tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

SandboxBrokerCommon.h (2579B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef mozilla_SandboxBrokerCommon_h
      8 #define mozilla_SandboxBrokerCommon_h
      9 
     10 #include <sys/types.h>
     11 #include <stdint.h>
     12 
     13 struct iovec;
     14 
     15 // This file defines the protocol between the filesystem broker,
     16 // described in SandboxBroker.h, and its client, described in
     17 // ../SandboxBrokerClient.h; and it defines some utility functions
     18 // used by both.
     19 //
     20 // In order to keep the client simple while allowing it to be thread
     21 // safe and async signal safe, the main broker socket is used only for
     22 // requests; responses arrive on a per-request socketpair sent with
     23 // the request.  (This technique is also used by Chromium and Breakpad.)
     24 
     25 namespace mozilla {
     26 
     27 class SandboxBrokerCommon {
     28 public:
     29  enum Operation {
     30    SANDBOX_FILE_OPEN,
     31    SANDBOX_FILE_ACCESS,
     32    SANDBOX_FILE_STAT,
     33    SANDBOX_FILE_CHMOD,
     34    SANDBOX_FILE_LINK,
     35    SANDBOX_FILE_SYMLINK,
     36    SANDBOX_FILE_MKDIR,
     37    SANDBOX_FILE_RENAME,
     38    SANDBOX_FILE_RMDIR,
     39    SANDBOX_FILE_UNLINK,
     40    SANDBOX_FILE_READLINK,
     41    SANDBOX_SOCKET_CONNECT,
     42    SANDBOX_SOCKET_CONNECT_ABSTRACT,
     43  };
     44  // String versions of the above
     45  static const char* OperationDescription[];
     46 
     47  struct Request {
     48    Operation mOp;
     49    // For open, flags; for access, "mode"; for stat, O_NOFOLLOW for lstat.
     50    // For connect, the socket type.
     51    int mFlags;
     52    // ID to match child/parent requests in profiler
     53    uint64_t mId;
     54    // Size of return value buffer, if any
     55    size_t mBufSize;
     56    // The rest of the packet is the pathname.
     57    // SCM_RIGHTS for response socket attached.
     58  };
     59 
     60  struct Response {
     61    // Syscall result, -errno if failure, or 0 for no error
     62    int mError;
     63    // Followed by struct stat for stat/lstat.
     64    // SCM_RIGHTS attached for successful open.
     65  };
     66 
     67  // This doesn't need to be the system's maximum path length, just
     68  // the largest path that would be allowed by any policy.  (It's used
     69  // to size a stack-allocated buffer.)
     70  static const size_t kMaxPathLen = 4096;
     71 
     72  static ssize_t RecvWithFd(int aFd, const iovec* aIO, size_t aNumIO,
     73                            int* aPassedFdPtr);
     74  static ssize_t SendWithFd(int aFd, const iovec* aIO, size_t aNumIO,
     75                            int aPassedFd);
     76 };
     77 
     78 }  // namespace mozilla
     79 
     80 #endif  // mozilla_SandboxBrokerCommon_h