sandboxed-process.cc - chromiumos/platform/cros-disks - Git at Google

 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "cros-disks/sandboxed-process.h"

 #include <base/logging.h>
 #include <base/memory/scoped_ptr.h>
 #include <chromeos/libminijail.h>

 using std::string;
 using std::vector;

 namespace cros_disks {

 SandboxedProcess::SandboxedProcess()
     : jail_(minijail_new()) {
   CHECK(jail_) << "Failed to create a process jail";
 }

 SandboxedProcess::~SandboxedProcess() {
   minijail_destroy(jail_);
 }

 void SandboxedProcess::AddArgument(const std::string& argument) {
   arguments_.push_back(argument);
 }

 void SandboxedProcess::LoadSeccompFilterPolicy(const string& policy_file) {
   minijail_parse_seccomp_filters(jail_, policy_file.c_str());
   minijail_use_seccomp_filter(jail_);
 }

 void SandboxedProcess::SetCapabilities(uint64_t capabilities) {
   minijail_use_caps(jail_, capabilities);
 }

 void SandboxedProcess::SetGroupId(gid_t group_id) {
   minijail_change_gid(jail_, group_id);
 }

 void SandboxedProcess::SetUserId(uid_t user_id) {
   minijail_change_uid(jail_, user_id);
 }

 bool SandboxedProcess::Start() {
   BuildArgumentsArray();
   return minijail_run(jail_, arguments_array_[0], arguments_array_.get()) == 0;
 }

 int SandboxedProcess::Wait() {
   return minijail_wait(jail_);
 }

 int SandboxedProcess::Run() {
   if (Start()) {
     return Wait();
   }
   return -1;
 }

 void SandboxedProcess::BuildArgumentsArray() {
   // The following code to create a writable copy of argument strings
   // is based on chromeos/process.cc
   size_t num_arguments = arguments_.size();
   size_t arguments_buffer_size = 0;
   for (size_t i = 0; i < num_arguments; ++i) {
     arguments_buffer_size += arguments_[i].size() + 1;
   }

   arguments_buffer_.reset(new(std::nothrow) char[arguments_buffer_size]);
   CHECK(arguments_buffer_.get()) << "Failed to allocate arguments buffer";

   arguments_array_.reset(new(std::nothrow) char*[num_arguments + 1]);
   CHECK(arguments_array_.get()) << "Failed to allocate arguments array";

   char* buffer_pointer = arguments_buffer_.get();
   for (size_t i = 0; i < num_arguments; ++i) {
     arguments_array_[i] = buffer_pointer;
     size_t argument_size = arguments_[i].size();
     arguments_[i].copy(buffer_pointer, argument_size);
     buffer_pointer[argument_size] = '\0';
     buffer_pointer += argument_size + 1;
   }
   arguments_array_[num_arguments] = NULL;
 }

 }  // namespace cros_disks
	// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "cros-disks/sandboxed-process.h"

	#include <base/logging.h>
	#include <base/memory/scoped_ptr.h>
	#include <chromeos/libminijail.h>

	using std::string;
	using std::vector;

	namespace cros_disks {

	SandboxedProcess::SandboxedProcess()
	: jail_(minijail_new()) {
	CHECK(jail_) << "Failed to create a process jail";
	}

	SandboxedProcess::~SandboxedProcess() {
	minijail_destroy(jail_);
	}

	void SandboxedProcess::AddArgument(const std::string& argument) {
	arguments_.push_back(argument);
	}

	void SandboxedProcess::LoadSeccompFilterPolicy(const string& policy_file) {
	minijail_parse_seccomp_filters(jail_, policy_file.c_str());
	minijail_use_seccomp_filter(jail_);
	}

	void SandboxedProcess::SetCapabilities(uint64_t capabilities) {
	minijail_use_caps(jail_, capabilities);
	}

	void SandboxedProcess::SetGroupId(gid_t group_id) {
	minijail_change_gid(jail_, group_id);
	}

	void SandboxedProcess::SetUserId(uid_t user_id) {
	minijail_change_uid(jail_, user_id);
	}

	bool SandboxedProcess::Start() {
	BuildArgumentsArray();
	return minijail_run(jail_, arguments_array_[0], arguments_array_.get()) == 0;
	}

	int SandboxedProcess::Wait() {
	return minijail_wait(jail_);
	}

	int SandboxedProcess::Run() {
	if (Start()) {
	return Wait();
	}
	return -1;
	}

	void SandboxedProcess::BuildArgumentsArray() {
	// The following code to create a writable copy of argument strings
	// is based on chromeos/process.cc
	size_t num_arguments = arguments_.size();
	size_t arguments_buffer_size = 0;
	for (size_t i = 0; i < num_arguments; ++i) {
	arguments_buffer_size += arguments_[i].size() + 1;
	}

	arguments_buffer_.reset(new(std::nothrow) char[arguments_buffer_size]);
	CHECK(arguments_buffer_.get()) << "Failed to allocate arguments buffer";

	arguments_array_.reset(new(std::nothrow) char*[num_arguments + 1]);
	CHECK(arguments_array_.get()) << "Failed to allocate arguments array";

	char* buffer_pointer = arguments_buffer_.get();
	for (size_t i = 0; i < num_arguments; ++i) {
	arguments_array_[i] = buffer_pointer;
	size_t argument_size = arguments_[i].size();
	arguments_[i].copy(buffer_pointer, argument_size);
	buffer_pointer[argument_size] = '\0';
	buffer_pointer += argument_size + 1;
	}
	arguments_array_[num_arguments] = NULL;
	}

	} // namespace cros_disks