1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <unistd.h>
#include "sandbox/linux/syscall_broker/broker_command.h"
#include "sandbox/linux/syscall_broker/broker_permission_list.h"
namespace sandbox {
namespace syscall_broker {
bool CommandAccessIsSafe(const BrokerCommandSet& command_set,
const BrokerPermissionList& policy,
const char* requested_filename,
int requested_mode,
const char** filename_to_use) {
return command_set.test(COMMAND_ACCESS) &&
policy.GetFileNameIfAllowedToAccess(requested_filename, requested_mode,
filename_to_use);
}
bool CommandMkdirIsSafe(const BrokerCommandSet& command_set,
const BrokerPermissionList& policy,
const char* requested_filename,
const char** filename_to_use) {
return command_set.test(COMMAND_MKDIR) &&
policy.GetFileNameIfAllowedToOpen(requested_filename,
O_RDWR | O_CREAT | O_EXCL,
filename_to_use, nullptr);
}
bool CommandOpenIsSafe(const BrokerCommandSet& command_set,
const BrokerPermissionList& policy,
const char* requested_filename,
int requested_flags,
const char** filename_to_use,
bool* unlink_after_open) {
return command_set.test(COMMAND_OPEN) &&
policy.GetFileNameIfAllowedToOpen(
requested_filename,
requested_flags & ~kCurrentProcessOpenFlagsMask, filename_to_use,
unlink_after_open);
}
bool CommandReadlinkIsSafe(const BrokerCommandSet& command_set,
const BrokerPermissionList& policy,
const char* requested_filename,
const char** filename_to_use) {
return command_set.test(COMMAND_READLINK) &&
policy.GetFileNameIfAllowedToOpen(requested_filename, O_RDONLY,
filename_to_use, nullptr);
}
bool CommandRenameIsSafe(const BrokerCommandSet& command_set,
const BrokerPermissionList& policy,
const char* old_filename,
const char* new_filename,
const char** old_filename_to_use,
const char** new_filename_to_use) {
return command_set.test(COMMAND_RENAME) &&
policy.GetFileNameIfAllowedToOpen(old_filename,
O_RDWR | O_CREAT | O_EXCL,
old_filename_to_use, nullptr) &&
policy.GetFileNameIfAllowedToOpen(new_filename,
O_RDWR | O_CREAT | O_EXCL,
new_filename_to_use, nullptr);
}
bool CommandRmdirIsSafe(const BrokerCommandSet& command_set,
const BrokerPermissionList& policy,
const char* requested_filename,
const char** filename_to_use) {
return command_set.test(COMMAND_RMDIR) &&
policy.GetFileNameIfAllowedToOpen(requested_filename,
O_RDWR | O_CREAT | O_EXCL,
filename_to_use, nullptr);
}
bool CommandStatIsSafe(const BrokerCommandSet& command_set,
const BrokerPermissionList& policy,
const char* requested_filename,
const char** filename_to_use) {
return command_set.test(COMMAND_STAT) &&
policy.GetFileNameIfAllowedToStat(requested_filename, filename_to_use);
}
bool CommandUnlinkIsSafe(const BrokerCommandSet& command_set,
const BrokerPermissionList& policy,
const char* requested_filename,
const char** filename_to_use) {
return command_set.test(COMMAND_UNLINK) &&
policy.GetFileNameIfAllowedToOpen(requested_filename,
O_RDWR | O_CREAT | O_EXCL,
filename_to_use, nullptr);
}
} // namespace syscall_broker
} // namespace sandbox
|
