| Elly Fong-Jones | d9a16cd | 2012-11-12 16:09:49 -0500 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "sandboxed_process.h" |
| 6 | |
| 7 | namespace debugd { |
| 8 | |
| 9 | SandboxedProcess::SandboxedProcess() |
| 10 | : sandboxing_(true), user_("debugd"), group_("debugd") { } |
| 11 | SandboxedProcess::~SandboxedProcess() { } |
| 12 | |
| 13 | bool SandboxedProcess::Init() { |
| 14 | const char *kMiniJail = "/sbin/minijail0"; |
| 15 | if (sandboxing_) { |
| 16 | if (user_.empty() || group_.empty()) |
| 17 | return false; |
| 18 | AddArg(kMiniJail); |
| Elly Fong-Jones | e56a8f6 | 2013-01-23 15:50:21 -0500 | [diff] [blame^] | 19 | if (user_ != "root") { |
| 20 | AddArg("-u"); |
| 21 | AddArg(user_); |
| 22 | } |
| 23 | if (group_ != "root") { |
| 24 | AddArg("-g"); |
| 25 | AddArg(group_); |
| 26 | } |
| Elly Fong-Jones | ec8d762 | 2013-01-22 11:35:22 -0500 | [diff] [blame] | 27 | AddArg("--"); |
| Elly Fong-Jones | d9a16cd | 2012-11-12 16:09:49 -0500 | [diff] [blame] | 28 | } |
| 29 | return true; |
| 30 | } |
| 31 | |
| 32 | void SandboxedProcess::DisableSandbox() { |
| 33 | sandboxing_ = false; |
| 34 | } |
| 35 | |
| 36 | void SandboxedProcess::SandboxAs(const std::string& user, |
| 37 | const std::string& group) { |
| 38 | sandboxing_ = true; |
| 39 | user_ = user; |
| 40 | group_ = group; |
| 41 | } |
| 42 | |
| 43 | }; // namespace debugd |