[macruby-changes] [4367] MacRuby/trunk

source_changes at macosforge.org source_changes at macosforge.org
Fri Jul 16 10:28:00 PDT 2010


Revision: 4367
          http://trac.macosforge.org/projects/ruby/changeset/4367
Author:   pthomson at apple.com
Date:     2010-07-16 10:27:58 -0700 (Fri, 16 Jul 2010)
Log Message:
-----------
Add a Sandbox class that adds sandbox(7) functionality.

Modified Paths:
--------------
    MacRuby/trunk/inits.c
    MacRuby/trunk/rakelib/builder/options.rb

Added Paths:
-----------
    MacRuby/trunk/sandbox.c
    MacRuby/trunk/spec/macruby/core/sandbox/
    MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb

Modified: MacRuby/trunk/inits.c
===================================================================
--- MacRuby/trunk/inits.c	2010-07-15 21:48:25 UTC (rev 4366)
+++ MacRuby/trunk/inits.c	2010-07-16 17:27:58 UTC (rev 4367)
@@ -60,6 +60,7 @@
 void Init_Dispatch(void);
 void Init_Transcode(void);
 void Init_PostVM(void);
+void Init_sandbox(void);
 
 void
 rb_call_inits()
@@ -112,5 +113,6 @@
     Init_FFI();
     Init_Dispatch();
     Init_Transcode();
+    Init_sandbox();
     Init_PostVM();
 }

Modified: MacRuby/trunk/rakelib/builder/options.rb
===================================================================
--- MacRuby/trunk/rakelib/builder/options.rb	2010-07-15 21:48:25 UTC (rev 4366)
+++ MacRuby/trunk/rakelib/builder/options.rb	2010-07-16 17:27:58 UTC (rev 4367)
@@ -126,7 +126,7 @@
   util variable version thread id objc bs ucnv encoding main dln dmyext marshal
   gcd vm_eval gc-stub bridgesupport compiler dispatcher vm symbol debugger
   interpreter MacRuby MacRubyDebuggerConnector NSArray NSDictionary NSString
-  transcode 
+  transcode sandbox
 }
 
 # Static MacRuby builds less objects.

Added: MacRuby/trunk/sandbox.c
===================================================================
--- MacRuby/trunk/sandbox.c	                        (rev 0)
+++ MacRuby/trunk/sandbox.c	2010-07-16 17:27:58 UTC (rev 4367)
@@ -0,0 +1,84 @@
+#include <sandbox.h>
+#include "ruby/macruby.h"
+
+static VALUE rb_cSandbox;
+
+typedef struct {
+    const char *profile;
+    uint64_t flags;
+} rb_sandbox_t;
+
+static VALUE
+rb_sandbox_s_alloc(VALUE klass, SEL sel)
+{
+    rb_sandbox_t *sb = ALLOC(rb_sandbox_t);
+    sb->profile = NULL;
+    sb->flags = 0;
+    return Data_Wrap_Struct(klass, NULL, NULL, sb);
+}
+
+static inline VALUE
+predefined_sandbox(const char* name)
+{
+    VALUE obj = rb_sandbox_s_alloc(rb_cSandbox, 0);
+    rb_sandbox_t *box; Data_Get_Struct(obj, rb_sandbox_t, box);
+    box->profile = name;
+    box->flags = SANDBOX_NAMED;
+    return rb_obj_freeze(obj);
+}
+
+static VALUE
+rb_sandbox_s_no_internet(VALUE klass, SEL sel)
+{
+    return predefined_sandbox(kSBXProfileNoInternet);
+}
+
+static VALUE
+rb_sandbox_s_no_network(VALUE klass, SEL sel)
+{
+    return predefined_sandbox(kSBXProfileNoNetwork); 
+}
+
+static VALUE
+rb_sandbox_s_no_writes(VALUE klass, SEL sel)
+{
+    return predefined_sandbox(kSBXProfileNoWrite);
+}
+
+static VALUE
+rb_sandbox_s_temporary_writes(VALUE klass, SEL sel)
+{
+    return predefined_sandbox(kSBXProfileNoWriteExceptTemporary);
+}
+
+static VALUE
+rb_sandbox_s_pure_computation(VALUE klass, SEL sel)
+{
+    return predefined_sandbox(kSBXProfilePureComputation);
+}
+
+static VALUE
+rb_sandbox_apply(VALUE self, SEL sel)
+{
+    rb_sandbox_t *box; Data_Get_Struct(self, rb_sandbox_t, box);
+    char *error = NULL;
+    if (sandbox_init(box->profile, box->flags, &error) == -1) {
+        rb_raise(rb_eSecurityError, "Couldn't apply sandbox: `%s`", error);
+    }
+    return Qnil;
+}
+
+void
+Init_sandbox(void)
+{
+    rb_cSandbox = rb_define_class("Sandbox", rb_cData);
+    
+    rb_objc_define_method(*(VALUE *)rb_cSandbox, "alloc", rb_sandbox_s_alloc, 0);
+    rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_internet", rb_sandbox_s_no_internet, 0);
+    rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_network", rb_sandbox_s_no_network, 0);
+    rb_objc_define_method(*(VALUE *)rb_cSandbox, "no_writes", rb_sandbox_s_no_writes, 0);
+    rb_objc_define_method(*(VALUE *)rb_cSandbox, "temporary_writes", rb_sandbox_s_temporary_writes, 0);
+    rb_objc_define_method(*(VALUE *)rb_cSandbox, "pure_computation", rb_sandbox_s_pure_computation, 0);
+    
+    rb_objc_define_method(rb_cSandbox, "apply!", rb_sandbox_apply, 0);
+}
\ No newline at end of file

Added: MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb
===================================================================
--- MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb	                        (rev 0)
+++ MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb	2010-07-16 17:27:58 UTC (rev 4367)
@@ -0,0 +1,11 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe "Sandbox.pure_computation" do
+  
+  # More specs coming to this space soon. Right now applying a sandbox profile
+  # inside a spec causes all subsequent specs to fail.
+  
+  it "should be frozen" do
+    Sandbox.pure_computation.frozen?.should be_true
+  end
+end
\ No newline at end of file
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macruby-changes/attachments/20100716/452f2ca0/attachment.html>


More information about the macruby-changes mailing list