ObjFW  Check-in [510628432f]

Overview
Comment:Make OFSandbox private

It is unclear whether the same API can be applied to other sandboxing
frameworks.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | 1.0
Files: files | file ages | folders
SHA3-256: 510628432fdc10bcb933a4712adc758964248cad133ae5610792dea82788d14f
User & Date: js on 2020-12-22 13:16:28
Other Links: branch diff | manifest | tags
References
2020-12-22
13:18 Ticket [a550bff2f8] Generalize API for OFSandbox status still Open with 4 other changes artifact: f6a083f883 user: js
Context
2021-04-08
17:24
Make OFSandbox private check-in: 787a7388b7 user: js tags: trunk
2020-12-22
20:19
Merge trunk into 1.0 branch check-in: 62edb405b9 user: js tags: 1.0
13:16
Make OFSandbox private check-in: 510628432f user: js tags: 1.0
2020-12-18
10:45
Merge trunk into 1.0 branch check-in: 98c3748090 user: js tags: 1.0
Changes

Modified src/Makefile from [f75f17d137] to [d77caca841].

54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
       OFObject+KeyValueCoding.m	\
       OFObject+Serialization.m		\
       OFOptionsParser.m		\
       OFPair.m				\
       ${OF_PROCESS_M}			\
       OFRIPEMD160Hash.m		\
       OFRunLoop.m			\
       OFSandbox.m			\
       OFSecureData.m			\
       OFSeekableStream.m		\
       OFSet.m				\
       OFSHA1Hash.m			\
       OFSHA224Hash.m			\
       OFSHA224Or256Hash.m		\
       OFSHA256Hash.m			\







<







54
55
56
57
58
59
60

61
62
63
64
65
66
67
       OFObject+KeyValueCoding.m	\
       OFObject+Serialization.m		\
       OFOptionsParser.m		\
       OFPair.m				\
       ${OF_PROCESS_M}			\
       OFRIPEMD160Hash.m		\
       OFRunLoop.m			\

       OFSecureData.m			\
       OFSeekableStream.m		\
       OFSet.m				\
       OFSHA1Hash.m			\
       OFSHA224Hash.m			\
       OFSHA224Or256Hash.m		\
       OFSHA256Hash.m			\
192
193
194
195
196
197
198

199
200
201
202
203
204
205
	OFMutableUTF8String.m		\
	OFNonretainedObjectValue.m	\
	OFPointValue.m			\
	OFPointerValue.m		\
	OFRangeCharacterSet.m		\
	OFRangeValue.m			\
	OFRectangleValue.m		\

	OFSubarray.m			\
	OFUTF8String.m			\
	${LIBBASES_M}			\
	${RUNTIME_AUTORELEASE_M}	\
	${RUNTIME_INSTANCE_M}
SRCS_FILES += OFFileURLHandler.m	\
	      OFINIFileSettings.m







>







191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
	OFMutableUTF8String.m		\
	OFNonretainedObjectValue.m	\
	OFPointValue.m			\
	OFPointerValue.m		\
	OFRangeCharacterSet.m		\
	OFRangeValue.m			\
	OFRectangleValue.m		\
       OFSandbox.m			\
	OFSubarray.m			\
	OFUTF8String.m			\
	${LIBBASES_M}			\
	${RUNTIME_AUTORELEASE_M}	\
	${RUNTIME_INSTANCE_M}
SRCS_FILES += OFFileURLHandler.m	\
	      OFINIFileSettings.m

Modified src/OFApplication.h from [a2a9803d24] to [090cdb1ff6].

198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
/**
 * @brief The delegate of the application.
 */
@property OF_NULLABLE_PROPERTY (assign, nonatomic)
    id <OFApplicationDelegate> delegate;

#ifdef OF_HAVE_SANDBOX
/**
 * @brief The sandbox currently active for this application.
 */
@property OF_NULLABLE_PROPERTY (readonly, nonatomic) OFSandbox *activeSandbox;

/**
 * @brief The sandbox currently active for child processes of this application.
 */
@property OF_NULLABLE_PROPERTY (readonly, nonatomic)
    OFSandbox *activeSandboxForChildProcesses;
#endif

/**
 * @brief Returns the only OFApplication instance in the application.
 *







<
<
<

<
<
<
<







198
199
200
201
202
203
204



205




206
207
208
209
210
211
212
/**
 * @brief The delegate of the application.
 */
@property OF_NULLABLE_PROPERTY (assign, nonatomic)
    id <OFApplicationDelegate> delegate;

#ifdef OF_HAVE_SANDBOX



@property OF_NULLABLE_PROPERTY (readonly, nonatomic) OFSandbox *activeSandbox;




@property OF_NULLABLE_PROPERTY (readonly, nonatomic)
    OFSandbox *activeSandboxForChildProcesses;
#endif

