Changes In Branch sandbox Excluding Merge-Ins
This is equivalent to a diff from 6ae98c1dcf to 1c5fb04713
2021-04-25
| ||
21:20 | runtime: Fix cut & paste mistake (check-in: bbf92b046a user: js tags: trunk) | |
20:22 | Merge trunk into branch "unix-sockets" (check-in: fb40f7048d user: js tags: unix-sockets) | |
20:12 | Merge trunk into branch "sandbox" (Leaf check-in: 1c5fb04713 user: js tags: sandbox) | |
20:01 | Merge trunk into 1.0 branch (check-in: b9744f93bf user: js tags: 1.0) | |
19:58 | Last round of renames (hopefully) (check-in: 6ae98c1dcf user: js tags: trunk) | |
19:41 | OFStrdup -> OFStrDup and slightly change behavior (check-in: fd51df7022 user: js tags: trunk) | |
2021-04-08
| ||
17:25 | Merge trunk into branch "sandbox" (check-in: a43214df30 user: js tags: sandbox) | |
Modified src/Makefile from [fd93e350db] to [77c0cbdce8].
︙ | ︙ | |||
67 68 69 70 71 72 73 74 75 76 77 78 79 80 | OFSHA1Hash.m \ OFSHA224Hash.m \ OFSHA224Or256Hash.m \ OFSHA256Hash.m \ OFSHA384Hash.m \ OFSHA384Or512Hash.m \ OFSHA512Hash.m \ OFScrypt.m \ OFSecureData.m \ OFSeekableStream.m \ OFSerialization.m \ OFSet.m \ OFSortedList.m \ OFStdIOStream.m \ | > | 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | OFSHA1Hash.m \ OFSHA224Hash.m \ OFSHA224Or256Hash.m \ OFSHA256Hash.m \ OFSHA384Hash.m \ OFSHA384Or512Hash.m \ OFSHA512Hash.m \ OFSandbox.m \ OFScrypt.m \ OFSecureData.m \ OFSeekableStream.m \ OFSerialization.m \ OFSet.m \ OFSortedList.m \ OFStdIOStream.m \ |
︙ | ︙ | |||
190 191 192 193 194 195 196 | OFMutableUTF8String.m \ OFNonretainedObjectValue.m \ OFPointValue.m \ OFPointerValue.m \ OFRangeCharacterSet.m \ OFRangeValue.m \ OFRectValue.m \ | < | 191 192 193 194 195 196 197 198 199 200 201 202 203 204 | OFMutableUTF8String.m \ OFNonretainedObjectValue.m \ OFPointValue.m \ OFPointerValue.m \ OFRangeCharacterSet.m \ OFRangeValue.m \ OFRectValue.m \ OFSizeValue.m \ OFSubarray.m \ OFUTF8String.m \ ${LIBBASES_M} \ ${RUNTIME_AUTORELEASE_M} \ ${RUNTIME_INSTANCE_M} SRCS_FILES += OFFileURLHandler.m \ |
︙ | ︙ |
Modified src/OFApplication.h from [5f5127d646] to [7fa4329a75].
