Skip to content
This repository
Fetching contributors…

Cannot retrieve contributors at this time

file 111 lines (93 sloc) 2.894 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
/*
* MacRuby interface to sandbox/seatbelt.
*
* This file is covered by the Ruby license. See COPYING for more details.
*
* Copyright (C) 2012, The MacRuby Team. All rights reserved.
* Copyright (C) 2011, Apple Inc. All rights reserved.
*/

#include <sandbox.h>
#include "macruby_internal.h"
#include "ruby/util.h"

static VALUE rb_cSandbox;

typedef struct {
    const char *profile;
    uint64_t flags;
} rb_sandbox_t;

static VALUE
rb_sandbox_s_alloc(VALUE klass, SEL sel)
{
    rb_sandbox_t *sb = ALLOC(rb_sandbox_t);
    sb->profile = NULL;
    sb->flags = 0;
    return Data_Wrap_Struct(klass, NULL, NULL, sb);
}

static VALUE
rb_sandbox_init(VALUE obj, SEL sel, VALUE profile)
{
    rb_sandbox_t *box;

    StringValue(profile);
    Data_Get_Struct(obj, rb_sandbox_t, box);
    GC_WB(&box->profile, ruby_strdup(RSTRING_PTR(profile)));
    box->flags = 0;

    return obj;
}


static inline VALUE
predefined_sandbox(const char *name)
{
    VALUE obj = rb_sandbox_s_alloc(rb_cSandbox, 0);
    rb_sandbox_t *box;
    Data_Get_Struct(obj, rb_sandbox_t, box);
    box->profile = name;
    box->flags = SANDBOX_NAMED;
    return rb_obj_freeze(obj);
}

static VALUE
rb_sandbox_s_no_internet(VALUE klass, SEL sel)
{
    return predefined_sandbox(kSBXProfileNoInternet);
}

static VALUE
rb_sandbox_s_no_network(VALUE klass, SEL sel)
{
    return predefined_sandbox(kSBXProfileNoNetwork);
}

static VALUE
rb_sandbox_s_no_writes(VALUE klass, SEL sel)
{
    return predefined_sandbox(kSBXProfileNoWrite);
}

static VALUE
rb_sandbox_s_temporary_writes(VALUE klass, SEL sel)
{
    return predefined_sandbox(kSBXProfileNoWriteExceptTemporary);
}

static VALUE
rb_sandbox_s_pure_computation(VALUE klass, SEL sel)
{
    return predefined_sandbox(kSBXProfilePureComputation);
}

static VALUE
rb_sandbox_apply(VALUE self, SEL sel)
{
    rb_sandbox_t *box;
    Data_Get_Struct(self, rb_sandbox_t, box);
    char *error = NULL;
    if (sandbox_init(box->profile, box->flags, &error) == -1) {
        rb_raise(rb_eSecurityError, "Couldn't apply sandbox: `%s`", error);
    }
    return Qnil;
}

void
Init_sandbox(void)
{
    rb_cSandbox = rb_define_class("Sandbox", rb_cData);
    
    rb_objc_define_method(*(VALUE *)rb_cSandbox, "alloc", rb_sandbox_s_alloc, 0);
    rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_internet", rb_sandbox_s_no_internet, 0);
    rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_network", rb_sandbox_s_no_network, 0);
    rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_writes", rb_sandbox_s_no_writes, 0);
    rb_objc_define_method(*(VALUE *)rb_cSandbox, "temporary_writes", rb_sandbox_s_temporary_writes, 0);
    rb_objc_define_method(*(VALUE *)rb_cSandbox, "pure_computation", rb_sandbox_s_pure_computation, 0);
    
    rb_objc_define_method(rb_cSandbox, "initialize", rb_sandbox_init, 1);
    rb_objc_define_method(rb_cSandbox, "apply!", rb_sandbox_apply, 0);
}
Something went wrong with that request. Please try again.