/**
 * @brief Returns the only OFApplication instance in the application.
 *
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
 * @brief Terminates the application with the specified status.
 *
 * @param status The status with which the application will terminate
 */
+ (void)terminateWithStatus: (int)status OF_NO_RETURN;

#ifdef OF_HAVE_SANDBOX
/**
 * @brief Activates the specified sandbox for the application.
 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * @warning If you allow `exec()`, but do not call
 *	    @ref activateSandboxForChildProcesses:, an `exec()`'d process does
 *	    not have its permissions restricted!
 *
 * @note Once a sandbox has been activated, you cannot activate a different
 *	 sandbox. You can however change the active sandbox and reactivate it.
 *
 * @param sandbox The sandbox to activate
 */
+ (void)activateSandbox: (OFSandbox *)sandbox;

/**
 * @brief Activates the specified sandbox for child processes of the
 *	  application.
 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * `unveiledPaths` on the sandbox must *not* be empty, otherwise an
 * @ref OFInvalidArgumentException is raised.
 *
 * @note Once a sandbox has been activated, you cannot activate a different
 *	 sandbox. You can however change the active sandbox and reactivate it.
 *
 * @param sandbox The sandbox to activate
 */
+ (void)activateSandboxForChildProcesses: (OFSandbox *)sandbox;
#endif

- (instancetype)init OF_UNAVAILABLE;

/**
 * @brief Gets argc and argv.
 *







<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|







244
245
246
247
248
249
250














251















252
253
254
255
256
257
258
259
 * @brief Terminates the application with the specified status.
 *
 * @param status The status with which the application will terminate
 */
+ (void)terminateWithStatus: (int)status OF_NO_RETURN;

#ifdef OF_HAVE_SANDBOX














+ (void)of_activateSandbox: (OFSandbox *)sandbox;















+ (void)of_activateSandboxForChildProcesses: (OFSandbox *)sandbox;
#endif

- (instancetype)init OF_UNAVAILABLE;

/**
 * @brief Gets argc and argv.
 *
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
 * @brief Terminates the application with the specified status.
 *
 * @param status The status with which the application will terminate
 */
- (void)terminateWithStatus: (int)status OF_NO_RETURN;

#ifdef OF_HAVE_SANDBOX
/**
 * @brief Activates the specified sandbox for the application.
 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * @warning If you allow `exec()`, but do not call
 *	    @ref activateSandboxForChildProcesses:, an `exec()`'d process does
 *	    not have its permissions restricted!
 *
 * @note Once a sandbox has been activated, you cannot activate a different
 *	 sandbox. You can however change the active sandbox and reactivate it.
 *
 * @param sandbox The sandbox to activate
 */
- (void)activateSandbox: (OFSandbox *)sandbox;

/**
 * @brief Activates the specified sandbox for child processes of the
 *	  application.
 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * `unveiledPaths` on the sandbox must *not* be empty, otherwise an
 * @ref OFInvalidArgumentException is raised.
 *
 * @note Once a sandbox has been activated, you cannot activate a different
 *	 sandbox. You can however change the active sandbox and reactivate it.
 *
 * @param sandbox The sandbox to activate
 */
- (void)activateSandboxForChildProcesses: (OFSandbox *)sandbox;
#endif
@end

#ifdef __cplusplus
extern "C" {
#endif
extern int of_application_main(int *_Nonnull,
    char *_Nullable *_Nonnull[_Nonnull], id <OFApplicationDelegate>);
#ifdef __cplusplus
}
#endif

OF_ASSUME_NONNULL_END







<
<
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
|













272
273
274
275
276
277
278














279















280
281
282
283
284
285
286
287
288
289
290
291
292
293
 * @brief Terminates the application with the specified status.
 *
 * @param status The status with which the application will terminate
 */
- (void)terminateWithStatus: (int)status OF_NO_RETURN;

#ifdef OF_HAVE_SANDBOX














- (void)of_activateSandbox: (OFSandbox *)sandbox;















- (void)of_activateSandboxForChildProcesses: (OFSandbox *)sandbox;
#endif
@end

#ifdef __cplusplus
extern "C" {
#endif
extern int of_application_main(int *_Nonnull,
    char *_Nullable *_Nonnull[_Nonnull], id <OFApplicationDelegate>);
#ifdef __cplusplus
}
#endif

OF_ASSUME_NONNULL_END

Modified src/OFApplication.m from [9bf3f4dbf0] to [7562fe05db].