︙ | ︙ | |||
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 | /** * @brief The delegate of the application. */ @property OF_NULLABLE_PROPERTY (assign, nonatomic) id <OFApplicationDelegate> delegate; #ifdef OF_HAVE_SANDBOX @property OF_NULLABLE_PROPERTY (readonly, nonatomic) OFSandbox *activeSandbox; @property OF_NULLABLE_PROPERTY (readonly, nonatomic) OFSandbox *activeSandboxForChildProcesses; #endif /** * @brief Returns the only OFApplication instance in the application. * | > > > > > > > | 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 | /** * @brief The delegate of the application. */ @property OF_NULLABLE_PROPERTY (assign, nonatomic) id <OFApplicationDelegate> delegate; #ifdef OF_HAVE_SANDBOX /** * @brief The sandbox currently active for this application. */ @property OF_NULLABLE_PROPERTY (readonly, nonatomic) OFSandbox *activeSandbox; /** * @brief The sandbox currently active for child processes of this application. */ @property OF_NULLABLE_PROPERTY (readonly, nonatomic) OFSandbox *activeSandboxForChildProcesses; #endif /** * @brief Returns the only OFApplication instance in the application. * |
︙ | ︙ | |||
242 243 244 245 246 247 248 | * @brief Terminates the application with the specified status. * * @param status The status with which the application will terminate */ + (void)terminateWithStatus: (int)status OF_NO_RETURN; #ifdef OF_HAVE_SANDBOX | > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > | | 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 | * @brief Terminates the application with the specified status. * * @param status The status with which the application will terminate */ + (void)terminateWithStatus: (int)status OF_NO_RETURN; #ifdef OF_HAVE_SANDBOX /** * @brief Activates the specified sandbox for the application. * * This is only available if `OF_HAVE_SANDBOX` is defined. * * @warning If you allow `exec()`, but do not call * @ref activateSandboxForChildProcesses:, an `exec()`'d process does * not have its permissions restricted! * * @note Once a sandbox has been activated, you cannot activate a different * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ + (void)activateSandbox: (OFSandbox *)sandbox; /** * @brief Activates the specified sandbox for child processes of the * application. * * This is only available if `OF_HAVE_SANDBOX` is defined. * * `unveiledPaths` on the sandbox must *not* be empty, otherwise an * @ref OFInvalidArgumentException is raised. * * @note Once a sandbox has been activated, you cannot activate a different * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ + (void)activateSandboxForChildProcesses: (OFSandbox *)sandbox; #endif - (instancetype)init OF_UNAVAILABLE; /** * @brief Gets argc and argv. * |
︙ | ︙ | |||
270 271 272 273 274 275 276 | * @brief Terminates the application with the specified status. * * @param status The status with which the application will terminate */ - (void)terminateWithStatus: (int)status OF_NO_RETURN; #ifdef OF_HAVE_SANDBOX | > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > | | 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 | * @brief Terminates the application with the specified status. * * @param status The status with which the application will terminate */ - (void)terminateWithStatus: (int)status OF_NO_RETURN; #ifdef OF_HAVE_SANDBOX /** * @brief Activates the specified sandbox for the application. * * This is only available if `OF_HAVE_SANDBOX` is defined. * * @warning If you allow `exec()`, but do not call * @ref activateSandboxForChildProcesses:, an `exec()`'d process does * not have its permissions restricted! * * @note Once a sandbox has been activated, you cannot activate a different * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ - (void)activateSandbox: (OFSandbox *)sandbox; /** * @brief Activates the specified sandbox for child processes of the * application. * * This is only available if `OF_HAVE_SANDBOX` is defined. * * `unveiledPaths` on the sandbox must *not* be empty, otherwise an * @ref OFInvalidArgumentException is raised. * * @note Once a sandbox has been activated, you cannot activate a different * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ - (void)activateSandboxForChildProcesses: (OFSandbox *)sandbox; #endif @end #ifdef __cplusplus extern "C" { #endif extern int OFApplicationMain(int *_Nonnull, char *_Nullable *_Nonnull[_Nonnull], id <OFApplicationDelegate>); #ifdef __cplusplus } #endif OF_ASSUME_NONNULL_END |
Modified src/OFApplication.m from [9af79ccbcf] to [01834d7171].
