1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef LIBBRILLO_BRILLO_MINIJAIL_MINIJAIL_H_ 6 #define LIBBRILLO_BRILLO_MINIJAIL_MINIJAIL_H_ 7 8 #include <vector> 9 10 extern "C" { 11 #include <linux/capability.h> 12 #include <sys/types.h> 13 } 14 15 #include <base/lazy_instance.h> 16 #include <brillo/brillo_export.h> 17 18 #include <libminijail.h> 19 20 #include "base/macros.h" 21 22 namespace brillo { 23 24 // A Minijail abstraction allowing Minijail mocking in tests. 25 class BRILLO_EXPORT Minijail { 26 public: 27 virtual ~Minijail(); 28 29 // This is a singleton -- use Minijail::GetInstance()->Foo(). 30 static Minijail* GetInstance(); 31 32 // minijail_new 33 virtual struct minijail* New(); 34 // minijail_destroy 35 virtual void Destroy(struct minijail* jail); 36 37 // minijail_change_uid/minijail_change_gid 38 virtual void DropRoot(struct minijail* jail, uid_t uid, gid_t gid); 39 40 // minijail_change_user/minijail_change_group 41 virtual bool DropRoot(struct minijail* jail, 42 const char* user, 43 const char* group); 44 45 // minijail_namespace_pids 46 virtual void EnterNewPidNamespace(struct minijail* jail); 47 48 // minijail_mount_tmp 49 virtual void MountTmp(struct minijail* jail); 50 51 // minijail_use_seccomp_filter/minijail_no_new_privs/ 52 // minijail_parse_seccomp_filters 53 virtual void UseSeccompFilter(struct minijail* jail, const char* path); 54 55 // minijail_use_caps 56 virtual void UseCapabilities(struct minijail* jail, uint64_t capmask); 57 58 // minijail_reset_signal_mask 59 virtual void ResetSignalMask(struct minijail* jail); 60 61 // minijail_close_open_fds 62 virtual void CloseOpenFds(struct minijail* jail); 63 64 // minijail_preserve_fd 65 virtual void PreserveFd(struct minijail* jail, int parent_fd, int child_fd); 66 67 // minijail_enter 68 virtual void Enter(struct minijail* jail); 69 70 // minijail_run_pid 71 virtual bool Run(struct minijail* jail, std::vector<char*> args, pid_t* pid); 72 73 // minijail_run_pid and waitpid 74 virtual bool RunSync(struct minijail* jail, 75 std::vector<char*> args, 76 int* status); 77 78 // minijail_run_pid_pipes, with |pstdout_fd| and |pstderr_fd| set to NULL. 79 virtual bool RunPipe(struct minijail* jail, 80 std::vector<char*> args, 81 pid_t* pid, 82 int* stdin); 83 84 // minijail_run_pid_pipes 85 virtual bool RunPipes(struct minijail* jail, 86 std::vector<char*> args, 87 pid_t* pid, 88 int* stdin, 89 int* stdout, 90 int* stderr); 91 92 // minijail_run_env_pid_pipes 93 virtual bool RunEnvPipes(struct minijail* jail, 94 std::vector<char*> args, 95 std::vector<char*> env, 96 pid_t* pid, 97 int* stdin, 98 int* stdout, 99 int* stderr); 100 // Run() and Destroy() 101 virtual bool RunAndDestroy(struct minijail* jail, 102 std::vector<char*> args, 103 pid_t* pid); 104 105 // RunSync() and Destroy() 106 virtual bool RunSyncAndDestroy(struct minijail* jail, 107 std::vector<char*> args, 108 int* status); 109 110 // RunPipe() and Destroy() 111 virtual bool RunPipeAndDestroy(struct minijail* jail, 112 std::vector<char*> args, 113 pid_t* pid, 114 int* stdin); 115 116 // RunPipes() and Destroy() 117 virtual bool RunPipesAndDestroy(struct minijail* jail, 118 std::vector<char*> args, 119 pid_t* pid, 120 int* stdin, 121 int* stdout, 122 int* stderr); 123 124 // RunEnvPipes() and Destroy() 125 virtual bool RunEnvPipesAndDestroy(struct minijail* jail, 126 std::vector<char*> args, 127 std::vector<char*> env, 128 pid_t* pid, 129 int* stdin, 130 int* stdout, 131 int* stderr); 132 133 protected: 134 Minijail(); 135 136 private: 137 friend base::LazyInstanceTraitsBase<Minijail>; 138 139 DISALLOW_COPY_AND_ASSIGN(Minijail); 140 }; 141 142 } // namespace brillo 143 144 #endif // LIBBRILLO_BRILLO_MINIJAIL_MINIJAIL_H_ 145