198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
	sceKernelExitGame();

	OF_UNREACHABLE
#endif
}

#ifdef OF_HAVE_SANDBOX
+ (void)activateSandbox: (OFSandbox *)sandbox
{
	[app activateSandbox: sandbox];
}

+ (void)activateSandboxForChildProcesses: (OFSandbox *)sandbox
{
	[app activateSandboxForChildProcesses: sandbox];
}
#endif

- (instancetype)init
{
	OF_INVALID_INIT_METHOD
}







|

|


|

|







198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
	sceKernelExitGame();

	OF_UNREACHABLE
#endif
}

#ifdef OF_HAVE_SANDBOX
+ (void)of_activateSandbox: (OFSandbox *)sandbox
{
	[app of_activateSandbox: sandbox];
}

+ (void)of_activateSandboxForChildProcesses: (OFSandbox *)sandbox
{
	[app of_activateSandboxForChildProcesses: sandbox];
}
#endif

- (instancetype)init
{
	OF_INVALID_INIT_METHOD
}
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
{
	[self.class terminateWithStatus: status];

	OF_UNREACHABLE
}

#ifdef OF_HAVE_SANDBOX
- (void)activateSandbox: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
	void *pool = objc_autoreleasePoolPush();
	of_string_encoding_t encoding = [OFLocale encoding];
	OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths;
	size_t unveiledPathsCount;
	const char *promises;







|







623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
{
	[self.class terminateWithStatus: status];

	OF_UNREACHABLE
}

#ifdef OF_HAVE_SANDBOX
- (void)of_activateSandbox: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
	void *pool = objc_autoreleasePoolPush();
	of_string_encoding_t encoding = [OFLocale encoding];
	OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths;
	size_t unveiledPathsCount;
	const char *promises;
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
	objc_autoreleasePoolPop(pool);

	if (_activeSandbox == nil)
		_activeSandbox = [sandbox retain];
# endif
}

- (void)activateSandboxForChildProcesses: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
	void *pool = objc_autoreleasePoolPush();
	const char *promises;

	if (_activeSandboxForChildProcesses != nil &&
	    sandbox != _activeSandboxForChildProcesses)







|







668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
	objc_autoreleasePoolPop(pool);

	if (_activeSandbox == nil)
		_activeSandbox = [sandbox retain];
# endif
}

- (void)of_activateSandboxForChildProcesses: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
	void *pool = objc_autoreleasePoolPush();
	const char *promises;

	if (_activeSandboxForChildProcesses != nil &&
	    sandbox != _activeSandboxForChildProcesses)

Modified src/OFSandbox.h from [e483b091af] to [6889cf69c3].

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 * file.
 */

#import "OFObject.h"

OF_ASSUME_NONNULL_BEGIN

/** @file */

@class OFArray OF_GENERIC(ObjectType);
@class OFMutableArray OF_GENERIC(ObjectType);
@class OFPair OF_GENERIC(FirstType, SecondType);

/**
 * @brief An @ref OFPair for a path to unveil, with the first string being the
 *	  path and the second the permissions.
 */
typedef OFPair OF_GENERIC(OFString *, OFString *) *of_sandbox_unveil_path_t;

/**
 * @class OFSandbox OFSandbox.h ObjFW/OFSandbox.h
 *
 * @brief A class which describes a sandbox for the application.
 */
@interface OFSandbox: OFObject <OFCopying>
{
	unsigned int _allowsStdIO: 1;
	unsigned int _allowsReadingFiles: 1;
	unsigned int _allowsWritingFiles: 1;
	unsigned int _allowsCreatingFiles: 1;
	unsigned int _allowsCreatingSpecialFiles: 1;







<
<




<
<
<
<


<
<
<
<
<







15
16
17
18
19
20
21


22
23
24
25




26
27





28
29
30
31
32
33
34
 * file.
 */

#import "OFObject.h"

OF_ASSUME_NONNULL_BEGIN



@class OFArray OF_GENERIC(ObjectType);
@class OFMutableArray OF_GENERIC(ObjectType);
@class OFPair OF_GENERIC(FirstType, SecondType);





typedef OFPair OF_GENERIC(OFString *, OFString *) *of_sandbox_unveil_path_t;






@interface OFSandbox: OFObject <OFCopying>
{
	unsigned int _allowsStdIO: 1;
	unsigned int _allowsReadingFiles: 1;
	unsigned int _allowsWritingFiles: 1;
	unsigned int _allowsCreatingFiles: 1;
	unsigned int _allowsCreatingSpecialFiles: 1;
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
	unsigned int _returnsErrors: 1;
	OFMutableArray OF_GENERIC(of_sandbox_unveil_path_t) *_unveiledPaths;
@public
	size_t _unveiledPathsIndex;
	OF_RESERVE_IVARS(OFSandbox, 4)
}

/**
 * @brief Allows IO operations on previously allocated file descriptors.
 */
@property (nonatomic) bool allowsStdIO;

/**
 * @brief Allows read access to the file system.
 */
@property (nonatomic) bool allowsReadingFiles;

/**
 * @brief Allows write access to the file system.
 */
@property (nonatomic) bool allowsWritingFiles;

/**
 * @brief Allows creating files in the file system.
 */
@property (nonatomic) bool allowsCreatingFiles;

/**
 * @brief Allows creating special files in the file system.
 */
@property (nonatomic) bool allowsCreatingSpecialFiles;

