Blame - debugd/src/sandboxed_process.h - chromium.googlesource.com/chromiumos/platform2

blob: a4941ed284246a8f860a5c10cd632952b4cd4911 [file] [log] [blame]

Elly Fong-Jones	d9a16cd	2012-11-12 16:09:49 -0500	[diff] [blame]	1	// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
				2	// Use of this source code is governed by a BSD-style license that can be
				3	// found in the LICENSE file.
				4
Alex Vakulenko	262be3f	2014-07-30 15:25:50 -0700	[diff] [blame]	5	#ifndef DEBUGD_SRC_SANDBOXED_PROCESS_H_
				6	#define DEBUGD_SRC_SANDBOXED_PROCESS_H_
Ben Chan	a0011d8	2014-05-13 00:19:29 -0700	[diff] [blame]	7
				8	#include <string>
Elly Fong-Jones	d9a16cd	2012-11-12 16:09:49 -0500	[diff] [blame]	9
				10	#include <chromeos/process.h>
				11
				12	namespace debugd {
				13
				14	class SandboxedProcess : public chromeos::ProcessImpl {
				15	public:
				16	SandboxedProcess();
Ben Chan	78f8953	2014-08-29 09:35:09 -0700	[diff] [blame]	17	~SandboxedProcess() override = default;
Ben Chan	297c3c2	2013-07-17 17:34:12 -0700	[diff] [blame]	18
				19	// Get the full path of a helper executable located at the \|relative_path\|
				20	// relative to the debugd helpers directory. Return false if the full path
				21	// is too long.
				22	static bool GetHelperPath(const std::string& relative_path,
				23	std::string* full_path);
Elly Fong-Jones	d9a16cd	2012-11-12 16:09:49 -0500	[diff] [blame]	24
				25	virtual bool Init();
				26
Jorge Lucangeli Obes	c99a12a	2014-09-17 16:43:40 -0700	[diff] [blame^]	27	// Disable the default sandboxing for this process.
Elly Fong-Jones	d9a16cd	2012-11-12 16:09:49 -0500	[diff] [blame]	28	virtual void DisableSandbox();
				29
Jorge Lucangeli Obes	c99a12a	2014-09-17 16:43:40 -0700	[diff] [blame^]	30	// Change the default sandboxing for this process.
Elly Fong-Jones	d9a16cd	2012-11-12 16:09:49 -0500	[diff] [blame]	31	virtual void SandboxAs(const std::string& user, const std::string& group);
				32
Jorge Lucangeli Obes	c99a12a	2014-09-17 16:43:40 -0700	[diff] [blame^]	33	// Allow this process to access the root mount namespace.
				34	virtual void AllowAccessRootMountNamespace();
				35
Elly Fong-Jones	215b562	2013-03-20 14:32:18 -0400	[diff] [blame]	36	static const char *kDefaultUser;
				37	static const char *kDefaultGroup;
				38
Elly Fong-Jones	d9a16cd	2012-11-12 16:09:49 -0500	[diff] [blame]	39	private:
				40	bool sandboxing_;
Jorge Lucangeli Obes	c99a12a	2014-09-17 16:43:40 -0700	[diff] [blame^]	41	bool access_root_mount_ns_;
Elly Fong-Jones	d9a16cd	2012-11-12 16:09:49 -0500	[diff] [blame]	42	std::string user_;
				43	std::string group_;
				44	};
				45
Ben Chan	a0011d8	2014-05-13 00:19:29 -0700	[diff] [blame]	46	} // namespace debugd
Elly Fong-Jones	d9a16cd	2012-11-12 16:09:49 -0500	[diff] [blame]	47
Alex Vakulenko	262be3f	2014-07-30 15:25:50 -0700	[diff] [blame]	48	#endif // DEBUGD_SRC_SANDBOXED_PROCESS_H_