53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
unsigned int _allowsVMInfo: 1;
unsigned int _allowsChangingProcessRights: 1;
unsigned int _allowsPF: 1;
unsigned int _allowsAudio: 1;
unsigned int _allowsBPF: 1;
}
/*! Allows IO operations on previously allocated file descriptors. */
/*! Allows read access to the file system. */
/*! Allows write access to the file system. */
/*! Allows creating files in the file system. */
/*! Allows creating special files in the file system. */
/*! Allows creating, reading and writing temporary files in /tmp. */
/*! Allows using IP sockets. */
/*! Allows multicast sockets. */
/*! Allows explicit changes to file attributes. */
/*! Allows changing ownership of files. */
/*! Allows file locks. */
/*! Allows UNIX sockets. */
/*! Allows syscalls necessary for DNS lookups. */
/*! Allows to look up users and groups. */
/*! Allows sending file descriptors via sendmsg(). */
/*! Allows receiving file descriptors via recvmsg(). */
/*! Allows MTIOCGET and MTIOCTOP operations on tape devices. */
/*! Allows read-write operations and ioctls on the TTY. */
/*! Allows various process relationshop operations. */
/*! Allows execve(). */
/*! Allows PROT_EXEC for mmap() and mprotect(). */
/*! Allows settime(). */
/*! Allows introspection of processes on the system. */
/*! Allows introspection of the system's virtual memory. */
/*! Allows changing the rights of process, for example the UID. */
/*! Allows certain ioctls on the PF device. */
/*! Allows certain ioctls on audio devices. */
/*! Allows BIOCGSTATS to collect statistics from a BPF device. */
|
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
>
|
>
|
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
|
unsigned int _allowsVMInfo: 1;
unsigned int _allowsChangingProcessRights: 1;
unsigned int _allowsPF: 1;
unsigned int _allowsAudio: 1;
unsigned int _allowsBPF: 1;
}
/*!
* @brief Allows IO operations on previously allocated file descriptors.
*/
@property (nonatomic) bool allowsStdIO;
/*!
* @brief Allows read access to the file system.
*/
@property (nonatomic) bool allowsReadingFiles;
/*!
* @brief Allows write access to the file system.
*/
@property (nonatomic) bool allowsWritingFiles;
/*!
* @brief Allows creating files in the file system.
*/
@property (nonatomic) bool allowsCreatingFiles;
/*!
* @brief Allows creating special files in the file system.
*/
@property (nonatomic) bool allowsCreatingSpecialFiles;
/*!
* @brief Allows creating, reading and writing temporary files in `/tmp`.
*/
@property (nonatomic) bool allowsTemporaryFiles;
/*!
* @brief Allows using IP sockets.
*/
@property (nonatomic) bool allowsIPSockets;
/*!
* @brief Allows multicast sockets.
*/
@property (nonatomic) bool allowsMulticastSockets;
/*!
* @brief Allows explicit changes to file attributes.
*/
@property (nonatomic) bool allowsChangingFileAttributes;
/*!
* @brief Allows changing ownership of files.
*/
@property (nonatomic) bool allowsFileOwnerChanges;
/*!
* @brief Allows file locks.
*/
@property (nonatomic) bool allowsFileLocks;
/*!
* @brief Allows UNIX sockets.
*/
@property (nonatomic) bool allowsUNIXSockets;
/*!
* @brief Allows syscalls necessary for DNS lookups.
*/
@property (nonatomic) bool allowsDNS;
/*!
* @brief Allows to look up users and groups.
*/
@property (nonatomic) bool allowsUserDatabaseReading;
/*!
* @brief Allows sending file descriptors via sendmsg().
*/
@property (nonatomic) bool allowsFileDescriptorSending;
/*!
* @brief Allows receiving file descriptors via recvmsg().
*/
@property (nonatomic) bool allowsFileDescriptorReceiving;
/*!
* @brief Allows MTIOCGET and MTIOCTOP operations on tape devices.
*/
@property (nonatomic) bool allowsTape;
/*!
* @brief Allows read-write operations and ioctls on the TTY.
*/
@property (nonatomic) bool allowsTTY;
/*!
* @brief Allows various process relationshop operations.
*/
@property (nonatomic) bool allowsProcessOperations;
/*!
* @brief Allows execve().
*/
@property (nonatomic) bool allowsExec;
/*!
* @brief Allows PROT_EXEC for `mmap()` and `mprotect()`.
*/
@property (nonatomic) bool allowsProtExec;
/*!
* @brief Allows `settime()`.
*/
@property (nonatomic) bool allowsSetTime;
/*!
* @brief Allows introspection of processes on the system.
*/
@property (nonatomic) bool allowsPS;
/*!
* @brief Allows introspection of the system's virtual memory.
*/
@property (nonatomic) bool allowsVMInfo;
/*!
* @brief Allows changing the rights of process, for example the UID.
*/
@property (nonatomic) bool allowsChangingProcessRights;
/*!
* @brief Allows certain ioctls on the PF device.
*/
@property (nonatomic) bool allowsPF;
/*!
* @brief Allows certain ioctls on audio devices.
*/
@property (nonatomic) bool allowsAudio;
/*!
* @brief Allows BIOCGSTATS to collect statistics from a BPF device.
*/
@property (nonatomic) bool allowsBPF;
/*!
* @brief Create a new, autorelease OFSandbox.
*/
+ (instancetype)sandbox;
|