Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 112 lines (93 sloc) 2.894 kb
7d7d3e8 @ferrous26 Change ownership to The MacRuby Team and update copyrights
ferrous26 authored
1 /*
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
2 * MacRuby interface to sandbox/seatbelt.
3 *
4 * This file is covered by the Ruby license. See COPYING for more details.
7d7d3e8 @ferrous26 Change ownership to The MacRuby Team and update copyrights
ferrous26 authored
5 *
6 * Copyright (C) 2012, The MacRuby Team. All rights reserved.
9595725 update copyrights to 2011
Laurent Sansonetti authored
7 * Copyright (C) 2011, Apple Inc. All rights reserved.
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
8 */
9
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored
10 #include <sandbox.h>
d0898dd include/ruby/macruby.h -> macruby_internal.h
Laurent Sansonetti authored
11 #include "macruby_internal.h"
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
12 #include "ruby/util.h"
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored
13
14 static VALUE rb_cSandbox;
15
16 typedef struct {
17 const char *profile;
18 uint64_t flags;
19 } rb_sandbox_t;
20
21 static VALUE
22 rb_sandbox_s_alloc(VALUE klass, SEL sel)
23 {
24 rb_sandbox_t *sb = ALLOC(rb_sandbox_t);
25 sb->profile = NULL;
26 sb->flags = 0;
27 return Data_Wrap_Struct(klass, NULL, NULL, sb);
28 }
29
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
30 static VALUE
31 rb_sandbox_init(VALUE obj, SEL sel, VALUE profile)
32 {
33 rb_sandbox_t *box;
34
06ade3f @Watson1978 rb_sandbox_init() should check whether value of argument is String. B…
Watson1978 authored
35 StringValue(profile);
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
36 Data_Get_Struct(obj, rb_sandbox_t, box);
37 GC_WB(&box->profile, ruby_strdup(RSTRING_PTR(profile)));
38 box->flags = 0;
39
40 return obj;
41 }
42
43
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored
44 static inline VALUE
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
45 predefined_sandbox(const char *name)
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored
46 {
47 VALUE obj = rb_sandbox_s_alloc(rb_cSandbox, 0);
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
48 rb_sandbox_t *box;
49 Data_Get_Struct(obj, rb_sandbox_t, box);
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored
50 box->profile = name;
51 box->flags = SANDBOX_NAMED;
52 return rb_obj_freeze(obj);
53 }
54
55 static VALUE
56 rb_sandbox_s_no_internet(VALUE klass, SEL sel)
57 {
58 return predefined_sandbox(kSBXProfileNoInternet);
59 }
60
61 static VALUE
62 rb_sandbox_s_no_network(VALUE klass, SEL sel)
63 {
64 return predefined_sandbox(kSBXProfileNoNetwork);
65 }
66
67 static VALUE
68 rb_sandbox_s_no_writes(VALUE klass, SEL sel)
69 {
70 return predefined_sandbox(kSBXProfileNoWrite);
71 }
72
73 static VALUE
74 rb_sandbox_s_temporary_writes(VALUE klass, SEL sel)
75 {
76 return predefined_sandbox(kSBXProfileNoWriteExceptTemporary);
77 }
78
79 static VALUE
80 rb_sandbox_s_pure_computation(VALUE klass, SEL sel)
81 {
82 return predefined_sandbox(kSBXProfilePureComputation);
83 }
84
85 static VALUE
86 rb_sandbox_apply(VALUE self, SEL sel)
87 {
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
88 rb_sandbox_t *box;
89 Data_Get_Struct(self, rb_sandbox_t, box);
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored
90 char *error = NULL;
91 if (sandbox_init(box->profile, box->flags, &error) == -1) {
92 rb_raise(rb_eSecurityError, "Couldn't apply sandbox: `%s`", error);
93 }
94 return Qnil;
95 }
96
97 void
98 Init_sandbox(void)
99 {
100 rb_cSandbox = rb_define_class("Sandbox", rb_cData);
101
102 rb_objc_define_method(*(VALUE *)rb_cSandbox, "alloc", rb_sandbox_s_alloc, 0);
103 rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_internet", rb_sandbox_s_no_internet, 0);
104 rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_network", rb_sandbox_s_no_network, 0);
105 rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_writes", rb_sandbox_s_no_writes, 0);
106 rb_objc_define_method(*(VALUE *)rb_cSandbox, "temporary_writes", rb_sandbox_s_temporary_writes, 0);
107 rb_objc_define_method(*(VALUE *)rb_cSandbox, "pure_computation", rb_sandbox_s_pure_computation, 0);
108
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
109 rb_objc_define_method(rb_cSandbox, "initialize", rb_sandbox_init, 1);
d23d46b Add a Sandbox class that adds sandbox(7) functionality.
Patrick Thomson authored
110 rb_objc_define_method(rb_cSandbox, "apply!", rb_sandbox_apply, 0);
9303a3f Sandbox.new can now accept a custom profile string (as a scheme expre…
Laurent Sansonetti authored
111 }
Something went wrong with that request. Please try again.