1 /* 2 * Copyright (C) 2024 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #ifndef ANDROID_DEVICE_GOOGLE_CUTTLEFISH_HOST_COMMANDS_SANDBOX_PROCESS_POLICIES_H 17 #define ANDROID_DEVICE_GOOGLE_CUTTLEFISH_HOST_COMMANDS_SANDBOX_PROCESS_POLICIES_H 18 19 #include <memory> 20 #include <ostream> 21 #include <set> 22 #include <string> 23 #include <string_view> 24 25 #include <absl/status/status.h> 26 27 #include "sandboxed_api/sandbox2/policybuilder.h" 28 29 namespace cuttlefish::process_sandboxer { 30 31 struct HostInfo { 32 absl::Status EnsureOutputDirectoriesExist(); 33 std::string HostToolExe(std::string_view exe) const; 34 35 std::string assembly_dir; 36 std::string cuttlefish_config_path; 37 std::string early_tmp_dir; 38 std::string environments_dir; 39 std::string environments_uds_dir; 40 std::string guest_image_path; 41 std::string host_artifacts_path; 42 std::string instance_uds_dir; 43 std::string log_dir; 44 std::string runtime_dir; 45 std::string vsock_device_dir; 46 }; 47 48 std::ostream& operator<<(std::ostream&, const HostInfo&); 49 50 sandbox2::PolicyBuilder BaselinePolicy(const HostInfo&, std::string_view exe); 51 52 sandbox2::PolicyBuilder AdbConnectorPolicy(const HostInfo&); 53 sandbox2::PolicyBuilder AssembleCvdPolicy(const HostInfo&); 54 sandbox2::PolicyBuilder AvbToolPolicy(const HostInfo&); 55 sandbox2::PolicyBuilder CasimirPolicy(const HostInfo&); 56 sandbox2::PolicyBuilder CasimirControlServerPolicy(const HostInfo&); 57 sandbox2::PolicyBuilder ControlEnvProxyServerPolicy(const HostInfo&); 58 sandbox2::PolicyBuilder CvdInternalStartPolicy(const HostInfo&); 59 sandbox2::PolicyBuilder EchoServerPolicy(const HostInfo&); 60 sandbox2::PolicyBuilder GnssGrpcProxyPolicy(const HostInfo&); 61 sandbox2::PolicyBuilder KernelLogMonitorPolicy(const HostInfo&); 62 sandbox2::PolicyBuilder LogTeePolicy(const HostInfo&); 63 sandbox2::PolicyBuilder LogcatReceiverPolicy(const HostInfo&); 64 sandbox2::PolicyBuilder MetricsPolicy(const HostInfo& host); 65 sandbox2::PolicyBuilder MkEnvImgSlimPolicy(const HostInfo& host); 66 sandbox2::PolicyBuilder ModemSimulatorPolicy(const HostInfo&); 67 sandbox2::PolicyBuilder NetsimdPolicy(const HostInfo&); 68 sandbox2::PolicyBuilder NewFsMsDosPolicy(const HostInfo&); 69 sandbox2::PolicyBuilder OpenWrtControlServerPolicy(const HostInfo& host); 70 sandbox2::PolicyBuilder OperatorProxyPolicy(const HostInfo& host); 71 sandbox2::PolicyBuilder ProcessRestarterPolicy(const HostInfo&); 72 sandbox2::PolicyBuilder RunCvdPolicy(const HostInfo&); 73 sandbox2::PolicyBuilder ScreenRecordingServerPolicy(const HostInfo&); 74 sandbox2::PolicyBuilder SecureEnvPolicy(const HostInfo&); 75 sandbox2::PolicyBuilder Simg2ImgPolicy(const HostInfo&); 76 sandbox2::PolicyBuilder SocketVsockProxyPolicy(const HostInfo&); 77 sandbox2::PolicyBuilder TcpConnectorPolicy(const HostInfo&); 78 sandbox2::PolicyBuilder TombstoneReceiverPolicy(const HostInfo&); 79 sandbox2::PolicyBuilder VhostDeviceVsockPolicy(const HostInfo&); 80 sandbox2::PolicyBuilder WebRtcPolicy(const HostInfo&); 81 sandbox2::PolicyBuilder WebRtcOperatorPolicy(const HostInfo&); 82 sandbox2::PolicyBuilder WmediumdPolicy(const HostInfo&); 83 sandbox2::PolicyBuilder WmediumdGenConfigPolicy(const HostInfo&); 84 85 std::set<std::string> NoPolicy(const HostInfo&); 86 87 std::unique_ptr<sandbox2::Policy> PolicyForExecutable( 88 const HostInfo& host_info, std::string_view server_socket_outside_path, 89 std::string_view executable_path); 90 91 } // namespace cuttlefish::process_sandboxer 92 93 #endif 94