xref: /aosp_15_r20/external/sandboxed-api/sandboxed_api/sandbox2/ipc.h (revision ec63e07ab9515d95e79c211197c445ef84cefa6a)

// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// The sandbox2::IPC class provides routines for exchanging data between sandbox
// and the sandboxee.

#ifndef SANDBOXED_API_SANDBOX2_IPC_H_
#define SANDBOXED_API_SANDBOX2_IPC_H_

#include <memory>
#include <string>
#include <tuple>
#include <vector>

#include "absl/base/attributes.h"
#include "absl/strings/string_view.h"
#include "sandboxed_api/sandbox2/comms.h"

namespace sandbox2 {

class IPC final {
 public:
  IPC() = default;

  IPC(const IPC&) = delete;
  IPC& operator=(const IPC&) = delete;

  ~IPC() { InternalCleanupFdMap(); }

  ABSL_DEPRECATED("Use Sandbox2::comms() instead")
  Comms* comms() const { return comms_.get(); }

  // Marks local_fd so that it should be sent to the remote process (sandboxee),
  // and duplicated onto remote_fd in it. The local_fd will be closed after
  // being sent (in SendFdsOverComms() which is called by the Monitor class when
  // Sandbox2::RunAsync() is called), so local_fd should not be used from that
  // point on. The application must not close local_fd after calling MapFd().
  void MapFd(int local_fd, int remote_fd);

  // Similar to MapFd(), except local_fd remains available for use in the
  // application even after Sandbox2::RunAsync() is called; the application
  // retains responsibility for closing local_fd and may do so at any time after
  // calling MapDupedFd().
  void MapDupedFd(int local_fd, int remote_fd);

  // Creates and returns a socketpair endpoint. The other endpoint of the
  // socketpair is marked as to be sent to the remote process (sandboxee) with
  // SendFdsOverComms() as with MapFd().
  // If a name is specified, uses the Client::GetMappedFD api to retrieve the
  // corresponding file descriptor in the sandboxee.
  int ReceiveFd(int remote_fd, absl::string_view name);
  int ReceiveFd(int remote_fd);
  int ReceiveFd(absl::string_view name);

  // Enable sandboxee logging, this will start a thread that waits for log
  // messages from the sandboxee. You'll also have to call
  // Client::SendLogsToSupervisor in the sandboxee.
  void EnableLogServer();

 private:
  friend class Executor;
  friend class MonitorBase;
  friend class IpcPeer;  // For testing

  // Uses a pre-connected file descriptor.
  void SetUpServerSideComms(int fd);

  // Sends file descriptors to the sandboxee. Close the local FDs (e.g. passed
  // in MapFd()) - they cannot be used anymore.
  bool SendFdsOverComms();

  void InternalCleanupFdMap();

  // Tuple of file descriptor pairs which will be sent to the sandboxee: in the
  // form of tuple<local_fd, remote_fd, name>:
  //   local_fd: local fd which should be sent to sandboxee
  //   remote_fd: it will be overwritten by local_fd.
  std::vector<std::tuple<int, int, std::string>> fd_map_;

  // Comms channel used to exchange data with the sandboxee.
  std::unique_ptr<Comms> comms_;
};

}  // namespace sandbox2

#endif  // SANDBOXED_API_SANDBOX2_IPC_H_