︙ | ︙ | |||
191 192 193 194 195 196 197 | sceKernelExitGame(); OF_UNREACHABLE #endif } #ifdef OF_HAVE_SANDBOX | | | | | | 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 | sceKernelExitGame(); OF_UNREACHABLE #endif } #ifdef OF_HAVE_SANDBOX + (void)activateSandbox: (OFSandbox *)sandbox { [app activateSandbox: sandbox]; } + (void)activateSandboxForChildProcesses: (OFSandbox *)sandbox { [app activateSandboxForChildProcesses: sandbox]; } #endif - (instancetype)init { OF_INVALID_INIT_METHOD } |
︙ | ︙ | |||
597 598 599 600 601 602 603 | { [self.class terminateWithStatus: status]; OF_UNREACHABLE } #ifdef OF_HAVE_SANDBOX | | | 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 | { [self.class terminateWithStatus: status]; OF_UNREACHABLE } #ifdef OF_HAVE_SANDBOX - (void)activateSandbox: (OFSandbox *)sandbox { # ifdef OF_HAVE_PLEDGE void *pool = objc_autoreleasePoolPush(); OFStringEncoding encoding = [OFLocale encoding]; OFArray OF_GENERIC(OFSandboxUnveilPath) *unveiledPaths; size_t unveiledPathsCount; const char *promises; |
︙ | ︙ | |||
642 643 644 645 646 647 648 | objc_autoreleasePoolPop(pool); if (_activeSandbox == nil) _activeSandbox = [sandbox retain]; # endif } | | | 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 | objc_autoreleasePoolPop(pool); if (_activeSandbox == nil) _activeSandbox = [sandbox retain]; # endif } - (void)activateSandboxForChildProcesses: (OFSandbox *)sandbox { # ifdef OF_HAVE_PLEDGE void *pool = objc_autoreleasePoolPush(); const char *promises; if (_activeSandboxForChildProcesses != nil && sandbox != _activeSandboxForChildProcesses) |
︙ | ︙ |
Modified src/OFSandbox.h from [6bf325540a] to [265bd0f32a].
︙ | ︙ | |||
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #import "OFObject.h" OF_ASSUME_NONNULL_BEGIN @class OFArray OF_GENERIC(ObjectType); @class OFMutableArray OF_GENERIC(ObjectType); @class OFPair OF_GENERIC(FirstType, SecondType); typedef OFPair OF_GENERIC(OFString *, OFString *) *OFSandboxUnveilPath; @interface OFSandbox: OFObject <OFCopying> { unsigned int _allowsStdIO: 1; unsigned int _allowsReadingFiles: 1; unsigned int _allowsWritingFiles: 1; unsigned int _allowsCreatingFiles: 1; unsigned int _allowsCreatingSpecialFiles: 1; | > > > > > > > > > > > | 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #import "OFObject.h" OF_ASSUME_NONNULL_BEGIN /** @file */ @class OFArray OF_GENERIC(ObjectType); @class OFMutableArray OF_GENERIC(ObjectType); @class OFPair OF_GENERIC(FirstType, SecondType); /** * @brief An @ref OFPair for a path to unveil, with the first string being the * path and the second the permissions. */ typedef OFPair OF_GENERIC(OFString *, OFString *) *OFSandboxUnveilPath; /** * @class OFSandbox OFSandbox.h ObjFW/OFSandbox.h * * @brief A class which describes a sandbox for the application. */ @interface OFSandbox: OFObject <OFCopying> { unsigned int _allowsStdIO: 1; unsigned int _allowsReadingFiles: 1; unsigned int _allowsWritingFiles: 1; unsigned int _allowsCreatingFiles: 1; unsigned int _allowsCreatingSpecialFiles: 1; |
︙ | ︙ | |||
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | unsigned int _returnsErrors: 1; OFMutableArray OF_GENERIC(OFSandboxUnveilPath) *_unveiledPaths; @public size_t _unveiledPathsIndex; OF_RESERVE_IVARS(OFSandbox, 4) } @property (nonatomic) bool allowsStdIO; @property (nonatomic) bool allowsReadingFiles; @property (nonatomic) bool allowsWritingFiles; @property (nonatomic) bool allowsCreatingFiles; @property (nonatomic) bool allowsCreatingSpecialFiles; @property (nonatomic) bool allowsTemporaryFiles; @property (nonatomic) bool allowsIPSockets; @property (nonatomic) bool allowsMulticastSockets; @property (nonatomic) bool allowsChangingFileAttributes; @property (nonatomic) bool allowsFileOwnerChanges; @property (nonatomic) bool