policy.h revision cedac228d2dd51db4b79ea1e72c7f249408ee061
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef SANDBOX_MAC_POLICY_H_ 6#define SANDBOX_MAC_POLICY_H_ 7 8#include <mach/mach.h> 9 10#include <map> 11#include <string> 12 13#include "sandbox/sandbox_export.h" 14 15namespace sandbox { 16 17enum PolicyDecision { 18 POLICY_DECISION_INVALID, 19 // Explicitly allows the real service to be looked up from launchd. 20 POLICY_ALLOW, 21 // Deny the look up request by replying with a MIG error. This is the 22 // default behavior for servers not given an explicit rule. 23 POLICY_DENY_ERROR, 24 // Deny the look up request with a well-formed reply containing a 25 // Mach port with a send right, messages to which will be ignored. 26 POLICY_DENY_DUMMY_PORT, 27 // Reply to the look up request with a send right to the substitute_port 28 // specified in the Rule. 29 POLICY_SUBSTITUTE_PORT, 30 POLICY_DECISION_LAST, 31}; 32 33// A Rule expresses the action to take when a service port is requested via 34// bootstrap_look_up. If |result| is not POLICY_SUBSTITUTE_PORT, then 35// |substitute_port| must be NULL. If result is POLICY_SUBSTITUTE_PORT, then 36// |substitute_port| must not be NULL. 37struct SANDBOX_EXPORT Rule { 38 Rule(); 39 explicit Rule(PolicyDecision result); 40 explicit Rule(mach_port_t override_port); 41 42 PolicyDecision result; 43 44 // The Rule does not take ownership of this port, but additional send rights 45 // will be allocated to it before it is sent to a client. 46 mach_port_t substitute_port; 47}; 48 49// A SandboxPolicy maps bootstrap server names to policy Rules. 50typedef std::map<std::string, Rule> BootstrapSandboxPolicy; 51 52// Checks that a policy is well-formed. 53SANDBOX_EXPORT bool IsPolicyValid(const BootstrapSandboxPolicy& policy); 54 55} // namespace sandbox 56 57#endif // SANDBOX_MAC_POLICY_H_ 58