• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef SANDBOX_MAC_POLICY_H_
6 #define SANDBOX_MAC_POLICY_H_
7 
8 #include <mach/mach.h>
9 
10 #include <map>
11 #include <string>
12 
13 #include "sandbox/sandbox_export.h"
14 
15 namespace sandbox {
16 
17 enum PolicyDecision {
18   POLICY_DECISION_INVALID,
19   // Explicitly allows the real service to be looked up from launchd.
20   POLICY_ALLOW,
21   // Deny the look up request by replying with a MIG error. This is the
22   // default behavior for servers not given an explicit rule.
23   POLICY_DENY_ERROR,
24   // Deny the look up request with a well-formed reply containing a
25   // Mach port with a send right, messages to which will be ignored.
26   POLICY_DENY_DUMMY_PORT,
27   // Reply to the look up request with a send right to the substitute_port
28   // specified in the Rule.
29   POLICY_SUBSTITUTE_PORT,
30   POLICY_DECISION_LAST,
31 };
32 
33 // A Rule expresses the action to take when a service port is requested via
34 // bootstrap_look_up. If |result| is not POLICY_SUBSTITUTE_PORT, then
35 // |substitute_port| must be NULL. If result is POLICY_SUBSTITUTE_PORT, then
36 // |substitute_port| must not be NULL.
37 struct SANDBOX_EXPORT Rule {
38   Rule();
39   explicit Rule(PolicyDecision result);
40   explicit Rule(mach_port_t override_port);
41 
42   PolicyDecision result;
43 
44   // The Rule does not take ownership of this port, but additional send rights
45   // will be allocated to it before it is sent to a client. This name must
46   // denote a send right that can duplicated with MACH_MSG_TYPE_COPY_SEND.
47   mach_port_t substitute_port;
48 };
49 
50 // A policy object manages the rules enforced on a target sandboxed process.
51 struct SANDBOX_EXPORT BootstrapSandboxPolicy {
52   typedef std::map<std::string, Rule> NamedRules;
53 
54   BootstrapSandboxPolicy();
55   ~BootstrapSandboxPolicy();
56 
57   // The default action to take if the server name being looked up is not
58   // present in |rules|.
59   Rule default_rule;
60 
61   // A map of bootstrap server names to policy Rules.
62   NamedRules rules;
63 };
64 
65 // Checks that a policy is well-formed.
66 SANDBOX_EXPORT bool IsPolicyValid(const BootstrapSandboxPolicy& policy);
67 
68 }  // namespace sandbox
69 
70 #endif  // SANDBOX_MAC_POLICY_H_
71