allowsFileLocks; @property (nonatomic) bool allowsUNIXSockets; @property (nonatomic) bool allowsDNS; @property (nonatomic) bool allowsUserDatabaseReading; @property (nonatomic) bool allowsFileDescriptorSending; @property (nonatomic) bool allowsFileDescriptorReceiving; @property (nonatomic) bool allowsTape; @property (nonatomic) bool allowsTTY; @property (nonatomic) bool allowsProcessOperations; @property (nonatomic) bool allowsExec; @property (nonatomic) bool allowsProtExec; @property (nonatomic) bool allowsSetTime; @property (nonatomic) bool allowsPS; @property (nonatomic) bool allowsVMInfo; @property (nonatomic) bool allowsChangingProcessRights; @property (nonatomic) bool allowsPF; @property (nonatomic) bool allowsAudio; @property (nonatomic) bool allowsBPF; @property (nonatomic) bool allowsUnveil; @property (nonatomic) bool returnsErrors; #ifdef OF_HAVE_PLEDGE @property (readonly, nonatomic) OFString *pledgeString; #endif @property (readonly, nonatomic) OFArray OF_GENERIC(OFSandboxUnveilPath) *unveiledPaths; + (instancetype)sandbox; - (void)unveilPath: (OFString *)path permissions: (OFString *)permissions; @end OF_ASSUME_NONNULL_END | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 | unsigned int _returnsErrors: 1; OFMutableArray OF_GENERIC(OFSandboxUnveilPath) *_unveiledPaths; @public size_t _unveiledPathsIndex; OF_RESERVE_IVARS(OFSandbox, 4) } /** * @brief Allows IO operations on previously allocated file descriptors. */ @property (nonatomic) bool allowsStdIO; /** * @brief Allows read access to the file system. */ @property (nonatomic) bool allowsReadingFiles; /** * @brief Allows write access to the file system. */ @property (nonatomic) bool allowsWritingFiles; /** * @brief Allows creating files in the file system. */ @property (nonatomic) bool allowsCreatingFiles; /** * @brief Allows creating special files in the file system. */ @property (nonatomic) bool allowsCreatingSpecialFiles; /** * @brief Allows creating, reading and writing temporary files in `/tmp`. */ @property (nonatomic) bool allowsTemporaryFiles; /** * @brief Allows using IP sockets. */ @property (nonatomic) bool allowsIPSockets; /** * @brief Allows multicast sockets. */ @property (nonatomic) bool allowsMulticastSockets; /** * @brief Allows explicit changes to file attributes. */ @property (nonatomic) bool allowsChangingFileAttributes; /** * @brief Allows changing ownership of files. */ @property (nonatomic) bool allowsFileOwnerChanges; /** * @brief Allows file locks. */ @property (nonatomic) bool allowsFileLocks; /** * @brief Allows UNIX sockets. */ @property (nonatomic) bool allowsUNIXSockets; /** * @brief Allows syscalls necessary for DNS lookups. */ @property (nonatomic) bool allowsDNS; /** * @brief Allows to look up users and groups. */ @property (nonatomic) bool allowsUserDatabaseReading; /** * @brief Allows sending file descriptors via sendmsg(). */ @property (nonatomic) bool allowsFileDescriptorSending; /** * @brief Allows receiving file descriptors via recvmsg(). */ @property (nonatomic) bool allowsFileDescriptorReceiving; /** * @brief Allows MTIOCGET and MTIOCTOP operations on tape devices. */ @property (nonatomic) bool allowsTape; /** * @brief Allows read-write operations and ioctls on the TTY. */ @property (nonatomic) bool allowsTTY; /** * @brief Allows various process relationshop operations. */ @property (nonatomic) bool allowsProcessOperations; /** * @brief Allows execve(). */ @property (nonatomic) bool allowsExec; /** * @brief Allows PROT_EXEC for `mmap()` and `mprotect()`. */ @property (nonatomic) bool allowsProtExec; /** * @brief Allows `settime()`. */ @property (nonatomic) bool allowsSetTime; /** * @brief Allows introspection of processes on the system. */ @property (nonatomic) bool allowsPS; /** * @brief Allows introspection