback& cb); virtual void SetSearchPath(bool search_path); virtual int GetPipe(int child_fd); virtual bool Start(); virtual int Wait(); virtual int Run(); virtual pid_t pid(); virtual bool Kill(int signal, int timeout); virtual void Reset(pid_t pid); virtual bool ResetPidByFile(const std::string& pid_file); virtual pid_t Release(); protected: struct PipeInfo { PipeInfo() : parent_fd_(-1), child_fd_(-1), is_input_(false) {} // Parent (our) side of the pipe to the child process. int parent_fd_; // Child's side of the pipe to the parent. int child_fd_; // Is this an input or output pipe from child's perspective. bool is_input_; // Is this a bound (pre-existing) file descriptor? bool is_bound_ = false; }; typedef std::map PipeMap; void UpdatePid(pid_t new_pid); bool PopulatePipeMap(); private: FRIEND_TEST(ProcessTest, ResetPidByFile); bool IsFileDescriptorInPipeMap(int fd) const; void CloseUnusedFileDescriptors(); void ExecChildProcess(char**); // Pid of currently managed process or 0 if no currently managed // process. pid must not be modified except by calling // UpdatePid(new_pid). pid_t pid_; std::string input_file_; std::string output_file_; std::vector arguments_; // Map of child target file descriptors (first) to information about // pipes created (second). PipeMap pipe_map_; uid_t uid_; gid_t gid_; PreExecCallback pre_exec_; bool search_path_; // Flag indicating to inherit signal mask from the parent process. It // is set to false by default, which means by default the child process // will not inherit signal mask from the parent process. bool inherit_parent_signal_mask_; // Flag indicating to close unused file descriptors inherited from the // parent process when starting the child process, which avoids leaking // unnecessary file descriptors to the child process. bool close_unused_file_descriptors_; // Whether to create this process in a new PID namespace. bool enter_new_pid_namespace_ = false; }; } // namespace brillo #endif // LIBBRILLO_BRILLO_PROCESS_H_