/**
 * @brief Allows creating, reading and writing temporary files in `/tmp`.
 */
@property (nonatomic) bool allowsTemporaryFiles;

/**
 * @brief Allows using IP sockets.
 */
@property (nonatomic) bool allowsIPSockets;

/**
 * @brief Allows multicast sockets.
 */
@property (nonatomic) bool allowsMulticastSockets;

/**
 * @brief Allows explicit changes to file attributes.
 */
@property (nonatomic) bool allowsChangingFileAttributes;

/**
 * @brief Allows changing ownership of files.
 */
@property (nonatomic) bool allowsFileOwnerChanges;

/**
 * @brief Allows file locks.
 */
@property (nonatomic) bool allowsFileLocks;

/**
 * @brief Allows UNIX sockets.
 */
@property (nonatomic) bool allowsUNIXSockets;

/**
 * @brief Allows syscalls necessary for DNS lookups.
 */
@property (nonatomic) bool allowsDNS;

/**
 * @brief Allows to look up users and groups.
 */
@property (nonatomic) bool allowsUserDatabaseReading;

/**
 * @brief Allows sending file descriptors via sendmsg().
 */
@property (nonatomic) bool allowsFileDescriptorSending;

/**
 * @brief Allows receiving file descriptors via recvmsg().
 */
@property (nonatomic) bool allowsFileDescriptorReceiving;

/**
 * @brief Allows MTIOCGET and MTIOCTOP operations on tape devices.
 */
@property (nonatomic) bool allowsTape;

/**
 * @brief Allows read-write operations and ioctls on the TTY.
 */
@property (nonatomic) bool allowsTTY;

/**
 * @brief Allows various process relationshop operations.
 */
@property (nonatomic) bool allowsProcessOperations;

/**
 * @brief Allows execve().
 */
@property (nonatomic) bool allowsExec;

/**
 * @brief Allows PROT_EXEC for `mmap()` and `mprotect()`.
 */
@property (nonatomic) bool allowsProtExec;

/**
 * @brief Allows `settime()`.
 */
@property (nonatomic) bool allowsSetTime;

/**
 * @brief Allows introspection of processes on the system.
 */
@property (nonatomic) bool allowsPS;

/**
 * @brief Allows introspection of the system's virtual memory.
 */
@property (nonatomic) bool allowsVMInfo;

/**
 * @brief Allows changing the rights of process, for example the UID.
 */
@property (nonatomic) bool allowsChangingProcessRights;

/**
 * @brief Allows certain ioctls on the PF device.
 */
@property (nonatomic) bool allowsPF;

/**
 * @brief Allows certain ioctls on audio devices.
 */
@property (nonatomic) bool allowsAudio;

/**
 * @brief Allows BIOCGSTATS to collect statistics from a BPF device.
 */
@property (nonatomic) bool allowsBPF;

/**
 * @brief Allows unveiling more paths.
 */
@property (nonatomic) bool allowsUnveil;

/**
 * @brief Returns errors instead of killing the process.
 */
@property (nonatomic) bool returnsErrors;

#ifdef OF_HAVE_PLEDGE
/**
 * The string for OpenBSD's pledge() call.
 *
 * @warning Only available on systems with the pledge() call!
 */
@property (readonly, nonatomic) OFString *pledgeString;
#endif

/**
 * @brief A list of unveiled paths.
 */
@property (readonly, nonatomic)
    OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths;

/**
 * @brief Create a new, autorelease OFSandbox.
 */
+ (instancetype)sandbox;

/**
 * @brief "Unveils" the specified path, meaning that it becomes visible from
 *	  the sandbox with the specified permissions.
 *
 * @param path The path to unveil
 * @param permissions The permissions for the path. The following permissions
 *		      can be combined:
 *		      Permission | Description
 *		      -----------|--------------------
 *		      r          | Make the path available for reading, like
 *		                 | @ref allowsReadingFiles
 *		      w          | Make the path available for writing, like
 *		                 | @ref allowsWritingFiles
 *		      x          | Make the path available for executing, like
 *		                 | @ref allowsExec
 *		      c          | Make the path available for creation and
 *		                 | deletion, like @ref allowsCreatingFiles
 */
- (void)unveilPath: (OFString *)path
       permissions: (OFString *)permissions;
@end

OF_ASSUME_NONNULL_END







<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<
<
<
<

<

<
<
<
<
<


<
<
<
<



<
<
<

<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<





59
60
61
62
63
64
65



66




67




68




69




70




71




72




73




74




75




76




77




78




79




80




81




82




83




84




85




86




87




88




89




90




91




92




93




94




95

96





97
98




99
100
101



102



















103
104
105
106
107
	unsigned int _returnsErrors: 1;
	OFMutableArray OF_GENERIC(of_sandbox_unveil_path_t) *_unveiledPaths;
@public
	size_t _unveiledPathsIndex;
	OF_RESERVE_IVARS(OFSandbox, 4)
}