of the system's virtual memory. */ @property (nonatomic) bool allowsVMInfo; /** * @brief Allows changing the rights of process, for example the UID. */ @property (nonatomic) bool allowsChangingProcessRights; /** * @brief Allows certain ioctls on the PF device. */ @property (nonatomic) bool allowsPF; /** * @brief Allows certain ioctls on audio devices. */ @property (nonatomic) bool allowsAudio; /** * @brief Allows BIOCGSTATS to collect statistics from a BPF device. */ @property (nonatomic) bool allowsBPF; /** * @brief Allows unveiling more paths. */ @property (nonatomic) bool allowsUnveil; /** * @brief Returns errors instead of killing the process. */ @property (nonatomic) bool returnsErrors; #ifdef OF_HAVE_PLEDGE /** * The string for OpenBSD's pledge() call. * * @warning Only available on systems with the pledge() call! */ @property (readonly, nonatomic) OFString *pledgeString; #endif /** * @brief A list of unveiled paths. */ @property (readonly, nonatomic) OFArray OF_GENERIC(OFSandboxUnveilPath) *unveiledPaths; /** * @brief Create a new, autorelease OFSandbox. */ + (instancetype)sandbox; /** * @brief "Unveils" the specified path, meaning that it becomes visible from * the sandbox with the specified permissions. * * @param path The path to unveil * @param permissions The permissions for the path. The following permissions * can be combined: * Permission | Description * -----------|-------------------- * r | Make the path available for reading, like * | @ref allowsReadingFiles * w | Make the path available for writing, like * | @ref allowsWritingFiles * x | Make the path available for executing, like * | @ref allowsExec * c | Make the path available for creation and * | deletion, like @ref allowsCreatingFiles */ - (void)unveilPath: (OFString *)path permissions: (OFString *)permissions; @end OF_ASSUME_NONNULL_END |
Modified src/ObjFW.h from [304cf44661] to [f1d0578b44].
︙ | ︙ | |||
124 125 126 127 128 129 130 131 132 133 134 135 136 137 | #import "OFApplication.h" #import "OFSystemInfo.h" #import "OFLocale.h" #import "OFOptionsParser.h" #import "OFTimer.h" #import "OFRunLoop.h" #ifdef OF_WINDOWS # import "OFWindowsRegistryKey.h" #endif #import "OFAllocFailedException.h" #import "OFException.h" | > | 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 | #import "OFApplication.h" #import "OFSystemInfo.h" #import "OFLocale.h" #import "OFOptionsParser.h" #import "OFTimer.h" #import "OFRunLoop.h" #import "OFSandbox.h" #ifdef OF_WINDOWS # import "OFWindowsRegistryKey.h" #endif #import "OFAllocFailedException.h" #import "OFException.h" |
︙ | ︙ | |||
207 208 209 210 211 212 213 214 215 216 217 218 219 220 | #import "OFReadFailedException.h" #import "OFReadOrWriteFailedException.h" #import "OFRemoveItemFailedException.h" #ifdef OF_HAVE_SOCKETS # import "OFResolveHostFailedException.h" #endif #import "OFRetrieveItemAttributesFailedException.h" #import "OFSeekFailedException.h" #import "OFSetItemAttributesFailedException.h" #import "OFSetOptionFailedException.h" #ifdef OF_WINDOWS # import "OFSetWindowsRegistryValueFailedException.h" #endif #import "OFStillLockedException.h" | > | 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 | #import "OFReadFailedException.h" #import "OFReadOrWriteFailedException.h" #import "OFRemoveItemFailedException.h" #ifdef OF_HAVE_SOCKETS # import "OFResolveHostFailedException.h" #endif #import "OFRetrieveItemAttributesFailedException.h" #import "OFSandboxActivationFailedException.h" #import "OFSeekFailedException.h" #import "OFSetItemAttributesFailedException.h" #import "OFSetOptionFailedException.h" #ifdef OF_WINDOWS # import "OFSetWindowsRegistryValueFailedException.h" #endif #import "OFStillLockedException.h" |
︙ | ︙ |
Modified src/exceptions/Makefile from [351e362627] to [103a175ba6].
