Overview
| Comment: | OFSandbox: Avoid unveiling already unveiled paths
When changing and activating a sandbox again, do not unveil paths that |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
8af3eedb0230f0562d6610d0c95487b1 |
| User & Date: | js on 2018-11-11 22:16:10 |
| Other Links: | manifest | tags |
Context
|
2018-11-11
| ||
| 22:30 | OFApplication: Disallow using a different sandbox check-in: e0c2e70f7b user: js tags: trunk | |
| 22:16 | OFSandbox: Avoid unveiling already unveiled paths check-in: 8af3eedb02 user: js tags: trunk | |
|
2018-11-10
| ||
| 10:57 | Update buildsys check-in: c30c9fe6ad user: js tags: trunk | |
Changes
Modified src/OFApplication.m from [e8c3d87532] to [517256bc85].
| ︙ | ︙ | |||
593 594 595 596 597 598 599 600 601 |
- (void)activateSandbox: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
void *pool = objc_autoreleasePoolPush();
of_string_encoding_t encoding = [OFLocale encoding];
const char *promises = [[sandbox pledgeString]
cStringWithEncoding: encoding];
OFSandbox *oldSandbox;
| > > > > > > > | > > > | 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 |
- (void)activateSandbox: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
void *pool = objc_autoreleasePoolPush();
of_string_encoding_t encoding = [OFLocale encoding];
const char *promises = [[sandbox pledgeString]
cStringWithEncoding: encoding];
OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths;
size_t unveiledPathsCount;
OFSandbox *oldSandbox;
unveiledPaths = [sandbox unveiledPaths];
unveiledPathsCount = [unveiledPaths count];
for (size_t i = sandbox->_unveiledPathsIndex;
i < unveiledPathsCount; i++) {
of_sandbox_unveil_path_t unveiledPath =
[unveiledPaths objectAtIndex: i];
OFString *path = [unveiledPath firstObject];
OFString *permissions = [unveiledPath secondObject];
if (path == nil || permissions == nil)
@throw [OFInvalidArgumentException exception];
unveil([path cStringWithEncoding: encoding],
[permissions cStringWithEncoding: encoding]);
}
sandbox->_unveiledPathsIndex = unveiledPathsCount;
if (pledge(promises, NULL) != 0)
@throw [OFSandboxActivationFailedException
exceptionWithSandbox: sandbox
errNo: errno];
objc_autoreleasePoolPop(pool);
|
| ︙ | ︙ |
Modified src/OFSandbox.h from [814bcfc2f4] to [572224ada5].
| ︙ | ︙ | |||
65 66 67 68 69 70 71 72 73 74 75 76 77 78 | unsigned int _allowsChangingProcessRights: 1; unsigned int _allowsPF: 1; unsigned int _allowsAudio: 1; unsigned int _allowsBPF: 1; unsigned int _allowsUnveil: 1; unsigned int _returnsErrors: 1; OFMutableArray OF_GENERIC(of_sandbox_unveil_path_t) *_unveiledPaths; } /*! * @brief Allows IO operations on previously allocated file descriptors. */ @property (nonatomic) bool allowsStdIO; | > > | 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | unsigned int _allowsChangingProcessRights: 1; unsigned int _allowsPF: 1; unsigned int _allowsAudio: 1; unsigned int _allowsBPF: 1; unsigned int _allowsUnveil: 1; unsigned int _returnsErrors: 1; OFMutableArray OF_GENERIC(of_sandbox_unveil_path_t) *_unveiledPaths; @public size_t _unveiledPathsIndex; } /*! * @brief Allows IO operations on previously allocated file descriptors. */ @property (nonatomic) bool allowsStdIO; |
| ︙ | ︙ |