1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef SANDBOX_MAC_POLICY_H_
6#define SANDBOX_MAC_POLICY_H_
7
8#include <mach/mach.h>
9
10#include <map>
11#include <string>
12
13#include "sandbox/sandbox_export.h"
14
15namespace sandbox {
16
17enum PolicyDecision {
18  POLICY_DECISION_INVALID,
19  // Explicitly allows the real service to be looked up from launchd.
20  POLICY_ALLOW,
21  // Deny the look up request by replying with a MIG error. This is the
22  // default behavior for servers not given an explicit rule.
23  POLICY_DENY_ERROR,
24  // Deny the look up request with a well-formed reply containing a
25  // Mach port with a send right, messages to which will be ignored.
26  POLICY_DENY_DUMMY_PORT,
27  // Reply to the look up request with a send right to the substitute_port
28  // specified in the Rule.
29  POLICY_SUBSTITUTE_PORT,
30  POLICY_DECISION_LAST,
31};
32
33// A Rule expresses the action to take when a service port is requested via
34// bootstrap_look_up. If |result| is not POLICY_SUBSTITUTE_PORT, then
35// |substitute_port| must be NULL. If result is POLICY_SUBSTITUTE_PORT, then
36// |substitute_port| must not be NULL.
37struct SANDBOX_EXPORT Rule {
38  Rule();
39  explicit Rule(PolicyDecision result);
40  explicit Rule(mach_port_t override_port);
41
42  PolicyDecision result;
43
44  // The Rule does not take ownership of this port, but additional send rights
45  // will be allocated to it before it is sent to a client. This name must
46  // denote a send right that can duplicated with MACH_MSG_TYPE_COPY_SEND.
47  mach_port_t substitute_port;
48};
49
50// A policy object manages the rules enforced on a target sandboxed process.
51struct SANDBOX_EXPORT BootstrapSandboxPolicy {
52  typedef std::map<std::string, Rule> NamedRules;
53
54  BootstrapSandboxPolicy();
55  ~BootstrapSandboxPolicy();
56
57  // The default action to take if the server name being looked up is not
58  // present in |rules|.
59  Rule default_rule;
60
61  // A map of bootstrap server names to policy Rules.
62  NamedRules rules;
63};
64
65// Checks that a policy is well-formed.
66SANDBOX_EXPORT bool IsPolicyValid(const BootstrapSandboxPolicy& policy);
67
68}  // namespace sandbox
69
70#endif  // SANDBOX_MAC_POLICY_H_
71