blob: 9ca69e0960439b7ee1076247c37b65a7dbc50750 [file] [log] [blame]
// Copyright 2017 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This callback is intended to be a legacy entry point. New scripts should not
// be added here. Instead a proper UI should be created to manage the system
// interactions.
#include "debugd/src/shill_scripts_tool.h"
#include <memory>
#include <string>
#include <utility>
#include <vector>
#include <base/files/file_path.h>
#include "debugd/src/error_utils.h"
#include "debugd/src/process_with_id.h"
namespace debugd {
namespace {
const char kUnsupportedShillScriptToolErrorName[] =
const char kUser[] = "shill-scripts";
const char kGroup[] = "shill-scripts";
// Where shill scripts are installed.
const char kScriptsDir[] = "/usr/bin";
// clang-format off
const char * const kWhitelistedScripts[] = {
// clang-format on
// Only permit certain scripts here.
bool WhitelistedScript(const std::string& script, brillo::ErrorPtr* error) {
for (const char* listed : kWhitelistedScripts)
if (script == listed)
return true;
DEBUGD_ADD_ERROR(error, kUnsupportedShillScriptToolErrorName, script.c_str());
return false;
} // namespace
bool ShillScriptsTool::Run(const base::ScopedFD& outfd,
const std::string& script,
const std::vector<std::string>& script_args,
std::string* out_id,
brillo::ErrorPtr* error) {
if (!WhitelistedScript(script, error))
return false;
auto p = std::make_unique<ProcessWithId>();
p->SandboxAs(kUser, kGroup);
const base::FilePath dir(kScriptsDir);
for (const auto& arg : script_args)
p->BindFd(outfd.get(), STDOUT_FILENO);
p->BindFd(outfd.get(), STDERR_FILENO);
*out_id = p->id();
return true;
} // namespace debugd