14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
* LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
* file.
*/
#import "OFObject.h"
OF_ASSUME_NONNULL_BEGIN
@class OFArray OF_GENERIC(ObjectType);
/*!
* @class OFSandbox OFSandbox.h ObjFW/OFSandbox.h
*
* @brief A class which describes a sandbox for the application.
*/
@interface OFSandbox: OFObject <OFCopying>
|
>
>
>
>
>
>
>
>
>
>
|
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
* LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
* file.
*/
#import "OFObject.h"
OF_ASSUME_NONNULL_BEGIN
/*! @file */
@class OFArray OF_GENERIC(ObjectType);
@class OFMutableArray OF_GENERIC(ObjectType);
@class OFPair OF_GENERIC(FirstType, SecondType);
/*!
* @brief An @ref OFPair for a path to unveil, with the first string being the
* path and the second the permissions.
*/
typedef OFPair OF_GENERIC(OFString *, OFString *) *of_sandbox_unveil_path_t;
/*!
* @class OFSandbox OFSandbox.h ObjFW/OFSandbox.h
*
* @brief A class which describes a sandbox for the application.
*/
@interface OFSandbox: OFObject <OFCopying>
|
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
unsigned int _allowsSetTime: 1;
unsigned int _allowsPS: 1;
unsigned int _allowsVMInfo: 1;
unsigned int _allowsChangingProcessRights: 1;
unsigned int _allowsPF: 1;
unsigned int _allowsAudio: 1;
unsigned int _allowsBPF: 1;
}
/*!
* @brief Allows IO operations on previously allocated file descriptors.
*/
@property (nonatomic) bool allowsStdIO;
|
>
>
>
|
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
unsigned int _allowsSetTime: 1;
unsigned int _allowsPS: 1;
unsigned int _allowsVMInfo: 1;
unsigned int _allowsChangingProcessRights: 1;
unsigned int _allowsPF: 1;
unsigned int _allowsAudio: 1;
unsigned int _allowsBPF: 1;
unsigned int _allowsUnveil: 1;
unsigned int _returnsErrors: 1;
OFMutableArray OF_GENERIC(of_sandbox_unveil_path_t) *_unveiledPaths;
}
/*!
* @brief Allows IO operations on previously allocated file descriptors.
*/
@property (nonatomic) bool allowsStdIO;
|
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
@property (nonatomic) bool allowsAudio;
/*!
* @brief Allows BIOCGSTATS to collect statistics from a BPF device.
*/
@property (nonatomic) bool allowsBPF;
/*!
* @brief Create a new, autorelease OFSandbox.
*/
+ (instancetype)sandbox;
* @brief Returns the string for OpenBSD's pledge() call.
*
* @warning Only available on systems with the pledge() call!
*/
- (OFString *)pledgeString;
|
|
>
|
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
|
@property (nonatomic) bool allowsAudio;
/*!
* @brief Allows BIOCGSTATS to collect statistics from a BPF device.
*/
@property (nonatomic) bool allowsBPF;
/*!
* @brief Allows unveiling more paths.
*/
@property (nonatomic) bool allowsUnveil;
/*!
* @brief Returns errors instead of killing the process.
*/
@property (nonatomic) bool returnsErrors;
#ifdef OF_HAVE_PLEDGE
/*!
* The string for OpenBSD's pledge() call.
*
* @warning Only available on systems with the pledge() call!
*/
@property (readonly, nonatomic) OFString *pledgeString;
#endif
/*!
* @brief A list of unveiled paths.
*/
@property (readonly, nonatomic)
OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths;
/*!
* @brief Create a new, autorelease OFSandbox.
*/
+ (instancetype)sandbox;
/*!
* @brief "Unveils" the specified path, meaning that it becomes visible from
* the sandbox with the specified permissions.
*
* @param path The path to unveil
* @param permissions The permissions for the path. The following permissions
* can be combined:
* Permission | Description
* -----------|--------------------
* r | Make the path available for reading, like
* | @ref allowsReadingFiles
* w | Make the path available for writing, like
* | @ref allowsWritingFiles
* x | Make the path available for executing, like
* | @ref allowsExec
* c | Make the path available for creation and
* | deletion, like @ref allowsCreatingFiles
*/
- (void)unveilPath: (OFString *)path
permissions: (OFString *)permissions;
@end
OF_ASSUME_NONNULL_END
|