options.h

// Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Some portions Copyright (c) 2009 The Chromium Authors.
//
// Options abstract class for minijails.
#ifndef __CHROMEOS_MINIJAIL_OPTIONS_H
#define __CHROMEOS_MINIJAIL_OPTIONS_H

#include <base/basictypes.h>
#include <base/logging.h>
#include <base/memory/scoped_ptr.h>

#include "minijail/env.h"

namespace chromeos {
namespace minijail {

class Options {
 public:
  Options() : env_(new Env),
              executable_path_(NULL),
              argument_count_(0),
              arguments_(NULL),
              environment_(NULL),
              add_readonly_mounts_(false),
              caps_bitmask_(0),
              change_gid_(false),
              change_uid_(false),
              disable_tracing_(false),
              enforce_syscalls_benchmark_(false),
              enforce_syscalls_by_source_(false),
              gid_(0),
              namespace_vfs_(false),
              namespace_pid_(false),
              sanitize_environment_(false),
              uid_(0),
              use_capabilities_(false) { }

  virtual ~Options() { }

  // Takes ownership of an Env pointer
  virtual const Env *env() const { return env_.get(); }
  virtual void set_env(Env *env) { env_.reset(env); }

  //// Methods for configuring the binary to be run.

  // Sets the path to the executable when Run() is called in the jail.
  // Pointer ownership is not taken.
  virtual void set_executable_path(const char *exe) { executable_path_ = exe; }
  virtual const char *executable_path() const { return executable_path_; }
  // Sets an array of arguments to use for running the executable.
  // Pointer ownership is not taken.
  virtual void set_arguments(char * const *argv, int count)
    { arguments_ = argv; argument_count_ = count; }
  virtual char * const *arguments() const { return arguments_; }
  virtual int argument_count() const { return argument_count_; }
  // Sets the baseline environment for the executable.
  // Pointer ownership is not taken.
  virtual void set_environment(char * const *envp) { environment_ = envp; }
  virtual char * const *environment() const { return environment_; }

  //// Methods for configuring the jail.

  // Determines if a read-only /proc will be mounted.
  // This option requires namespace_vfs_ = true.
  // If enabled, this option forcibly enables namespace_vfs_.
  virtual void set_add_readonly_mounts(bool val) { add_readonly_mounts_ = val; }
  virtual bool add_readonly_mounts() const { return add_readonly_mounts_; }
  // Disables cross-process tracing and core dumps.  This may cause problems
  // when generating crash dumps.  Options around that are TBD.
  virtual void set_disable_tracing(bool val) { disable_tracing_ = val; }
  virtual bool disable_tracing() const { return disable_tracing_; }
  // Enable no-op syscall filtering for raw benchmarking.
  virtual void set_enforce_syscalls_benchmark(bool val)
    { enforce_syscalls_benchmark_ = val; }
  virtual bool enforce_syscalls_benchmark() const
    { return enforce_syscalls_benchmark_; }
  // Enable kernel enforcement that all system calls originate from
  // read-only memory areas.
  virtual void set_enforce_syscalls_by_source(bool val)
    { enforce_syscalls_by_source_ = val; }
  virtual bool enforce_syscalls_by_source() const
    { return enforce_syscalls_by_source_; }
  // The value passed with this is numeric GID to transition to.
  // Calling this implies a gid change will be attempted.
  // TODO(wad) All supplementary groups are dropped.
  virtual void set_gid(gid_t val) { gid_ = val; change_gid_ = true; }
  virtual gid_t gid() const { return gid_; }
  // Sets VFS namespacing.  This is needed to have a custom
  // filesystem view (read-only mounts, etc).
  virtual void set_namespace_vfs(bool val) { namespace_vfs_ = val; }
  virtual bool namespace_vfs() const { return namespace_vfs_; }
  // Enable PID namespacing.  This will result in the process being
  // executed to be PID 1 in their own process tree.  The process will
  // not have visibility into other running processes (except via
  // /proc if not remounted).
  // TODO(wad) add init-like functionality and start the first process as pid 2.
  virtual void set_namespace_pid(bool val) { namespace_pid_ = val; }
  virtual bool namespace_pid() const { return namespace_pid_; }
  // Enables environment variable scrubbing.
  virtual void set_sanitize_environment(bool val)
    { sanitize_environment_ = val; }
  virtual bool sanitize_environment() const
    { return sanitize_environment_; }
  // The value passed with this is the numeric UID to transition to.
  virtual void set_uid(uid_t val) { uid_ = val; change_uid_ = true; }
  virtual uid_t uid() const { return uid_; }
  // Enables the use and sanitization of POSIX capabilities.
  // Without kKeepCapabilities, all capabilities save CAP_SETPCAP are
  // removed from the effective, inherited, permitted and bounding sets.
  virtual void set_use_capabilities(bool val) { use_capabilities_ = val; }
  virtual bool use_capabilities() const { return use_capabilities_; }
  // The set of caps to use when use_capabilities is set.
  virtual void set_caps_bitmask(uint64 val) { caps_bitmask_ = val; }
  virtual uint64 caps_bitmask() const { return caps_bitmask_; }

#if 0
  TODO(wad): additional functionality:
  virtual void set_cgroup_dir(const string& val) { cgroup_dir_ = val; }
  virtual const string& cgroup_dir() const { return cgroup_dir_; }

  virtual void set_supplemental_groups(std::vector<std::string>& val)
    { supplemental_groups_ = val; }
  virtual const std::vector<std::string> *supplemental_groups() const
    { return supplemental_groups_; }

  virtual void set_use_delayed_chroot(bool val) { use_delayed_chroot_ = val; }
  virtual bool use_delayed_chroot() const { return use_delayed_chroot_; }

  virtual void set_memory_limit(int64 val) { memory_limit_ = val; }
  virtual int64 memory_limit() const { return memory_limit_; }

  virtual void set_cpu_limit(int64 val) { cpu_limit_ = val; }
  virtual int64 cpu_limit() const { return cpu_limit_; }

  virtual void set_open_file_limit(int32 val) { open_file_limit_ = val; }
  virtual int32 open_file_limit() const { return open_file_limit_; }

  TODO(wad) other rlimits

  virtual void set_chroot(const std::string val) { chroot_ = val; }
  virtual const std::string chroot() const { return chroot_; }

  virtual void set_install_device_shims(bool val)
    { install_device_shims_ = val; }
  virtual bool install_device_shims() const { return install_device_shims_; }
#endif

  //// Helper methods
  // Indicate if the uid was set.
  virtual bool change_uid() const { return change_uid_; }
  // Indicate if the gid was set.
  virtual bool change_gid() const { return change_uid_; }
  // Ensures that all inter-dependent options are properly set.
  virtual bool FixUpDependencies();


 private:
  scoped_ptr<Env> env_;
  const char *executable_path_;
  int argument_count_;
  char * const *arguments_;
  char * const *environment_;

  bool add_readonly_mounts_;
  uint64 caps_bitmask_;
  bool change_gid_;
  bool change_uid_;
  bool disable_tracing_;
  bool enforce_syscalls_benchmark_;
  bool enforce_syscalls_by_source_;
  gid_t gid_;
  bool namespace_vfs_;
  bool namespace_pid_;
  bool sanitize_environment_;
  uid_t uid_;
  bool use_capabilities_;

  DISALLOW_COPY_AND_ASSIGN(Options);
};

}  // namespace minijail
}  // namespace chromeos

#endif  // __CHROMEOS_MINIJAIL_OPTIONS_H