Index: src/OFApplication.h ================================================================== --- src/OFApplication.h +++ src/OFApplication.h @@ -236,10 +236,13 @@ * * @warning If you allow `exec()`, but do not call * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have * its permissions restricted! * + * @note Once a sandbox has been activated, you cannot activate a different + * sandbox. You can however change the active sandbox and reactivate it. + * * @param sandbox The sandbox to activate */ + (void)activateSandbox: (OFSandbox *)sandbox; /*! @@ -248,10 +251,13 @@ * * This is only available if `OF_HAVE_SANDBOX` is defined. * * `unveiledPaths` on the sandbox must *not* be empty, otherwise an * @ref OFInvalidArgumentException is raised. + * + * @note Once a sandbox has been activated, you cannot activate a different + * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ + (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox; #endif @@ -287,10 +293,13 @@ * * @warning If you allow `exec()`, but do not call * @ref activateSandboxForExecdProcesses, an `exec()`'d process does not have * its permissions restricted! * + * @note Once a sandbox has been activated, you cannot activate a different + * sandbox. You can however change the active sandbox and reactivate it. + * * @param sandbox The sandbox to activate */ - (void)activateSandbox: (OFSandbox *)sandbox; /*! @@ -299,10 +308,13 @@ * * This is only available if `OF_HAVE_SANDBOX` is defined. * * `unveiledPaths` on the sandbox must *not* be empty, otherwise an * @ref OFInvalidArgumentException is raised. + * + * @note Once a sandbox has been activated, you cannot activate a different + * sandbox. You can however change the active sandbox and reactivate it. * * @param sandbox The sandbox to activate */ - (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox; #endif Index: src/OFApplication.m ================================================================== --- src/OFApplication.m +++ src/OFApplication.m @@ -593,15 +593,16 @@ - (void)activateSandbox: (OFSandbox *)sandbox { # ifdef OF_HAVE_PLEDGE void *pool = objc_autoreleasePoolPush(); of_string_encoding_t encoding = [OFLocale encoding]; - const char *promises = [[sandbox pledgeString] - cStringWithEncoding: encoding]; OFArray OF_GENERIC(of_sandbox_unveil_path_t) *unveiledPaths; size_t unveiledPathsCount; - OFSandbox *oldSandbox; + const char *promises; + + if (_activeSandbox != nil && sandbox != _activeSandbox) + @throw [OFInvalidArgumentException exception]; unveiledPaths = [sandbox unveiledPaths]; unveiledPathsCount = [unveiledPaths count]; for (size_t i = sandbox->_unveiledPathsIndex; @@ -618,43 +619,47 @@ [permissions cStringWithEncoding: encoding]); } sandbox->_unveiledPathsIndex = unveiledPathsCount; + promises = [[sandbox pledgeString] cStringWithEncoding: encoding]; + if (pledge(promises, NULL) != 0) @throw [OFSandboxActivationFailedException exceptionWithSandbox: sandbox errNo: errno]; objc_autoreleasePoolPop(pool); - oldSandbox = _activeSandbox; - _activeSandbox = [sandbox retain]; - [oldSandbox release]; + if (_activeSandbox == nil) + _activeSandbox = [sandbox retain]; # endif } - (void)activateSandboxForExecdProcesses: (OFSandbox *)sandbox { # ifdef OF_HAVE_PLEDGE void *pool = objc_autoreleasePoolPush(); - const char *promises = [[sandbox pledgeString] - cStringWithEncoding: [OFLocale encoding]]; - OFSandbox *oldSandbox; + const char *promises; + + if (_activeExecSandbox != nil && sandbox != _activeExecSandbox) + @throw [OFInvalidArgumentException exception]; if ([[sandbox unveiledPaths] count] != 0) @throw [OFInvalidArgumentException exception]; + promises = [[sandbox pledgeString] + cStringWithEncoding: [OFLocale encoding]]; + if (pledge(NULL, promises) != 0) @throw [OFSandboxActivationFailedException exceptionWithSandbox: sandbox errNo: errno]; objc_autoreleasePoolPop(pool); - oldSandbox = _activeExecSandbox; - _activeExecSandbox = [sandbox retain]; - [oldSandbox release]; + if (_activeExecSandbox == nil) + _activeExecSandbox = [sandbox retain]; # endif } #endif @end