Overview
Comment: | OFApplication: Disallow using a different sandbox
While the active sandbox can be changed, a different sandbox must not be |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
e0c2e70f7ba9ff7ff923590c7a5ca9a3 |
User & Date: | js on 2018-11-11 22:30:21 |
Other Links: | manifest | tags |
Context
2018-11-17
| ||
22:46 | Improve property name consistency check-in: 4ec7e46c8a user: js tags: trunk | |
2018-11-11
| ||
22:30 | OFApplication: Disallow using a different sandbox check-in: e0c2e70f7b user: js tags: trunk | |
22:16 | OFSandbox: Avoid unveiling already unveiled paths check-in: 8af3eedb02 user: js tags: trunk | |
Changes
Modified src/OFApplication.h from [6e9b955715] to [2092ccca9e].
︙ | ︙ | |||
234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 | * * This is only available if `OF_HAVE_SANDBOX` is defined. * * @warning If you allow `exec()`, but do not call * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have * its permissions restricted! * * @param sandbox The sandbox to activate */ + (void)activateSandbox: (OFSandbox *)sandbox; /*! * @brief Activates the specified sandbox for `exec()`'d processes of the * application. * * This is only available if `OF_HAVE_SANDBOX` is defined. * * `unveiledPaths` on the sandbox must *not* be empty, otherwise an * @ref OFInvalidArgumentException is raised. * * @param sandbox The sandbox to activate */ + (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox; #endif - (instancetype)init OF_UNAVAILABLE; | > > > > > > | 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 | * * This is only available if `OF_HAVE_SANDBOX` is defined. * * @warning If you allow `exec()`, but do not call * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have * its permissions restricted! * * @note Once a sandbox has been activated, you cannot activate a different * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ + (void)activateSandbox: (OFSandbox *)sandbox; /*! * @brief Activates the specified sandbox for `exec()`'d processes of the * application. * * This is only available if `OF_HAVE_SANDBOX` is defined. * * `unveiledPaths` on the sandbox must *not* be empty, otherwise an * @ref OFInvalidArgumentException is raised. * * @note Once a sandbox has been activated, you cannot activate a different * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ + (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox; #endif - (instancetype)init OF_UNAVAILABLE; |
︙ | ︙ | |||
285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 | * * This is only available if `OF_HAVE_SANDBOX` is defined. * * @warning If you allow `exec()`, but do not call * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have * its permissions restricted! * * @param sandbox The sandbox to activate */ - (void)activateSandbox: (OFSandbox *)sandbox; /*! * @brief Activates the specified sandbox for `exec()`'d processes of the * application. * * This is only available if `OF_HAVE_SANDBOX` is defined. * * `unveiledPaths` on the sandbox must *not* be empty, otherwise an * @ref OFInvalidArgumentException is raised. * * @param sandbox The sandbox to activate */ - (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox; #endif @end | > > > > > > | 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 | * * This is only available if `OF_HAVE_SANDBOX` is defined. * * @warning If you allow `exec()`, but do not call * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have * its permissions restricted! * * @note Once a sandbox has been activated, you cannot activate a different * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ - (void)activateSandbox: (OFSandbox *)sandbox; /*! * @brief Activates the specified sandbox for `exec()`'d processes of the * application. * * This is only available if `OF_HAVE_SANDBOX` is defined. * * `unveiledPaths` on the sandbox must *not* be empty, otherwise an * @ref OFInvalidArgumentException is raised. * * @note Once a sandbox has been activated, you cannot activate a different * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ - (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox; #endif @end |
︙ | ︙ |
Modified src/OFApplication.m from [517256bc85] to [bd6d38d7b4].
︙ | ︙ | |||
591 592 593 594 595 596 597 | #ifdef OF_HAVE_SANDBOX - (void)activateSandbox: (OFSandbox *)sandbox { # ifdef OF_HAVE_PLEDGE void *pool = objc_autoreleasePoolPush(); of_string_encoding_t encoding = [OFLocale encoding]; | < < > | > > > > | < | | | > > > > | < | 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 | #ifdef OF_HAVE_SANDBOX - (void)activateSandbox: (OFSandbox *)sandbox { # ifdef OF_HAVE_PLEDGE void *pool = objc_autoreleasePoolPush(); of_string_encoding_t encoding = [OFLocale encoding]; OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths; size_t unveiledPathsCount; const char *promises; if (_activeSandbox != nil && sandbox != _activeSandbox) @throw [OFInvalidArgumentException exception]; unveiledPaths = [sandbox unveiledPaths]; unveiledPathsCount = [unveiledPaths count]; for (size_t i = sandbox->_unveiledPathsIndex; i < unveiledPathsCount; i++) { of_sandbox_unveil_path_t unveiledPath = [unveiledPaths objectAtIndex: i]; OFString *path = [unveiledPath firstObject]; OFString *permissions = [unveiledPath secondObject]; if (path == nil || permissions == nil) @throw [OFInvalidArgumentException exception]; unveil([path cStringWithEncoding: encoding], [permissions cStringWithEncoding: encoding]); } sandbox->_unveiledPathsIndex = unveiledPathsCount; promises = [[sandbox pledgeString] cStringWithEncoding: encoding]; if (pledge(promises, NULL) != 0) @throw [OFSandboxActivationFailedException exceptionWithSandbox: sandbox errNo: errno]; objc_autoreleasePoolPop(pool); if (_activeSandbox == nil) _activeSandbox = [sandbox retain]; # endif } - (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox { # ifdef OF_HAVE_PLEDGE void *pool = objc_autoreleasePoolPush(); const char *promises; if (_activeExecSandbox != nil && sandbox != _activeExecSandbox) @throw [OFInvalidArgumentException exception]; if ([[sandbox unveiledPaths] count] != 0) @throw [OFInvalidArgumentException exception]; promises = [[sandbox pledgeString] cStringWithEncoding: [OFLocale encoding]]; if (pledge(NULL, promises) != 0) @throw [OFSandboxActivationFailedException exceptionWithSandbox: sandbox errNo: errno]; objc_autoreleasePoolPop(pool); if (_activeExecSandbox == nil) _activeExecSandbox = [sandbox retain]; # endif } #endif @end |