ObjFW  Diff

Annotate Patch Unified Diff

Differences From Artifact [caa850467d]:

To Artifact [1de6e8165f]:

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

	bool _allowsFileDescriptorReceiving, _allowsTape, _allowsTTY;
	bool _allowsProcessOperations, _allowsExec, _allowsProtExec;
	bool _allowsSetTime, _allowsPS, _allowsVMInfo;
	bool _allowsChangingProcessRights, _allowsPF, _allowsAudio, _allowsBPF;
}

/*! Allows IO operations on previously allocated file descriptors. */
@property bool allowsStdIO;

/*! Allows read access to the file system. */
@property bool allowsReadingFiles;

/*! Allows write access to the file system. */
@property bool allowsWritingFiles;

/*! Allows creating files in the file system. */
@property bool allowsCreatingFiles;

/*! Allows creating special files in the file system. */
@property bool allowsCreatingSpecialFiles;

/*! Allows creating, reading and writing temporary files in /tmp. */
@property bool allowsTemporaryFiles;

/*! Allows using IP sockets. */
@property bool allowsIPSockets;

/*! Allows multicast sockets. */
@property bool allowsMulticastSockets;

/*! Allows explicit changes to file attributes. */
@property bool allowsChangingFileAttributes;

/*! Allows changing ownership of files. */
@property bool allowsFileOwnerChanges;

/*! Allows file locks. */
@property bool allowsFileLocks;

/*! Allows UNIX sockets. */
@property bool allowsUNIXSockets;

/*! Allows syscalls necessary for DNS lookups. */
@property bool allowsDNS;

/*! Allows to look up users and groups. */
@property bool allowsUserDatabaseReading;

/*! Allows sending file descriptors via sendmsg(). */
@property bool allowsFileDescriptorSending;

/*! Allows receiving file descriptors via recvmsg(). */
@property bool allowsFileDescriptorReceiving;

/*! Allows MTIOCGET and MTIOCTOP operations on tape devices. */
@property bool allowsTape;

/*! Allows read-write operations and ioctls on the TTY. */
@property bool allowsTTY;

/*! Allows various process relationshop operations. */
@property bool allowsProcessOperations;

/*! Allows execve(). */
@property bool allowsExec;

/*! Allows PROT_EXEC for mmap() and mprotect(). */
@property bool allowsProtExec;

/*! Allows settime(). */
@property bool allowsSetTime;

/*! Allows introspection of processes on the system. */
@property bool allowsPS;

/*! Allows introspection of the system's virtual memory. */
@property bool allowsVMInfo;

/*! Allows changing the rights of process, for example the UID. */
@property bool allowsChangingProcessRights;

/*! Allows certain ioctls on the PF device. */
@property bool allowsPF;

/*! Allows certain ioctls on audio devices. */
@property bool allowsAudio;

/*! Allows BIOCGSTATS to collect statistics from a BPF device. */
@property bool allowsBPF;

/*!
 * @brief Create a new, autorelease OFSandbox.
 */
+ (instancetype)sandbox;

#ifdef OF_HAVE_PLEDGE








|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|


|








38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

	bool _allowsFileDescriptorReceiving, _allowsTape, _allowsTTY;
	bool _allowsProcessOperations, _allowsExec, _allowsProtExec;
	bool _allowsSetTime, _allowsPS, _allowsVMInfo;
	bool _allowsChangingProcessRights, _allowsPF, _allowsAudio, _allowsBPF;
}

/*! Allows IO operations on previously allocated file descriptors. */
@property (nonatomic) bool allowsStdIO;

/*! Allows read access to the file system. */
@property (nonatomic) bool allowsReadingFiles;

/*! Allows write access to the file system. */
@property (nonatomic) bool allowsWritingFiles;

/*! Allows creating files in the file system. */
@property (nonatomic) bool allowsCreatingFiles;

/*! Allows creating special files in the file system. */
@property (nonatomic) bool allowsCreatingSpecialFiles;

/*! Allows creating, reading and writing temporary files in /tmp. */
@property (nonatomic) bool allowsTemporaryFiles;

/*! Allows using IP sockets. */
@property (nonatomic) bool allowsIPSockets;

/*! Allows multicast sockets. */
@property (nonatomic) bool allowsMulticastSockets;

/*! Allows explicit changes to file attributes. */
@property (nonatomic) bool allowsChangingFileAttributes;

/*! Allows changing ownership of files. */
@property (nonatomic) bool allowsFileOwnerChanges;

/*! Allows file locks. */
@property (nonatomic) bool allowsFileLocks;

/*! Allows UNIX sockets. */
@property (nonatomic) bool allowsUNIXSockets;

/*! Allows syscalls necessary for DNS lookups. */
@property (nonatomic) bool allowsDNS;

/*! Allows to look up users and groups. */
@property (nonatomic) bool allowsUserDatabaseReading;

/*! Allows sending file descriptors via sendmsg(). */
@property (nonatomic) bool allowsFileDescriptorSending;

/*! Allows receiving file descriptors via recvmsg(). */
@property (nonatomic) bool allowsFileDescriptorReceiving;

/*! Allows MTIOCGET and MTIOCTOP operations on tape devices. */
@property (nonatomic) bool allowsTape;

/*! Allows read-write operations and ioctls on the TTY. */
@property (nonatomic) bool allowsTTY;

/*! Allows various process relationshop operations. */
@property (nonatomic) bool allowsProcessOperations;

/*! Allows execve(). */
@property (nonatomic) bool allowsExec;

/*! Allows PROT_EXEC for mmap() and mprotect(). */
@property (nonatomic) bool allowsProtExec;

/*! Allows settime(). */
@property (nonatomic) bool allowsSetTime;

/*! Allows introspection of processes on the system. */
@property (nonatomic) bool allowsPS;

/*! Allows introspection of the system's virtual memory. */
@property (nonatomic) bool allowsVMInfo;

/*! Allows changing the rights of process, for example the UID. */
@property (nonatomic) bool allowsChangingProcessRights;

/*! Allows certain ioctls on the PF device. */
@property (nonatomic) bool allowsPF;

/*! Allows certain ioctls on audio devices. */
@property (nonatomic) bool allowsAudio;

/*! Allows BIOCGSTATS to collect statistics from a BPF device. */
@property (nonatomic) bool allowsBPF;

/*!
 * @brief Create a new, autorelease OFSandbox.
 */
+ (instancetype)sandbox;

#ifdef OF_HAVE_PLEDGE
Fossil 2.23 [47362306a7] 2023-11-01 18:56:47
This page was generated in about 0.015s