︙ | ︙ | |||
29 30 31 32 33 34 35 36 37 38 39 40 41 42 | OFOpenItemFailedException.m \ OFOutOfMemoryException.m \ OFOutOfRangeException.m \ OFReadFailedException.m \ OFReadOrWriteFailedException.m \ OFRemoveItemFailedException.m \ OFRetrieveItemAttributesFailedException.m \ OFSeekFailedException.m \ OFSetItemAttributesFailedException.m \ OFSetOptionFailedException.m \ OFStillLockedException.m \ OFTruncatedDataException.m \ OFUnboundNamespaceException.m \ OFUnboundPrefixException.m \ | > | 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | OFOpenItemFailedException.m \ OFOutOfMemoryException.m \ OFOutOfRangeException.m \ OFReadFailedException.m \ OFReadOrWriteFailedException.m \ OFRemoveItemFailedException.m \ OFRetrieveItemAttributesFailedException.m \ OFSandboxActivationFailedException.m \ OFSeekFailedException.m \ OFSetItemAttributesFailedException.m \ OFSetOptionFailedException.m \ OFStillLockedException.m \ OFTruncatedDataException.m \ OFUnboundNamespaceException.m \ OFUnboundPrefixException.m \ |
︙ | ︙ | |||
72 73 74 75 76 77 78 | SRCS_WINDOWS = OFCreateWindowsRegistryKeyFailedException.m \ OFDeleteWindowsRegistryKeyFailedException.m \ OFDeleteWindowsRegistryValueFailedException.m \ OFGetWindowsRegistryValueFailedException.m \ OFOpenWindowsRegistryKeyFailedException.m \ OFSetWindowsRegistryValueFailedException.m | | < < | 73 74 75 76 77 78 79 80 81 82 83 84 | SRCS_WINDOWS = OFCreateWindowsRegistryKeyFailedException.m \ OFDeleteWindowsRegistryKeyFailedException.m \ OFDeleteWindowsRegistryValueFailedException.m \ OFGetWindowsRegistryValueFailedException.m \ OFOpenWindowsRegistryKeyFailedException.m \ OFSetWindowsRegistryValueFailedException.m INCLUDES = ${SRCS:.m=.h} include ../../buildsys.mk CPPFLAGS += -I. -I.. -I../.. -I../runtime |
Modified src/exceptions/OFSandboxActivationFailedException.h from [c3a79f74bb] to [60b5308f3d].
