| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "sandbox/mac/policy.h" |
| |
| namespace sandbox { |
| |
| Rule::Rule() |
| : result(POLICY_DECISION_INVALID), |
| substitute_port(MACH_PORT_NULL) { |
| } |
| |
| Rule::Rule(PolicyDecision result) |
| : result(result), |
| substitute_port(MACH_PORT_NULL) { |
| } |
| |
| Rule::Rule(mach_port_t override_port) |
| : result(POLICY_SUBSTITUTE_PORT), |
| substitute_port(override_port) { |
| } |
| |
| BootstrapSandboxPolicy::BootstrapSandboxPolicy() |
| : default_rule(POLICY_DENY_ERROR) { |
| } |
| |
| BootstrapSandboxPolicy::~BootstrapSandboxPolicy() {} |
| |
| static bool IsRuleValid(const Rule& rule) { |
| if (!(rule.result > POLICY_DECISION_INVALID && |
| rule.result < POLICY_DECISION_LAST)) { |
| return false; |
| } |
| if (rule.result == POLICY_SUBSTITUTE_PORT) { |
| if (rule.substitute_port == MACH_PORT_NULL) |
| return false; |
| } else { |
| if (rule.substitute_port != MACH_PORT_NULL) |
| return false; |
| } |
| return true; |
| } |
| |
| bool IsPolicyValid(const BootstrapSandboxPolicy& policy) { |
| if (!IsRuleValid(policy.default_rule)) |
| return false; |
| |
| for (const auto& pair : policy.rules) { |
| if (!IsRuleValid(pair.second)) |
| return false; |
| } |
| return true; |
| } |
| |
| } // namespace sandbox |