ObjFW  Check-in [e0c2e70f7b]

Overview
Comment:OFApplication: Disallow using a different sandbox

While the active sandbox can be changed, a different sandbox must not be
activated. The reason for this is that allowing to activate a different
sandbox makes it impossible to track which paths have already been
unveiled.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: e0c2e70f7ba9ff7ff923590c7a5ca9a3659d17bccc3f6d7352fa8704a8686bf0
User & Date: js on 2018-11-11 22:30:21
Other Links: manifest | tags
Context
2018-11-17
22:46
Improve property name consistency check-in: 4ec7e46c8a user: js tags: trunk
2018-11-11
22:30
OFApplication: Disallow using a different sandbox check-in: e0c2e70f7b user: js tags: trunk
22:16
OFSandbox: Avoid unveiling already unveiled paths check-in: 8af3eedb02 user: js tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified src/OFApplication.h from [6e9b955715] to [2092ccca9e]. 

234
235
236
237
238
239
240



241
242
243
244
245
246
247
248
249
250
251
252



253
254
255
256
257
258
259

 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * @warning If you allow `exec()`, but do not call
 * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have
 * its permissions restricted!
 *



 * @param sandbox The sandbox to activate
 */
+ (void)activateSandbox: (OFSandbox *)sandbox;

/*!
 * @brief Activates the specified sandbox for `exec()`'d processes of the
 *	  application.
 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * `unveiledPaths` on the sandbox must *not* be empty, otherwise an
 * @ref OFInvalidArgumentException is raised.



 *
 * @param sandbox The sandbox to activate
 */
+ (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox;
#endif

- (instancetype)init OF_UNAVAILABLE;








>
>
>












>
>
>








234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265

 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * @warning If you allow `exec()`, but do not call
 * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have
 * its permissions restricted!
 *
 * @note Once a sandbox has been activated, you cannot activate a different
 *	 sandbox. You can however change the active sandbox and reactivate it.
 *
 * @param sandbox The sandbox to activate
 */
+ (void)activateSandbox: (OFSandbox *)sandbox;

/*!
 * @brief Activates the specified sandbox for `exec()`'d processes of the
 *	  application.
 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * `unveiledPaths` on the sandbox must *not* be empty, otherwise an
 * @ref OFInvalidArgumentException is raised.
 *
 * @note Once a sandbox has been activated, you cannot activate a different
 *	 sandbox. You can however change the active sandbox and reactivate it.
 *
 * @param sandbox The sandbox to activate
 */
+ (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox;
#endif

- (instancetype)init OF_UNAVAILABLE;

285
286
287
288
289
290
291



292
293
294
295
296
297
298
299
300
301
302
303



304
305
306
307
308
309
310

 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * @warning If you allow `exec()`, but do not call
 * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have
 * its permissions restricted!
 *



 * @param sandbox The sandbox to activate
 */
- (void)activateSandbox: (OFSandbox *)sandbox;

/*!
 * @brief Activates the specified sandbox for `exec()`'d processes of the
 *	  application.
 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * `unveiledPaths` on the sandbox must *not* be empty, otherwise an
 * @ref OFInvalidArgumentException is raised.



 *
 * @param sandbox The sandbox to activate
 */
- (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox;
#endif
@end









>
>
>












>
>
>








291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322

 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * @warning If you allow `exec()`, but do not call
 * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have
 * its permissions restricted!
 *
 * @note Once a sandbox has been activated, you cannot activate a different
 *	 sandbox. You can however change the active sandbox and reactivate it.
 *
 * @param sandbox The sandbox to activate
 */
- (void)activateSandbox: (OFSandbox *)sandbox;

/*!
 * @brief Activates the specified sandbox for `exec()`'d processes of the
 *	  application.
 *
 * This is only available if `OF_HAVE_SANDBOX` is defined.
 *
 * `unveiledPaths` on the sandbox must *not* be empty, otherwise an
 * @ref OFInvalidArgumentException is raised.
 *
 * @note Once a sandbox has been activated, you cannot activate a different
 *	 sandbox. You can however change the active sandbox and reactivate it.
 *
 * @param sandbox The sandbox to activate
 */
- (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox;
#endif
@end

Modified src/OFApplication.m from [517256bc85] to [bd6d38d7b4]. 