︙ | ︙ | |||
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | #import "OFException.h" OF_ASSUME_NONNULL_BEGIN @class OFSandbox; @interface OFSandboxActivationFailedException: OFException { OFSandbox *_sandbox; int _errNo; } @property (readonly, nonatomic) OFSandbox *sandbox; @property (readonly, nonatomic) int errNo; + (instancetype)exception OF_UNAVAILABLE; + (instancetype)exceptionWithSandbox: (OFSandbox *)sandbox errNo: (int)errNo; - (instancetype)init OF_UNAVAILABLE; - (instancetype)initWithSandbox: (OFSandbox *)sandbox errNo: (int)errNo OF_DESIGNATED_INITIALIZER; @end OF_ASSUME_NONNULL_END | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 | #import "OFException.h" OF_ASSUME_NONNULL_BEGIN @class OFSandbox; /** * @class OFSandboxActivationFailedException \ * OFSandboxActivationFailedException.h \ * ObjFW/OFSandboxActivationFailedException.h * * @brief An exception indicating that sandboxing the process failed. */ @interface OFSandboxActivationFailedException: OFException { OFSandbox *_sandbox; int _errNo; } /** * @brief The sandbox which could not be activated. */ @property (readonly, nonatomic) OFSandbox *sandbox; /** * @brief The errno of the error that occurred. */ @property (readonly, nonatomic) int errNo; + (instancetype)exception OF_UNAVAILABLE; /** * @brief Creates a new, autoreleased sandboxing failed exception. * * @param sandbox The sandbox which could not be activated * @param errNo The errno of the error that occurred * @return A new, autoreleased sandboxing failed exception */ + (instancetype)exceptionWithSandbox: (OFSandbox *)sandbox errNo: (int)errNo; - (instancetype)init OF_UNAVAILABLE; /** * @brief Initializes an already allocated sandboxing failed exception. * * @param sandbox The sandbox which could not be activated * @param errNo The errno of the error that occurred * @return An initialized sandboxing failed exception */ - (instancetype)initWithSandbox: (OFSandbox *)sandbox errNo: (int)errNo OF_DESIGNATED_INITIALIZER; @end OF_ASSUME_NONNULL_END |
Modified utils/ofarc/OFArc.m from [84fac1d63f] to [8f1ee3755d].
︙ | ︙ | |||
178 179 180 181 182 183 184 | sandbox.allowsWritingFiles = true; sandbox.allowsCreatingFiles = true; sandbox.allowsChangingFileAttributes = true; sandbox.allowsUserDatabaseReading = true; /* Dropped after parsing options */ sandbox.allowsUnveil = true; | | | 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 | sandbox.allowsWritingFiles = true; sandbox.allowsCreatingFiles = true; sandbox.allowsChangingFileAttributes = true; sandbox.allowsUserDatabaseReading = true; /* Dropped after parsing options */ sandbox.allowsUnveil = true; [OFApplication activateSandbox: sandbox]; #endif #ifndef OF_AMIGAOS [OFLocale addLanguageDirectory: @LANGUAGE_DIR]; #else [OFLocale addLanguageDirectory: @"PROGDIR:/share/ofarc/lang"]; #endif |
︙ | ︙ | |||
323 324 325 326 327 328 329 | [sandbox unveilPath: remainingArguments.firstObject permissions: (mode == 'a' ? @"rwc" : @"wc")]; for (OFString *path in files) [sandbox unveilPath: path permissions: @"r"]; sandbox.allowsUnveil = false; | | | | | 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 | [sandbox unveilPath: remainingArguments.firstObject permissions: (mode == 'a' ? @"rwc" : @"wc")]; for (OFString *path in files) [sandbox unveilPath: path permissions: @"r"]; sandbox.allowsUnveil = false; [OFApplication activateSandbox: sandbox]; #endif archive = [self openArchiveWithPath: remainingArguments.firstObject type: type mode: mode encoding: encoding]; [archive addFiles: files]; break; case 'l': if (remainingArguments.count != 1) help(OFStdErr, false, 1); #ifdef OF_HAVE_SANDBOX if (![remainingArguments.firstObject isEqual: @"-"]) [sandbox unveilPath: remainingArguments.firstObject permissions: @"r"]; sandbox.allowsUnveil = false; [OFApplication activateSandbox: sandbox]; #endif archive = [self openArchiveWithPath: remainingArguments.firstObject type: type mode: mode encoding: encoding]; [archive listFiles]; break; case 'p': if (remainingArguments.count < 1) help(OFStdErr, false, 1); #ifdef OF_HAVE_SANDBOX if (![remainingArguments.firstObject isEqual: @"-"]) [sandbox unveilPath: remainingArguments.firstObject permissions: @"r"]; sandbox.allowsUnveil = false; [OFApplication activateSandbox: sandbox]; #endif files = [remainingArguments objectsInRange: OFRangeMake(1, remainingArguments.count - 1)]; archive = [self openArchiveWithPath: remainingArguments.firstObject |
︙ | ︙ | |||
406 407 408 409 410 411 412 | currentDirectoryPath]; /* We need 'r' to change the directory to it. */ [sandbox unveilPath: path permissions: @"rwc"]; } sandbox.allowsUnveil = false; | | | 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 | currentDirectoryPath]; /* We need 'r' to change the directory to it. */ [sandbox unveilPath: path permissions: @"rwc"]; } sandbox.allowsUnveil = false; [OFApplication activateSandbox: sandbox]; #endif archive = [self openArchiveWithPath: remainingArguments.firstObject type: type mode: mode encoding: encoding]; |
︙ | ︙ |
Modified utils/ofdns/OFDNS.m from [bf91a28ab8] to [91d2c679b8].
