| // Copyright 2017 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef SANDBOX_MAC_SANDBOX_COMPILER_H_ |
| #define SANDBOX_MAC_SANDBOX_COMPILER_H_ |
| |
| #include <string> |
| |
| #include "sandbox/mac/seatbelt.h" |
| #include "sandbox/mac/seatbelt.pb.h" |
| #include "sandbox/mac/seatbelt_export.h" |
| |
| namespace sandbox { |
| |
| // This class wraps the C-style sandbox APIs in a class to ensure proper |
| // initialization and cleanup. |
| class SEATBELT_EXPORT SandboxCompiler { |
| public: |
| enum class Target { |
| // The result of compilation is a SandboxPolicy proto containing the policy |
| // string source and a map of key/value pairs. |
| kSource, |
| |
| // The result of compilation is a SandboxPolicy proto containing a sealed, |
| // compiled, binary sandbox policy that can be applied immediately. |
| kCompiled, |
| }; |
| |
| // Creates a compiler in the default mode, `Target::kSource`. |
| SandboxCompiler(); |
| |
| // Creates a compiler with the specified target mode. |
| explicit SandboxCompiler(Target mode); |
| |
| ~SandboxCompiler(); |
| SandboxCompiler(const SandboxCompiler& other) = delete; |
| SandboxCompiler& operator=(const SandboxCompiler& other) = delete; |
| |
| // Sets the policy source string, if not already specified in the constructor. |
| void SetProfile(const std::string& policy); |
| |
| // Inserts a boolean into the parameters key/value map. A duplicate key is not |
| // allowed, and will cause the function to return false. The value is not |
| // inserted in this case. |
| [[nodiscard]] bool SetBooleanParameter(const std::string& key, bool value); |
| |
| // Inserts a string into the parameters key/value map. A duplicate key is not |
| // allowed, and will cause the function to return false. The value is not |
| // inserted in this case. |
| [[nodiscard]] bool SetParameter(const std::string& key, |
| const std::string& value); |
| |
| // Compiles and applies the profile; returns true on success and false |
| // on failure with a message set in the `error` parameter. |
| bool CompileAndApplyProfile(std::string& error); |
| |
| // Compiles the policy into a sandbox policy proto. Returns true on success, |
| // with `policy` set, or returns false on error with a message in the `error` |
| // parameter. |
| bool CompilePolicyToProto(mac::SandboxPolicy& policy, std::string& error); |
| |
| private: |
| const Target mode_; |
| |
| mac::SourcePolicy policy_; |
| |
| Seatbelt::Parameters params_; |
| }; |
| |
| } // namespace sandbox |
| |
| #endif // SANDBOX_MAC_SANDBOX_COMPILER_H_ |