591
592
593
594
595
596
597
598
599
600
601

602


603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622


623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642

643
644
645
646



647
648
649
650
651
652
653
654
655
656
657
658
659
660


#ifdef OF_HAVE_SANDBOX
- (void)activateSandbox: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
	void *pool = objc_autoreleasePoolPush();
	of_string_encoding_t encoding = [OFLocale encoding];
	const char *promises = [[sandbox pledgeString]
	    cStringWithEncoding: encoding];
	OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths;
	size_t unveiledPathsCount;

	OFSandbox *oldSandbox;



	unveiledPaths = [sandbox unveiledPaths];
	unveiledPathsCount = [unveiledPaths count];

	for (size_t i = sandbox->_unveiledPathsIndex;
	    i < unveiledPathsCount; i++) {
		of_sandbox_unveil_path_t unveiledPath =
		    [unveiledPaths objectAtIndex: i];
		OFString *path = [unveiledPath firstObject];
		OFString *permissions = [unveiledPath secondObject];

		if (path == nil || permissions == nil)
			@throw [OFInvalidArgumentException exception];

		unveil([path cStringWithEncoding: encoding],
		    [permissions cStringWithEncoding: encoding]);
	}

	sandbox->_unveiledPathsIndex = unveiledPathsCount;



	if (pledge(promises, NULL) != 0)
		@throw [OFSandboxActivationFailedException
		    exceptionWithSandbox: sandbox
				   errNo: errno];

	objc_autoreleasePoolPop(pool);

	oldSandbox = _activeSandbox;
	_activeSandbox = [sandbox retain];
	[oldSandbox release];
# endif
}

- (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
	void *pool = objc_autoreleasePoolPush();
	const char *promises = [[sandbox pledgeString]
	    cStringWithEncoding: [OFLocale encoding]];
	OFSandbox *oldSandbox;


	if ([[sandbox unveiledPaths] count] != 0)
		@throw [OFInvalidArgumentException exception];




	if (pledge(NULL, promises) != 0)
		@throw [OFSandboxActivationFailedException
		    exceptionWithSandbox: sandbox
				   errNo: errno];

	objc_autoreleasePoolPop(pool);

	oldSandbox = _activeExecSandbox;
	_activeExecSandbox = [sandbox retain];
	[oldSandbox release];
# endif
}
#endif
@end








<
<


>
|
>
>




















>
>







|
|
<







|
|
|
>




>
>
>







|
|
<





591
592
593
594
595
596
597


598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634

635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661

662
663
664
665


#ifdef OF_HAVE_SANDBOX
- (void)activateSandbox: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
	void *pool = objc_autoreleasePoolPush();
	of_string_encoding_t encoding = [OFLocale encoding];


	OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths;
	size_t unveiledPathsCount;
	const char *promises;

	if (_activeSandbox != nil && sandbox != _activeSandbox)
		@throw [OFInvalidArgumentException exception];

	unveiledPaths = [sandbox unveiledPaths];
	unveiledPathsCount = [unveiledPaths count];

	for (size_t i = sandbox->_unveiledPathsIndex;
	    i < unveiledPathsCount; i++) {
		of_sandbox_unveil_path_t unveiledPath =
		    [unveiledPaths objectAtIndex: i];
		OFString *path = [unveiledPath firstObject];
		OFString *permissions = [unveiledPath secondObject];

		if (path == nil || permissions == nil)
			@throw [OFInvalidArgumentException exception];

		unveil([path cStringWithEncoding: encoding],
		    [permissions cStringWithEncoding: encoding]);
	}

	sandbox->_unveiledPathsIndex = unveiledPathsCount;

	promises = [[sandbox pledgeString] cStringWithEncoding: encoding];

	if (pledge(promises, NULL) != 0)
		@throw [OFSandboxActivationFailedException
		    exceptionWithSandbox: sandbox
				   errNo: errno];

	objc_autoreleasePoolPop(pool);

	if (_activeSandbox == nil)
		_activeSandbox = [sandbox retain];

# endif
}

- (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox
{
# ifdef OF_HAVE_PLEDGE
	void *pool = objc_autoreleasePoolPush();
	const char *promises;

	if (_activeExecSandbox != nil && sandbox != _activeExecSandbox)
		@throw [OFInvalidArgumentException exception];

	if ([[sandbox unveiledPaths] count] != 0)
		@throw [OFInvalidArgumentException exception];

	promises = [[sandbox pledgeString]
	    cStringWithEncoding: [OFLocale encoding]];

	if (pledge(NULL, promises) != 0)
		@throw [OFSandboxActivationFailedException
		    exceptionWithSandbox: sandbox
				   errNo: errno];

	objc_autoreleasePoolPop(pool);

	if (_activeExecSandbox == nil)
		_activeExecSandbox = [sandbox retain];

# endif
}
#endif
@end

Fossil 2.23 [47362306a7] 2023-11-01 18:56:47
This page was generated in about 0.017s