@property (nonatomic) bool allowsStdIO;




@property (nonatomic) bool allowsReadingFiles;




@property (nonatomic) bool allowsWritingFiles;




@property (nonatomic) bool allowsCreatingFiles;




@property (nonatomic) bool allowsCreatingSpecialFiles;




@property (nonatomic) bool allowsTemporaryFiles;




@property (nonatomic) bool allowsIPSockets;




@property (nonatomic) bool allowsMulticastSockets;




@property (nonatomic) bool allowsChangingFileAttributes;




@property (nonatomic) bool allowsFileOwnerChanges;




@property (nonatomic) bool allowsFileLocks;




@property (nonatomic) bool allowsUNIXSockets;




@property (nonatomic) bool allowsDNS;




@property (nonatomic) bool allowsUserDatabaseReading;




@property (nonatomic) bool allowsFileDescriptorSending;




@property (nonatomic) bool allowsFileDescriptorReceiving;




@property (nonatomic) bool allowsTape;




@property (nonatomic) bool allowsTTY;




@property (nonatomic) bool allowsProcessOperations;




@property (nonatomic) bool allowsExec;




@property (nonatomic) bool allowsProtExec;




@property (nonatomic) bool allowsSetTime;




@property (nonatomic) bool allowsPS;




@property (nonatomic) bool allowsVMInfo;




@property (nonatomic) bool allowsChangingProcessRights;




@property (nonatomic) bool allowsPF;




@property (nonatomic) bool allowsAudio;




@property (nonatomic) bool allowsBPF;




@property (nonatomic) bool allowsUnveil;




@property (nonatomic) bool returnsErrors;

#ifdef OF_HAVE_PLEDGE





@property (readonly, nonatomic) OFString *pledgeString;
#endif




@property (readonly, nonatomic)
    OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths;




+ (instancetype)sandbox;



















- (void)unveilPath: (OFString *)path
       permissions: (OFString *)permissions;
@end

OF_ASSUME_NONNULL_END

Modified src/ObjFW.h from [253b474482] to [2bba394ec2].

126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

#import "OFApplication.h"
#import "OFSystemInfo.h"
#import "OFLocale.h"
#import "OFOptionsParser.h"
#import "OFTimer.h"
#import "OFRunLoop.h"
#import "OFSandbox.h"

#ifdef OF_WINDOWS
# import "OFWindowsRegistryKey.h"
#endif

#import "OFAllocFailedException.h"
#import "OFException.h"







<







126
127
128
129
130
131
132

133
134
135
136
137
138
139

#import "OFApplication.h"
#import "OFSystemInfo.h"
#import "OFLocale.h"
#import "OFOptionsParser.h"
#import "OFTimer.h"
#import "OFRunLoop.h"


#ifdef OF_WINDOWS
# import "OFWindowsRegistryKey.h"
#endif

#import "OFAllocFailedException.h"
#import "OFException.h"
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
#import "OFReadFailedException.h"
#import "OFReadOrWriteFailedException.h"
#import "OFRemoveItemFailedException.h"
#ifdef OF_HAVE_SOCKETS
# import "OFResolveHostFailedException.h"
#endif
#import "OFRetrieveItemAttributesFailedException.h"
#import "OFSandboxActivationFailedException.h"
#import "OFSeekFailedException.h"
#import "OFSetItemAttributesFailedException.h"
#import "OFSetOptionFailedException.h"
#ifdef OF_WINDOWS
# import "OFSetWindowsRegistryValueFailedException.h"
#endif
#import "OFStillLockedException.h"







<







209
210
211
212
213
214
215

216
217
218
219
220
221
222
#import "OFReadFailedException.h"
#import "OFReadOrWriteFailedException.h"
#import "OFRemoveItemFailedException.h"
#ifdef OF_HAVE_SOCKETS
# import "OFResolveHostFailedException.h"
#endif
#import "OFRetrieveItemAttributesFailedException.h"

#import "OFSeekFailedException.h"
#import "OFSetItemAttributesFailedException.h"
#import "OFSetOptionFailedException.h"
#ifdef OF_WINDOWS
# import "OFSetWindowsRegistryValueFailedException.h"
#endif
#import "OFStillLockedException.h"

Modified src/exceptions/Makefile from [103a175ba6] to [351e362627].

