1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef SANDBOX_MAC_POLICY_H_ 6#define SANDBOX_MAC_POLICY_H_ 7 8#include <mach/mach.h> 9 10#include <map> 11#include <string> 12 13#include "sandbox/sandbox_export.h" 14 15namespace sandbox { 16 17enum PolicyDecision { 18 POLICY_DECISION_INVALID, 19 // Explicitly allows the real service to be looked up from launchd. 20 POLICY_ALLOW, 21 // Deny the look up request by replying with a MIG error. This is the 22 // default behavior for servers not given an explicit rule. 23 POLICY_DENY_ERROR, 24 // Deny the look up request with a well-formed reply containing a 25 // Mach port with a send right, messages to which will be ignored. 26 POLICY_DENY_DUMMY_PORT, 27 // Reply to the look up request with a send right to the substitute_port 28 // specified in the Rule. 29 POLICY_SUBSTITUTE_PORT, 30 POLICY_DECISION_LAST, 31}; 32 33// A Rule expresses the action to take when a service port is requested via 34// bootstrap_look_up. If |result| is not POLICY_SUBSTITUTE_PORT, then 35// |substitute_port| must be NULL. If result is POLICY_SUBSTITUTE_PORT, then 36// |substitute_port| must not be NULL. 37struct SANDBOX_EXPORT Rule { 38 Rule(); 39 explicit Rule(PolicyDecision result); 40 explicit Rule(mach_port_t override_port); 41 42 PolicyDecision result; 43 44 // The Rule does not take ownership of this port, but additional send rights 45 // will be allocated to it before it is sent to a client. This name must 46 // denote a send right that can duplicated with MACH_MSG_TYPE_COPY_SEND. 47 mach_port_t substitute_port; 48}; 49 50// A policy object manages the rules enforced on a target sandboxed process. 51struct SANDBOX_EXPORT BootstrapSandboxPolicy { 52 typedef std::map<std::string, Rule> NamedRules; 53 54 BootstrapSandboxPolicy(); 55 ~BootstrapSandboxPolicy(); 56 57 // The default action to take if the server name being looked up is not 58 // present in |rules|. 59 Rule default_rule; 60 61 // A map of bootstrap server names to policy Rules. 62 NamedRules rules; 63}; 64 65// Checks that a policy is well-formed. 66SANDBOX_EXPORT bool IsPolicyValid(const BootstrapSandboxPolicy& policy); 67 68} // namespace sandbox 69 70#endif // SANDBOX_MAC_POLICY_H_ 71