Skip to content
Newer
Older
100644 110 lines (91 sloc) 2.74 KB
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored Sep 1, 2010
1 /*
2 * MacRuby interface to sandbox/seatbelt.
3 *
4 * This file is covered by the Ruby license. See COPYING for more details.
5 *
6 * Copyright (C) 2010, Apple Inc. All rights reserved.
7 */
8
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored Jul 16, 2010
9 #include <sandbox.h>
10 #include "ruby/macruby.h"
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored Sep 1, 2010
11 #include "ruby/util.h"
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored Jul 16, 2010
12
13 static VALUE rb_cSandbox;
14
15 typedef struct {
16 const char *profile;
17 uint64_t flags;
18 } rb_sandbox_t;
19
20 static VALUE
21 rb_sandbox_s_alloc(VALUE klass, SEL sel)
22 {
23 rb_sandbox_t *sb = ALLOC(rb_sandbox_t);
24 sb->profile = NULL;
25 sb->flags = 0;
26 return Data_Wrap_Struct(klass, NULL, NULL, sb);
27 }
28
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored Sep 1, 2010
29 static VALUE
30 rb_sandbox_init(VALUE obj, SEL sel, VALUE profile)
31 {
32 rb_sandbox_t *box;
33
34 Data_Get_Struct(obj, rb_sandbox_t, box);
35 GC_WB(&box->profile, ruby_strdup(RSTRING_PTR(profile)));
36 box->flags = 0;
37
38 return obj;
39 }
40
41
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored Jul 16, 2010
42 static inline VALUE
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored Sep 1, 2010
43 predefined_sandbox(const char *name)
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored Jul 16, 2010
44 {
45 VALUE obj = rb_sandbox_s_alloc(rb_cSandbox, 0);
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored Sep 1, 2010
46 rb_sandbox_t *box;
47 Data_Get_Struct(obj, rb_sandbox_t, box);
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored Jul 16, 2010
48 box->profile = name;
49 box->flags = SANDBOX_NAMED;
50 return rb_obj_freeze(obj);
51 }
52
53 static VALUE
54 rb_sandbox_s_no_internet(VALUE klass, SEL sel)
55 {
56 return predefined_sandbox(kSBXProfileNoInternet);
57 }
58
59 static VALUE
60 rb_sandbox_s_no_network(VALUE klass, SEL sel)
61 {
62 return predefined_sandbox(kSBXProfileNoNetwork);
63 }
64
65 static VALUE
66 rb_sandbox_s_no_writes(VALUE klass, SEL sel)
67 {
68 return predefined_sandbox(kSBXProfileNoWrite);
69 }
70
71 static VALUE
72 rb_sandbox_s_temporary_writes(VALUE klass, SEL sel)
73 {
74 return predefined_sandbox(kSBXProfileNoWriteExceptTemporary);
75 }
76
77 static VALUE
78 rb_sandbox_s_pure_computation(VALUE klass, SEL sel)
79 {
80 return predefined_sandbox(kSBXProfilePureComputation);
81 }
82
83 static VALUE
84 rb_sandbox_apply(VALUE self, SEL sel)
85 {
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored Sep 1, 2010
86 rb_sandbox_t *box;
87 Data_Get_Struct(self, rb_sandbox_t, box);
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored Jul 16, 2010
88 char *error = NULL;
89 if (sandbox_init(box->profile, box->flags, &error) == -1) {
90 rb_raise(rb_eSecurityError, "Couldn't apply sandbox: `%s`", error);
91 }
92 return Qnil;
93 }
94
95 void
96 Init_sandbox(void)
97 {
98 rb_cSandbox = rb_define_class("Sandbox", rb_cData);
99
100 rb_objc_define_method(*(VALUE *)rb_cSandbox, "alloc", rb_sandbox_s_alloc, 0);
101 rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_internet", rb_sandbox_s_no_internet, 0);
102 rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_network", rb_sandbox_s_no_network, 0);
103 rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_writes", rb_sandbox_s_no_writes, 0);
104 rb_objc_define_method(*(VALUE *)rb_cSandbox, "temporary_writes", rb_sandbox_s_temporary_writes, 0);
105 rb_objc_define_method(*(VALUE *)rb_cSandbox, "pure_computation", rb_sandbox_s_pure_computation, 0);
106
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored Sep 1, 2010
107 rb_objc_define_method(rb_cSandbox, "initialize", rb_sandbox_init, 1);
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored Jul 16, 2010
108 rb_objc_define_method(rb_cSandbox, "apply!", rb_sandbox_apply, 0);
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored Sep 1, 2010
109 }
Something went wrong with that request. Please try again.