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
       OFOpenItemFailedException.m			\
       OFOutOfMemoryException.m				\
       OFOutOfRangeException.m				\
       OFReadFailedException.m				\
       OFReadOrWriteFailedException.m			\
       OFRemoveItemFailedException.m			\
       OFRetrieveItemAttributesFailedException.m	\
       OFSandboxActivationFailedException.m		\
       OFSeekFailedException.m				\
       OFSetItemAttributesFailedException.m		\
       OFSetOptionFailedException.m			\
       OFStillLockedException.m				\
       OFTruncatedDataException.m			\
       OFUnboundNamespaceException.m			\
       OFUnboundPrefixException.m			\







<







29
30
31
32
33
34
35

36
37
38
39
40
41
42
       OFOpenItemFailedException.m			\
       OFOutOfMemoryException.m				\
       OFOutOfRangeException.m				\
       OFReadFailedException.m				\
       OFReadOrWriteFailedException.m			\
       OFRemoveItemFailedException.m			\
       OFRetrieveItemAttributesFailedException.m	\

       OFSeekFailedException.m				\
       OFSetItemAttributesFailedException.m		\
       OFSetOptionFailedException.m			\
       OFStillLockedException.m				\
       OFTruncatedDataException.m			\
       OFUnboundNamespaceException.m			\
       OFUnboundPrefixException.m			\
73
74
75
76
77
78
79
80


81
82
83
84
SRCS_WINDOWS = OFCreateWindowsRegistryKeyFailedException.m	\
	       OFDeleteWindowsRegistryKeyFailedException.m	\
	       OFDeleteWindowsRegistryValueFailedException.m	\
	       OFGetWindowsRegistryValueFailedException.m	\
	       OFOpenWindowsRegistryKeyFailedException.m	\
	       OFSetWindowsRegistryValueFailedException.m

INCLUDES = ${SRCS:.m=.h}



include ../../buildsys.mk

CPPFLAGS += -I. -I.. -I../.. -I../runtime







|
>
>




72
73
74
75
76
77
78
79
80
81
82
83
84
85
SRCS_WINDOWS = OFCreateWindowsRegistryKeyFailedException.m	\
	       OFDeleteWindowsRegistryKeyFailedException.m	\
	       OFDeleteWindowsRegistryValueFailedException.m	\
	       OFGetWindowsRegistryValueFailedException.m	\
	       OFOpenWindowsRegistryKeyFailedException.m	\
	       OFSetWindowsRegistryValueFailedException.m

INCLUDES := ${SRCS:.m=.h}

SRCS += OFSandboxActivationFailedException.m

include ../../buildsys.mk

CPPFLAGS += -I. -I.. -I../.. -I../runtime

Modified src/exceptions/OFSandboxActivationFailedException.h from [4b78a21d95] to [21ea9e53e1].

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

#import "OFException.h"

OF_ASSUME_NONNULL_BEGIN

@class OFSandbox;

/**
 * @class OFSandboxActivationFailedException \
 *	  OFSandboxActivationFailedException.h \
 *	  ObjFW/OFSandboxActivationFailedException.h
 *
 * @brief An exception indicating that sandboxing the process failed.
 */
@interface OFSandboxActivationFailedException: OFException
{
	OFSandbox *_sandbox;
	int _errNo;
}

/**
 * @brief The sandbox which could not be activated.
 */
@property (readonly, nonatomic) OFSandbox *sandbox;

/**
 * @brief The errno of the error that occurred.
 */
@property (readonly, nonatomic) int errNo;

+ (instancetype)exception OF_UNAVAILABLE;

/**
 * @brief Creates a new, autoreleased sandboxing failed exception.
 *
 * @param sandbox The sandbox which could not be activated
 * @param errNo The errno of the error that occurred
 * @return A new, autoreleased sandboxing failed exception
 */
+ (instancetype)exceptionWithSandbox: (OFSandbox *)sandbox
			       errNo: (int)errNo;

- (instancetype)init OF_UNAVAILABLE;

/**
 * @brief Initializes an already allocated sandboxing failed exception.
 *
 * @param sandbox The sandbox which could not be activated
 * @param errNo The errno of the error that occurred
 * @return An initialized sandboxing failed exception
 */
- (instancetype)initWithSandbox: (OFSandbox *)sandbox
			  errNo: (int)errNo OF_DESIGNATED_INITIALIZER;
@end

OF_ASSUME_NONNULL_END







<
<
<
<
<
<
<






<
<
<

<
<
<
<



<
<
<
<
<
<
<
<


<

<
<
<
<
<
<
<
<





17
18
19
20
21
22
23







24
25
26
27
28
29



30




31
32
33








34
35

36








37
38
39
40
41

#import "OFException.h"

OF_ASSUME_NONNULL_BEGIN

@class OFSandbox;








@interface OFSandboxActivationFailedException: OFException
{
	OFSandbox *_sandbox;
	int _errNo;
}




@property (readonly, nonatomic) OFSandbox *sandbox;




@property (readonly, nonatomic) int errNo;

+ (instancetype)exception OF_UNAVAILABLE;








+ (instancetype)exceptionWithSandbox: (OFSandbox *)sandbox
			       errNo: (int)errNo;

- (instancetype)init OF_UNAVAILABLE;








- (instancetype)initWithSandbox: (OFSandbox *)sandbox
			  errNo: (int)errNo OF_DESIGNATED_INITIALIZER;
@end

OF_ASSUME_NONNULL_END

Modified utils/ofarc/OFArc.m from [f2fa0ce091] to [edd8dd6d33].

