broker_file_permission.cc | Explore in Territory

// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include "sandbox/linux/syscall_broker/broker_file_permission.h"

#include <fcntl.h>
#include <stddef.h>
#include <string.h>
#include <sys/inotify.h>
#include <unistd.h>

#include <ostream>
#include <string>

#include "base/check.h"
#include "base/strings/string_util.h"
#include "sandbox/linux/syscall_broker/broker_command.h"

namespace sandbox {
namespace syscall_broker {

BrokerFilePermission::BrokerFilePermission(BrokerFilePermission&&) = default;
BrokerFilePermission& BrokerFilePermission::operator=(BrokerFilePermission&&) =
    default;
BrokerFilePermission::BrokerFilePermission(const BrokerFilePermission&) =
    default;
BrokerFilePermission& BrokerFilePermission::operator=(
    const BrokerFilePermission&) = default;

BrokerFilePermission::~BrokerFilePermission() = default;

namespace {
bool ContainsParentReference(const char* path, size_t len) { … }
}  // namespace

bool BrokerFilePermission::ValidatePath(const char* path) { … }

// Async signal safe
// Calls std::string::c_str(), strncmp and strlen. All these
// methods are async signal safe in common standard libs.
// TODO(leecam): remove dependency on std::string
bool BrokerFilePermission::MatchPath(const char* requested_filename) const { … }

const char* BrokerFilePermission::CheckAccess(const char* requested_filename,
                                              int mode) const { … }

const char* BrokerFilePermission::CheckAccessInternal(
    const char* requested_filename,
    int mode) const { … }

std::pair<const char*, bool> BrokerFilePermission::CheckOpen(
    const char* requested_filename,
    int flags) const { … }

const char* BrokerFilePermission::CheckStatWithIntermediates(
    const char* requested_filename) const { … }

const char* BrokerFilePermission::CheckInotifyAddWatchWithIntermediates(
    const char* requested_filename,
    uint32_t mask) const { … }

bool BrokerFilePermission::CheckIntermediates(const char* requested_filename,
                                              bool can_match_full_path) const { … }

const char* BrokerFilePermission::GetErrorMessageForTests() { … }

void BrokerFilePermission::DieOnInvalidPermission() { … }

BrokerFilePermission::BrokerFilePermission(std::string path, uint64_t flags)
    : … { … }

BrokerFilePermission::BrokerFilePermission(
    std::string path,
    RecursionOption recurse_opt,
    PersistenceOption persist_opt,
    ReadPermission read_perm,
    WritePermission write_perm,
    CreatePermission create_perm,
    StatWithIntermediatesPermission stat_perm,
    InotifyAddWatchWithIntermediatesPermission inotify_perm)
    : … { … }

}  // namespace syscall_broker
}  // namespace sandbox
chromium/sandbox/linux/syscall_broker/broker_file_permission.cc
