// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_ #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_ #include <bitset> #include <cstdint> #include <string> #include "sandbox/sandbox_export.h" namespace sandbox { namespace syscall_broker { // Recursive: allow everything under |path| (must be a dir). enum class RecursionOption { … }; // Temporary: file will be unlink'd after opening. enum class PersistenceOption { … }; enum class ReadPermission { … }; enum class WritePermission { … }; enum class CreatePermission { … }; // Allow stat() for the path and all intermediate dirs. enum class StatWithIntermediatesPermission { … }; enum class InotifyAddWatchWithIntermediatesPermission { … }; // BrokerFilePermission defines a path for allowlisting. // Pick the correct static factory method to create a permission. // CheckOpen and CheckAccess are async signal safe. // Construction and Destruction are not async signal safe. // |path| is the path to be allowlisted. class SANDBOX_EXPORT BrokerFilePermission { … }; } // namespace syscall_broker } // namespace sandbox #endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_FILE_PERMISSION_H_
Codebase Browser
chromium