180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
	sandbox.allowsWritingFiles = true;
	sandbox.allowsCreatingFiles = true;
	sandbox.allowsChangingFileAttributes = true;
	sandbox.allowsUserDatabaseReading = true;
	/* Dropped after parsing options */
	sandbox.allowsUnveil = true;

	[OFApplication activateSandbox: sandbox];
#endif

#ifndef OF_AMIGAOS
	[OFLocale addLanguageDirectory: @LANGUAGE_DIR];
#else
	[OFLocale addLanguageDirectory: @"PROGDIR:/share/ofarc/lang"];
#endif







|







180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
	sandbox.allowsWritingFiles = true;
	sandbox.allowsCreatingFiles = true;
	sandbox.allowsChangingFileAttributes = true;
	sandbox.allowsUserDatabaseReading = true;
	/* Dropped after parsing options */
	sandbox.allowsUnveil = true;

	[OFApplication of_activateSandbox: sandbox];
#endif

#ifndef OF_AMIGAOS
	[OFLocale addLanguageDirectory: @LANGUAGE_DIR];
#else
	[OFLocale addLanguageDirectory: @"PROGDIR:/share/ofarc/lang"];
#endif
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
				permissions: (mode == 'a' ? @"rwc" : @"wc")];

		for (OFString *path in files)
			[sandbox unveilPath: path
				permissions: @"r"];

		sandbox.allowsUnveil = false;
		[OFApplication activateSandbox: sandbox];
#endif

		archive = [self
		    openArchiveWithPath: remainingArguments.firstObject
				   type: type
				   mode: mode
			       encoding: encoding];

		[archive addFiles: files];
		break;
	case 'l':
		if (remainingArguments.count != 1)
			help(of_stderr, false, 1);

#ifdef OF_HAVE_SANDBOX
		if (![remainingArguments.firstObject isEqual: @"-"])
			[sandbox unveilPath: remainingArguments.firstObject
				permissions: @"r"];

		sandbox.allowsUnveil = false;
		[OFApplication activateSandbox: sandbox];
#endif

		archive = [self
		    openArchiveWithPath: remainingArguments.firstObject
				   type: type
				   mode: mode
			       encoding: encoding];

		[archive listFiles];
		break;
	case 'p':
		if (remainingArguments.count < 1)
			help(of_stderr, false, 1);

#ifdef OF_HAVE_SANDBOX
		if (![remainingArguments.firstObject isEqual: @"-"])
			[sandbox unveilPath: remainingArguments.firstObject
				permissions: @"r"];

		sandbox.allowsUnveil = false;
		[OFApplication activateSandbox: sandbox];
#endif

		files = [remainingArguments objectsInRange:
		    of_range(1, remainingArguments.count - 1)];

		archive = [self
		    openArchiveWithPath: remainingArguments.firstObject







|




















|




















|







326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
				permissions: (mode == 'a' ? @"rwc" : @"wc")];

		for (OFString *path in files)
			[sandbox unveilPath: path
				permissions: @"r"];

		sandbox.allowsUnveil = false;
		[OFApplication of_activateSandbox: sandbox];
#endif

		archive = [self
		    openArchiveWithPath: remainingArguments.firstObject
				   type: type
				   mode: mode
			       encoding: encoding];

		[archive addFiles: files];
		break;
	case 'l':
		if (remainingArguments.count != 1)
			help(of_stderr, false, 1);

#ifdef OF_HAVE_SANDBOX
		if (![remainingArguments.firstObject isEqual: @"-"])
			[sandbox unveilPath: remainingArguments.firstObject
				permissions: @"r"];

		sandbox.allowsUnveil = false;
		[OFApplication of_activateSandbox: sandbox];
#endif

		archive = [self
		    openArchiveWithPath: remainingArguments.firstObject
				   type: type
				   mode: mode
			       encoding: encoding];

		[archive listFiles];
		break;
	case 'p':
		if (remainingArguments.count < 1)
			help(of_stderr, false, 1);

#ifdef OF_HAVE_SANDBOX
		if (![remainingArguments.firstObject isEqual: @"-"])
			[sandbox unveilPath: remainingArguments.firstObject
				permissions: @"r"];

		sandbox.allowsUnveil = false;
		[OFApplication of_activateSandbox: sandbox];
#endif

		files = [remainingArguments objectsInRange:
		    of_range(1, remainingArguments.count - 1)];

		archive = [self
		    openArchiveWithPath: remainingArguments.firstObject
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
			    ? outputDir : OF_PATH_CURRENT_DIRECTORY);
			/* We need 'r' to change the directory to it. */
			[sandbox unveilPath: path
				permissions: @"rwc"];
		}

		sandbox.allowsUnveil = false;
		[OFApplication activateSandbox: sandbox];
#endif

		archive = [self
		    openArchiveWithPath: remainingArguments.firstObject
				   type: type
				   mode: mode
			       encoding: encoding];







|







407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
			    ? outputDir : OF_PATH_CURRENT_DIRECTORY);
			/* We need 'r' to change the directory to it. */
			[sandbox unveilPath: path
				permissions: @"rwc"];
		}

		sandbox.allowsUnveil = false;
		[OFApplication of_activateSandbox: sandbox];
#endif

		archive = [self
		    openArchiveWithPath: remainingArguments.firstObject
				   type: type
				   mode: mode
			       encoding: encoding];

Modified utils/ofdns/OFDNS.m from [7cbfa15818] to [738e19c883].

