[macruby-changes] [4367] MacRuby/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Fri Jul 16 10:28:00 PDT 2010
Revision: 4367
http://trac.macosforge.org/projects/ruby/changeset/4367
Author: pthomson at apple.com
Date: 2010-07-16 10:27:58 -0700 (Fri, 16 Jul 2010)
Log Message:
-----------
Add a Sandbox class that adds sandbox(7) functionality.
Modified Paths:
--------------
MacRuby/trunk/inits.c
MacRuby/trunk/rakelib/builder/options.rb
Added Paths:
-----------
MacRuby/trunk/sandbox.c
MacRuby/trunk/spec/macruby/core/sandbox/
MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb
Modified: MacRuby/trunk/inits.c
===================================================================
--- MacRuby/trunk/inits.c 2010-07-15 21:48:25 UTC (rev 4366)
+++ MacRuby/trunk/inits.c 2010-07-16 17:27:58 UTC (rev 4367)
@@ -60,6 +60,7 @@
void Init_Dispatch(void);
void Init_Transcode(void);
void Init_PostVM(void);
+void Init_sandbox(void);
void
rb_call_inits()
@@ -112,5 +113,6 @@
Init_FFI();
Init_Dispatch();
Init_Transcode();
+ Init_sandbox();
Init_PostVM();
}
Modified: MacRuby/trunk/rakelib/builder/options.rb
===================================================================
--- MacRuby/trunk/rakelib/builder/options.rb 2010-07-15 21:48:25 UTC (rev 4366)
+++ MacRuby/trunk/rakelib/builder/options.rb 2010-07-16 17:27:58 UTC (rev 4367)
@@ -126,7 +126,7 @@
util variable version thread id objc bs ucnv encoding main dln dmyext marshal
gcd vm_eval gc-stub bridgesupport compiler dispatcher vm symbol debugger
interpreter MacRuby MacRubyDebuggerConnector NSArray NSDictionary NSString
- transcode
+ transcode sandbox
}
# Static MacRuby builds less objects.
Added: MacRuby/trunk/sandbox.c
===================================================================
--- MacRuby/trunk/sandbox.c (rev 0)
+++ MacRuby/trunk/sandbox.c 2010-07-16 17:27:58 UTC (rev 4367)
@@ -0,0 +1,84 @@
+#include <sandbox.h>
+#include "ruby/macruby.h"
+
+static VALUE rb_cSandbox;
+
+typedef struct {
+ const char *profile;
+ uint64_t flags;
+} rb_sandbox_t;
+
+static VALUE
+rb_sandbox_s_alloc(VALUE klass, SEL sel)
+{
+ rb_sandbox_t *sb = ALLOC(rb_sandbox_t);
+ sb->profile = NULL;
+ sb->flags = 0;
+ return Data_Wrap_Struct(klass, NULL, NULL, sb);
+}
+
+static inline VALUE
+predefined_sandbox(const char* name)
+{
+ VALUE obj = rb_sandbox_s_alloc(rb_cSandbox, 0);
+ rb_sandbox_t *box; Data_Get_Struct(obj, rb_sandbox_t, box);
+ box->profile = name;
+ box->flags = SANDBOX_NAMED;
+ return rb_obj_freeze(obj);
+}
+
+static VALUE
+rb_sandbox_s_no_internet(VALUE klass, SEL sel)
+{
+ return predefined_sandbox(kSBXProfileNoInternet);
+}
+
+static VALUE
+rb_sandbox_s_no_network(VALUE klass, SEL sel)
+{
+ return predefined_sandbox(kSBXProfileNoNetwork);
+}
+
+static VALUE
+rb_sandbox_s_no_writes(VALUE klass, SEL sel)
+{
+ return predefined_sandbox(kSBXProfileNoWrite);
+}
+
+static VALUE
+rb_sandbox_s_temporary_writes(VALUE klass, SEL sel)
+{
+ return predefined_sandbox(kSBXProfileNoWriteExceptTemporary);
+}
+
+static VALUE
+rb_sandbox_s_pure_computation(VALUE klass, SEL sel)
+{
+ return predefined_sandbox(kSBXProfilePureComputation);
+}
+
+static VALUE
+rb_sandbox_apply(VALUE self, SEL sel)
+{
+ rb_sandbox_t *box; Data_Get_Struct(self, rb_sandbox_t, box);
+ char *error = NULL;
+ if (sandbox_init(box->profile, box->flags, &error) == -1) {
+ rb_raise(rb_eSecurityError, "Couldn't apply sandbox: `%s`", error);
+ }
+ return Qnil;
+}
+
+void
+Init_sandbox(void)
+{
+ rb_cSandbox = rb_define_class("Sandbox", rb_cData);
+
+ rb_objc_define_method(*(VALUE *)rb_cSandbox, "alloc", rb_sandbox_s_alloc, 0);
+ rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_internet", rb_sandbox_s_no_internet, 0);
+ rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_network", rb_sandbox_s_no_network, 0);
+ rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_writes", rb_sandbox_s_no_writes, 0);
+ rb_objc_define_method(*(VALUE *)rb_cSandbox, "temporary_writes", rb_sandbox_s_temporary_writes, 0);
+ rb_objc_define_method(*(VALUE *)rb_cSandbox, "pure_computation", rb_sandbox_s_pure_computation, 0);
+
+ rb_objc_define_method(rb_cSandbox, "apply!", rb_sandbox_apply, 0);
+}
\ No newline at end of file
Added: MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb
===================================================================
--- MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb (rev 0)
+++ MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb 2010-07-16 17:27:58 UTC (rev 4367)
@@ -0,0 +1,11 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe "Sandbox.pure_computation" do
+
+ # More specs coming to this space soon. Right now applying a sandbox profile
+ # inside a spec causes all subsequent specs to fail.
+
+ it "should be frozen" do
+ Sandbox.pure_computation.frozen?.should be_true
+ end
+end
\ No newline at end of file
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macruby-changes/attachments/20100716/452f2ca0/attachment.html>
More information about the macruby-changes
mailing list