Make restricted settings a bit more strict

- alphabetically ordered like items, for better perusing - added some existing/new internal helper subs - added (new) roles, preventing people from writing their own classes for access
rakudo · Jan 12, 2015 · e4ff687 · e4ff687
1 parent d3d2ebb
commit e4ff687
Showing 1 changed file with 40 additions and 16 deletions.
diff --git a/src/RESTRICTED.setting b/src/RESTRICTED.setting
@@ -2,29 +2,53 @@ sub restricted($what) {
     die "$what is disallowed in restricted setting"
 }
 
+sub chmod(|)  { restricted('chmod')   }
+sub copy(|)   { restricted('copy')    }
+sub link(|)   { restricted('link')   }
+sub mkdir(|)  { restricted('mkdir')   }
 sub open(|)   { restricted('open') }
-sub unlink(|) { restricted('unlink') }
-sub shell(|)  { restricted('shell') }
-sub run(|)    { restricted('run') }
+sub pipe(|)   { restricted('pipe') }
 sub QX(|)     { restricted('qx, qqx') }
-sub mkdir(|)  { restricted('mkdir')   }
-sub rmdir(|)  { restricted('rmdir') }
 sub rename(|) { restricted('rename')  }
-sub copy(|)   { restricted('copy')    }
+sub rmdir(|)  { restricted('rmdir') }
+sub run(|)    { restricted('run') }
+sub shell(|)  { restricted('shell') }
+sub socket(|) { restricted('socket') }
 sub spurt(|)  { restricted('spurt')   }
-sub link(|)   { restricted('link')   }
 sub symlink(|){ restricted('symlink') }
-sub chmod(|)  { restricted('chmod')   }
+sub unlink(|) { restricted('unlink') }
+
+sub CHANGE-DIRECTORY { restricted('chdir') }
+sub CHMOD-PATH       { restricted('chmod') }
+sub COPY-FILE        { restricted('copy') }
+sub MAKE-DIR         { restricted('mkdir') }
+sub REMOVE-DIR       { restricted('rmdir') }
+sub RENAME-PATH      { restricted('rename') }
+sub SYMLINK-PATH     { restricted('symlink') }
+sub UNLINK-PATH      { restricted('unlink') }
+
+my class RESTRICTED-CLASS is Mu { 
+    method FALLBACK(|) { restricted(self.^name) }
+    method new(|)      { restricted(self.^name) }
+    method gist(|)     { restricted(self.^name) }
+}
+
+my class IO::Dir          is RESTRICTED-CLASS { }
+my class IO::File         is RESTRICTED-CLASS { }
+my class IO::Handle       is RESTRICTED-CLASS { }
+my class IO::Local        is RESTRICTED-CLASS { }
+my class IO::Path         is RESTRICTED-CLASS { }
+my class IO::Pipe         is RESTRICTED-CLASS { }
+my class IO::Socket       is RESTRICTED-CLASS { }
+my class IO::Socket::INET is RESTRICTED-CLASS { }
+my class IOU              is RESTRICTED-CLASS { }
+my class Proc::Async      is RESTRICTED-CLASS { }
 
-my class RESTRICTED is Mu { 
-    method FALLBACK(|) { restricted(self.^name) }  # NYI, but see S12
+my role RESTRICTED-ROLE {
+    method FALLBACK(|) { restricted(self.^name) }
     method new(|)      { restricted(self.^name) }
     method gist(|)     { restricted(self.^name) }
 }
 
-my class IO::Path   is RESTRICTED { }
-my class IO::Handle is RESTRICTED { }
-my class IO::Socket is RESTRICTED { }
-#?if moar
-my class Proc::Async is RESTRICTED { }
-#?endif
+my role IO::Pathy does RESTRICTED-ROLE { }
+my role PIO       does RESTRICTED-ROLE { }