-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpermission_broker.h
103 lines (90 loc) · 4.24 KB
/
permission_broker.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef PERMISSION_BROKER_PERMISSION_BROKER_H_
#define PERMISSION_BROKER_PERMISSION_BROKER_H_
#include <dbus/dbus.h>
#include <memory>
#include <string>
#include <vector>
#include <base/macros.h>
#include <base/sequenced_task_runner.h>
#include <base/time/time.h>
#include <dbus/bus.h>
#include "permission_broker/dbus_adaptors/org.chromium.PermissionBroker.h"
#include "permission_broker/port_tracker.h"
#include "permission_broker/rule_engine.h"
#include "permission_broker/usb_control.h"
#include "permission_broker/usb_driver_tracker.h"
namespace permission_broker {
// The PermissionBroker encapsulates the execution of a chain of Rules which
// decide whether or not to grant access to a given path. The PermissionBroker
// is also responsible for providing a D-Bus interface to clients.
class PermissionBroker : public org::chromium::PermissionBrokerAdaptor,
public org::chromium::PermissionBrokerInterface {
public:
PermissionBroker(scoped_refptr<dbus::Bus> bus,
const std::string& udev_run_path,
const base::TimeDelta& poll_interval);
PermissionBroker(const PermissionBroker&) = delete;
PermissionBroker& operator=(const PermissionBroker&) = delete;
~PermissionBroker();
// Register the D-Bus object and interfaces.
void RegisterAsync(
const brillo::dbus_utils::AsyncEventSequencer::CompletionAction& cb);
private:
// D-Bus methods.
bool CheckPathAccess(const std::string& in_path) override;
bool OpenPath(brillo::ErrorPtr* error,
const std::string& in_path,
brillo::dbus_utils::FileDescriptor* out_fd) override;
bool ClaimDevicePath(brillo::ErrorPtr* error,
const std::string& in_path,
uint32_t drop_privileges_mask,
const base::ScopedFD& in_lifeline_fd,
brillo::dbus_utils::FileDescriptor* out_fd) override;
bool RequestTcpPortAccess(uint16_t in_port,
const std::string& in_interface,
const base::ScopedFD& dbus_fd) override;
bool RequestUdpPortAccess(uint16_t in_port,
const std::string& in_interface,
const base::ScopedFD& dbus_fd) override;
bool RequestLoopbackTcpPortLockdown(
uint16_t in_port, const base::ScopedFD& in_lifeline_fd) override;
bool ReleaseTcpPort(uint16_t in_port,
const std::string& in_interface) override;
bool ReleaseUdpPort(uint16_t in_port,
const std::string& in_interface) override;
bool ReleaseLoopbackTcpPort(uint16_t in_port) override;
bool RequestTcpPortForward(uint16_t in_port,
const std::string& in_interface,
const std::string& dst_ip,
uint16_t dst_port,
const base::ScopedFD& dbus_fd) override;
bool RequestUdpPortForward(uint16_t in_port,
const std::string& in_interface,
const std::string& dst_ip,
uint16_t dst_port,
const base::ScopedFD& dbus_fd) override;
bool ReleaseTcpPortForward(uint16_t in_port,
const std::string& in_interface) override;
bool ReleaseUdpPortForward(uint16_t in_port,
const std::string& in_interface) override;
void PowerCycleUsbPorts(
std::unique_ptr<brillo::dbus_utils::DBusMethodResponse<bool>> response,
uint16_t in_vid,
uint16_t in_pid,
int64_t in_delay) override;
bool OpenPathImpl(brillo::ErrorPtr* error,
const std::string& in_path,
uint32_t drop_privileges_mask,
int lifeline_fd,
brillo::dbus_utils::FileDescriptor* out_fd);
RuleEngine rule_engine_;
brillo::dbus_utils::DBusObject dbus_object_;
PortTracker port_tracker_;
UsbControl usb_control_;
UsbDriverTracker usb_driver_tracker_;
};
} // namespace permission_broker
#endif // PERMISSION_BROKER_PERMISSION_BROKER_H_