blob: 80fea23e7ef5c2543187bbc6ce9ff2f39bdf256f [file] [log] [blame]
// Copyright 2015 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SOMA_LIB_SOMA_READ_ONLY_CONTAINER_SPEC_H_
#define SOMA_LIB_SOMA_READ_ONLY_CONTAINER_SPEC_H_
#include <sched.h>
#include <sys/types.h>
#include <string>
#include <utility>
#include <vector>
#include <base/files/file_path.h>
#include <base/macros.h>
#include <soma/soma_export.h>
namespace soma {
class ContainerSpec;
// More friendly read-only wrapper around the ContainerSpec protobuf.
// This class owns an instance of the protobuf and will hand out data from it
// on request.
class SOMA_EXPORT ReadOnlyContainerSpec {
public:
enum class Namespace {
NEWIPC = CLONE_NEWIPC,
NEWNET = CLONE_NEWNET,
NEWNS = CLONE_NEWNS,
NEWPID = CLONE_NEWPID,
NEWUSER = CLONE_NEWUSER,
NEWUTS = CLONE_NEWUTS,
INVALID,
};
explicit ReadOnlyContainerSpec(const ContainerSpec* spec);
virtual ~ReadOnlyContainerSpec();
const std::string& name() const;
const base::FilePath& service_bundle_path() const {
return service_bundle_path_;
}
uid_t uid() const;
gid_t gid() const;
const std::vector<std::string>& command_line() const {
return command_line_;
}
const std::vector<std::string>& service_names() const {
return service_names_;
}
const base::FilePath& working_directory() const { return working_dir_; }
const std::vector<Namespace>& namespaces() const { return namespaces_; }
bool all_tcp_ports_allowed() const;
bool all_udp_ports_allowed() const;
const std::vector<uint32_t>& tcp_listen_ports() const {
return tcp_listen_ports_;
}
const std::vector<uint32_t>& udp_listen_ports() const {
return udp_listen_ports_;
}
const std::vector<std::pair<int, int>>& device_node_filters() const {
return device_node_filters_;
}
const std::vector<base::FilePath>& device_path_filters() const {
return device_path_filters_;
}
private:
const ContainerSpec* const internal_;
// Caching for values in internal_, so this class can hand out const
// references without having to vend handles to the underlying protobuf.
const base::FilePath service_bundle_path_;
const std::vector<std::string> command_line_;
const std::vector<std::string> service_names_;
const base::FilePath working_dir_;
const std::vector<uint32_t> tcp_listen_ports_;
const std::vector<uint32_t> udp_listen_ports_;
// Non-const because these need to be translated from the proto
// representation to something more generic.
std::vector<Namespace> namespaces_;
std::vector<base::FilePath> device_path_filters_;
std::vector<std::pair<int, int>> device_node_filters_; // major, minor
DISALLOW_COPY_AND_ASSIGN(ReadOnlyContainerSpec);
};
} // namespace soma
#endif // SOMA_LIB_SOMA_READ_ONLY_CONTAINER_SPEC_H_