︙ | ︙ | |||
107 108 109 110 111 112 113 | #ifdef OF_HAVE_SANDBOX OFSandbox *sandbox = [[OFSandbox alloc] init]; @try { sandbox.allowsStdIO = true; sandbox.allowsDNS = true; | | | 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | #ifdef OF_HAVE_SANDBOX OFSandbox *sandbox = [[OFSandbox alloc] init]; @try { sandbox.allowsStdIO = true; sandbox.allowsDNS = true; [OFApplication activateSandbox: sandbox]; } @finally { [sandbox release]; } #endif recordTypes = [OFMutableArray array]; |
︙ | ︙ |
Modified utils/ofhash/OFHash.m from [976db374f8] to [bfea2d44ec].
︙ | ︙ | |||
129 130 131 132 133 134 135 | sandbox.allowsUserDatabaseReading = true; for (OFString *path in optionsParser.remainingArguments) [sandbox unveilPath: path permissions: @"r"]; [sandbox unveilPath: @LANGUAGE_DIR permissions: @"r"]; | | | 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 | sandbox.allowsUserDatabaseReading = true; for (OFString *path in optionsParser.remainingArguments) [sandbox unveilPath: path permissions: @"r"]; [sandbox unveilPath: @LANGUAGE_DIR permissions: @"r"]; [OFApplication activateSandbox: sandbox]; } @finally { [sandbox release]; } #endif if (!calculateMD5 && !calculateRIPEMD160 && !calculateSHA1 && !calculateSHA224 && !calculateSHA256 && !calculateSHA384 && |
︙ | ︙ |
Modified utils/ofhttp/OFHTTP.m from [c136ae289f] to [758155ce18].
︙ | ︙ | |||
442 443 444 445 446 447 448 | sandbox.allowsIPSockets = true; sandbox.allowsDNS = true; sandbox.allowsUserDatabaseReading = true; sandbox.allowsTTY = true; /* Dropped after parsing options */ sandbox.allowsUnveil = true; | | | 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 | sandbox.allowsIPSockets = true; sandbox.allowsDNS = true; sandbox.allowsUserDatabaseReading = true; sandbox.allowsTTY = true; /* Dropped after parsing options */ sandbox.allowsUnveil = true; [OFApplication activateSandbox: sandbox]; #endif #ifndef OF_AMIGAOS [OFLocale addLanguageDirectory: @LANGUAGE_DIR]; #else [OFLocale addLanguageDirectory: @"PROGDIR:/share/ofhttp/lang"]; #endif |
︙ | ︙ | |||
536 537 538 539 540 541 542 | currentDirectoryPath] permissions: (_continue ? @"rwc" : @"wc")]; /* In case we use ObjOpenSSL for https later */ [sandbox unveilPath: @"/etc/ssl" permissions: @"r"]; sandbox.allowsUnveil = false; | | | 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 | currentDirectoryPath] permissions: (_continue ? @"rwc" : @"wc")]; /* In case we use ObjOpenSSL for https later */ [sandbox unveilPath: @"/etc/ssl" permissions: @"r"]; sandbox.allowsUnveil = false; [OFApplication activateSandbox: sandbox]; #endif _outputPath = [outputPath copy]; _URLs = [optionsParser.remainingArguments copy]; if (_URLs.count < 1) help(OFStdErr, false, 1); |
︙ | ︙ |