blob: ba7eca140e94bd65569df70d87159fd22b62fbd5 [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SANDBOX_MAC_SEATBELT_EXTENSION_H_
#define SANDBOX_MAC_SEATBELT_EXTENSION_H_
#include "base/macros.h"
#include "sandbox/mac/seatbelt_export.h"
#include <stddef.h>
#include <memory>
#include <string>
namespace sandbox {
class SeatbeltExtensionToken;
// A SeatbeltExtension allows one process with access to resources to provide
// fine-grained extensions/allowances to another process' sandbox policy at
// run time. An extension can be issued by the privileged process, generating
// a token that can be sent over IPC. The receiving process can then consume
// this token to be given access to the extension resource.
class SEATBELT_EXPORT SeatbeltExtension {
public:
enum Type {
// Requires (allow file-read* (extension "com.apple.app-sandbox.read")).
FILE_READ,
// TODO(rsesek): Potentially support FILE_READ_WRITE, MACH and GENERIC
// extension types.
};
// Before an extension is destroyed, it must be consumed or explicitly
// revoked.
~SeatbeltExtension();
// Issues a sandbox extension of the specified |type|, to grant access to
// the |resource| of that class. This returns the resulting token that can
// be used to construct an extension object for consumption, or null if
// issuing the token failed.
static std::unique_ptr<SeatbeltExtensionToken> Issue(
Type type,
const std::string& resource);
// Constructs a sandbox extension from a token object. The token can then
// be consumed or revoked.
static std::unique_ptr<SeatbeltExtension> FromToken(
SeatbeltExtensionToken token);
// Consumes the sandbox extension, giving the calling process access to the
// resource for which the extension was issued. Returns true if the
// extension was consumed and the resource access is now permitted, and
// false on error with the resource still denied. The extension must be
// revoked by the calling process before being destructed.
bool Consume();
// Like Consume(), but makes it so that the extension cannot be revoked.
bool ConsumePermanently();
// Revokes access to the extension and the resource for which it was issued.
// Returns true if the extension was revoked and false if not.
//
// A consuming process can revoke an extension at any time. Once an
// extension is revoked, it can be re-acquired by creating a new extension
// object from the token object.
bool Revoke();
private:
explicit SeatbeltExtension(const std::string& token);
// Creates the token for the sandbox extension type and resource.
static char* IssueToken(Type type, const std::string& resource);
// The extension token, empty if the extension has been consumed permanetly
// or revoked.
std::string token_;
// An opaque reference to a consumed extension, 0 if revoked or not consumed.
int64_t handle_;
DISALLOW_COPY_AND_ASSIGN(SeatbeltExtension);
};
} // namespace sandbox
#endif // SANDBOX_MAC_SEATBELT_EXTENSION_H_