109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

#ifdef OF_HAVE_SANDBOX
	OFSandbox *sandbox = [[OFSandbox alloc] init];
	@try {
		sandbox.allowsStdIO = true;
		sandbox.allowsDNS = true;

		[OFApplication activateSandbox: sandbox];
	} @finally {
		[sandbox release];
	}
#endif

	recordTypes = [OFMutableArray array];








|







109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

#ifdef OF_HAVE_SANDBOX
	OFSandbox *sandbox = [[OFSandbox alloc] init];
	@try {
		sandbox.allowsStdIO = true;
		sandbox.allowsDNS = true;

		[OFApplication of_activateSandbox: sandbox];
	} @finally {
		[sandbox release];
	}
#endif

	recordTypes = [OFMutableArray array];

Modified utils/ofhash/OFHash.m from [58d815f0b3] to [b2fba3a19f].

133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
		for (OFString *path in optionsParser.remainingArguments)
			[sandbox unveilPath: path
				permissions: @"r"];

		[sandbox unveilPath: @LANGUAGE_DIR
			permissions: @"r"];

		[OFApplication activateSandbox: sandbox];
	} @finally {
		[sandbox release];
	}
#endif

	if (!calculateMD5 && !calculateRIPEMD160 && !calculateSHA1 &&
	    !calculateSHA224 && !calculateSHA256 && !calculateSHA384 &&







|







133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
		for (OFString *path in optionsParser.remainingArguments)
			[sandbox unveilPath: path
				permissions: @"r"];

		[sandbox unveilPath: @LANGUAGE_DIR
			permissions: @"r"];

		[OFApplication of_activateSandbox: sandbox];
	} @finally {
		[sandbox release];
	}
#endif

	if (!calculateMD5 && !calculateRIPEMD160 && !calculateSHA1 &&
	    !calculateSHA224 && !calculateSHA256 && !calculateSHA384 &&

Modified utils/ofhttp/OFHTTP.m from [089353e353] to [8920dc599a].

445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
	sandbox.allowsIPSockets = true;
	sandbox.allowsDNS = true;
	sandbox.allowsUserDatabaseReading = true;
	sandbox.allowsTTY = true;
	/* Dropped after parsing options */
	sandbox.allowsUnveil = true;

	[OFApplication activateSandbox: sandbox];
#endif

#ifndef OF_AMIGAOS
	[OFLocale addLanguageDirectory: @LANGUAGE_DIR];
#else
	[OFLocale addLanguageDirectory: @"PROGDIR:/share/ofhttp/lang"];
#endif







|







445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
	sandbox.allowsIPSockets = true;
	sandbox.allowsDNS = true;
	sandbox.allowsUserDatabaseReading = true;
	sandbox.allowsTTY = true;
	/* Dropped after parsing options */
	sandbox.allowsUnveil = true;

	[OFApplication of_activateSandbox: sandbox];
#endif

#ifndef OF_AMIGAOS
	[OFLocale addLanguageDirectory: @LANGUAGE_DIR];
#else
	[OFLocale addLanguageDirectory: @"PROGDIR:/share/ofhttp/lang"];
#endif
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
				 ? outputPath : OF_PATH_CURRENT_DIRECTORY)
		permissions: (_continue ? @"rwc" : @"wc")];
	/* In case we use ObjOpenSSL for https later */
	[sandbox unveilPath: @"/etc/ssl"
		permissions: @"r"];

	sandbox.allowsUnveil = false;
	[OFApplication activateSandbox: sandbox];
#endif

	_outputPath = [outputPath copy];
	_URLs = [optionsParser.remainingArguments copy];

	if (_URLs.count < 1)
		help(of_stderr, false, 1);







|







535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
				 ? outputPath : OF_PATH_CURRENT_DIRECTORY)
		permissions: (_continue ? @"rwc" : @"wc")];
	/* In case we use ObjOpenSSL for https later */
	[sandbox unveilPath: @"/etc/ssl"
		permissions: @"r"];

	sandbox.allowsUnveil = false;
	[OFApplication of_activateSandbox: sandbox];
#endif

	_outputPath = [outputPath copy];
	_URLs = [optionsParser.remainingArguments copy];

	if (_URLs.count < 1)
		help(of_stderr, false, 1);