sandboxed-process.h

// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CROS_DISKS_SANDBOXED_PROCESS_H_
#define CROS_DISKS_SANDBOXED_PROCESS_H_

#include <sys/types.h>

#include <string>
#include <vector>

#include <base/basictypes.h>
#include <base/memory/scoped_ptr.h>
#include <gtest/gtest_prod.h>

struct minijail;

namespace cros_disks {

class SandboxedProcess {
 public:
  SandboxedProcess();
  ~SandboxedProcess();

  // Adds an argument to the end of the argument list.
  void AddArgument(const std::string& argument);

  // Loads the seccomp filters from |policy_file|. The calling process will be
  // aborted if |policy_file| does not exist, cannot be read or is malformed.
  void LoadSeccompFilterPolicy(const std::string& policy_file);

  // Sets the process capabilities of the process to be sandboxed.
  void SetCapabilities(uint64_t capabilities);

  // Sets the group ID of the process to be sandboxed.
  void SetGroupId(gid_t group_id);

  // Sets the user ID of the process to be sandboxed.
  void SetUserId(uid_t user_id);

  // Starts the process in a sandbox. Returns true on success.
  bool Start();

  // Waits for the process to finish and returns its exit status.
  int Wait();

  // Starts and waits for the process to finish. Returns the same exit status
  // as Wait() does.
  int Run();

 private:
  // Builds the array of arguments |arguments_array_|, which is passed to
  // the process to be launched by Start(), from the arguments stored in
  // |arguments_|.
  void BuildArgumentsArray();

  std::vector<std::string> arguments_;

  scoped_array<char*> arguments_array_;

  scoped_array<char> arguments_buffer_;

  struct minijail* jail_;

  FRIEND_TEST(SandboxedProcessTest, BuildEmptyArgumentsArray);
  FRIEND_TEST(SandboxedProcessTest, BuildArgumentsArray);

  DISALLOW_COPY_AND_ASSIGN(SandboxedProcess);
};

}  // namespace cros_disks

#endif  // CROS_DISKS_SANDBOXED_PROCESS_H_