1 // Copyright 2019 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef SANDBOXED_API_SANDBOX2_MOUNTTREE_H_ 16 #define SANDBOXED_API_SANDBOX2_MOUNTTREE_H_ 17 18 #include <cstddef> 19 #include <string> 20 #include <utility> 21 #include <vector> 22 23 #include "absl/status/status.h" 24 #include "absl/status/statusor.h" 25 #include "absl/strings/string_view.h" 26 #include "sandboxed_api/sandbox2/mount_tree.pb.h" 27 28 namespace sandbox2 { 29 30 namespace internal { 31 32 bool IsSameFile(const std::string& path1, const std::string& path2); 33 bool IsWritable(const MountTree::Node& node); 34 bool HasSameTarget(const MountTree::Node& n1, const MountTree::Node& n2); 35 bool IsEquivalentNode(const MountTree::Node& n1, const MountTree::Node& n2); 36 } // namespace internal 37 38 class Mounts { 39 public: Mounts()40 Mounts() { 41 MountTree::Node root; 42 root.mutable_root_node()->set_writable(false); 43 *mount_tree_.mutable_node() = root; 44 } 45 Mounts(MountTree mount_tree)46 explicit Mounts(MountTree mount_tree) : mount_tree_(std::move(mount_tree)) {} 47 48 Mounts(const Mounts&) = default; 49 Mounts(Mounts&&) = default; 50 Mounts& operator=(const Mounts&) = default; 51 Mounts& operator=(Mounts&&) = default; 52 53 absl::Status AddFile(absl::string_view path, bool is_ro = true) { 54 return AddFileAt(path, path, is_ro); 55 } 56 57 absl::Status AddFileAt(absl::string_view outside, absl::string_view inside, 58 bool is_ro = true); 59 60 absl::Status AddDirectory(absl::string_view path, bool is_ro = true) { 61 return AddDirectoryAt(path, path, is_ro); 62 } 63 64 absl::Status AddDirectoryAt(absl::string_view outside, 65 absl::string_view inside, bool is_ro = true); 66 67 absl::Status AddMappingsForBinary(const std::string& path, 68 absl::string_view ld_library_path = {}); 69 70 absl::Status AddTmpfs(absl::string_view inside, size_t sz); 71 72 absl::Status Remove(absl::string_view path); 73 74 void CreateMounts(const std::string& root_path) const; 75 GetMountTree()76 MountTree GetMountTree() const { return mount_tree_; } 77 SetRootWritable()78 void SetRootWritable() { 79 mount_tree_.mutable_node()->mutable_root_node()->set_writable(true); 80 } 81 IsRootReadOnly()82 bool IsRootReadOnly() const { 83 return mount_tree_.has_node() && mount_tree_.node().has_root_node() && 84 !mount_tree_.node().root_node().writable(); 85 } 86 87 // Lists the outside and inside entries of the input tree in the output 88 // parameters, in an ls-like manner. Each entry is traversed in the 89 // depth-first order. However, the entries on the same level of hierarchy are 90 // traversed in their natural order in the tree. The elements in the output 91 // containers match each other pairwise: outside_entries[i] is mounted as 92 // inside_entries[i]. The elements of inside_entries are prefixed with either 93 // 'R' (read-only) or 'W' (writable). 94 void RecursivelyListMounts(std::vector<std::string>* outside_entries, 95 std::vector<std::string>* inside_entries) const; 96 97 absl::StatusOr<std::string> ResolvePath(absl::string_view path) const; 98 99 private: 100 friend class MountTreeTest; 101 102 absl::Status Insert(absl::string_view path, const MountTree::Node& node); 103 104 MountTree mount_tree_; 105 }; 106 107 } // namespace sandbox2 108 109 #endif // SANDBOXED_API_SANDBOX2_MOUNTTREE_H_ 110