src/sandbox/sandbox.c at fixPythonPipStalling

this repo has no description
darling-nix / src / sandbox / sandbox.c
at fixPythonPipStalling 176 lines 4.5 kB view raw
wrap content
Thomas A [sandbox] Add sandbox_query_approval_policy_for_path stub. Add sandbox_check_by_audit_token declaration and SANDBOX_FILTER_DESCRIPTOR in header. 3y ago
0fb58c73
  1#include "sandbox.h"
  2#include <stddef.h>
  3#include <string.h>
  4#include <stdlib.h>
  5#include <stdio.h>
  6#include <sys/types.h>
  7
  8// DUMMY implementation
  9const enum sandbox_filter_type SANDBOX_CHECK_NO_REPORT = SANDBOX_FILTER_NONE;
 10
 11int sandbox_init(const char *profile, uint64_t flags, char **errorbuf)
 12{
 13	*errorbuf = strdup("Not implemented");
 14	return 0;
 15}
 16
 17const char kSBXProfileNoInternet[] = "no_internet";
 18
 19const char kSBXProfileNoNetwork[] = "no_network";
 20
 21const char kSBXProfileNoWrite[] = "no_write";
 22
 23const char kSBXProfileNoWriteExceptTemporary[] = "no_write_except_temporary";
 24
 25const char kSBXProfilePureComputation[] = "pure_computation";
 26
 27const char APP_SANDBOX_IOKIT_CLIENT[] = "com.apple.app-sandbox.iokit-client";
 28const char APP_SANDBOX_MACH[] = "com.apple.app-sandbox.mach";
 29const char APP_SANDBOX_READ[] = "com.apple.app-sandbox.read";
 30const char APP_SANDBOX_READ_WRITE[] = "com.apple.app-sandbox.read-write";
 31const char IOS_SANDBOX_APPLICATION_GROUP[] = "com.apple.sandbox.application-group";
 32const char IOS_SANDBOX_CONTAINER[] = "com.apple.sandbox.container";
 33
 34// Assuming these are 64-bit only because at least one has a value
 35// that can't be stored in a 32-bit integer.
 36#ifdef __LP64__
 37
 38const uint64_t SANDBOX_EXTENSION_CANONICAL = 0x0000001000000002;
 39const uint64_t SANDBOX_EXTENSION_DEFAULT = 0x0000000400000000;
 40const uint64_t SANDBOX_EXTENSION_MAGIC = 0x0000000000000001;
 41const uint64_t SANDBOX_EXTENSION_NO_REPORT = 0x0000000100000010;
 42const uint64_t SANDBOX_EXTENSION_PREFIXMATCH = 0x0000000200000004;
 43const uint64_t SANDBOX_EXTENSION_UNRESOLVED = 0x0000000100000001;
 44
 45#endif
 46
 47void sandbox_free_error(char *errorbuf)
 48{
 49	free(errorbuf);
 50}
 51
 52int sandbox_init_with_parameters(const char *profile, uint64_t flags, const char *const parameters[], char **errorbuf)
 53{
 54	*errorbuf = strdup("Not implemented");
 55	return 0;
 56}
 57
 58int sandbox_init_with_extensions(const char *profile, uint64_t flags, const char *const extensions[], char **errorbuf)
 59{
 60	*errorbuf = strdup("Not implemented");
 61	return 0;
 62}
 63
 64int sandbox_check(pid_t pid, const char *operation, enum sandbox_filter_type type, ...)
 65{
 66	return 0;
 67}
 68
 69int sandbox_note(const char *note)
 70{
 71	printf("%s\n", note);
 72	return 0;
 73}
 74
 75int sandbox_suspend(pid_t pid)
 76{
 77	return -1;
 78}
 79
 80int sandbox_unsuspend(void)
 81{
 82	return -1;
 83}
 84
 85int sandbox_issue_extension(const char *path, char **ext_token)
 86{
 87	return -1;
 88}
 89
 90int sandbox_issue_fs_extension(const char *path, uint64_t flags, char **ext_token)
 91{
 92	return -1;
 93}
 94
 95int sandbox_issue_fs_rw_extension(const char *path, char **ext_token)
 96{
 97	return -1;
 98}
 99
100int sandbox_issue_mach_extension(const char *name, char **ext_token)
101{
102	return -1;
103}
104
105int sandbox_consume_extension(const char *path, const char *ext_token)
106{
107	return -1;
108}
109
110int sandbox_consume_fs_extension(const char *ext_token, char **path)
111{
112	return -1;
113}
114
115int sandbox_consume_mach_extension(const char *ext_token, char **name)
116{
117	return -1;
118}
119
120int sandbox_release_fs_extension(const char *ext_token)
121{
122	return -1;
123}
124
125int sandbox_container_path_for_pid(pid_t pid, char *buffer, size_t bufsize)
126{
127	return -1;
128}
129
130int sandbox_wakeup_daemon(char **errorbuf)
131{
132	*errorbuf = strdup("Not implemented");
133	return -1;
134}
135
136const char *_amkrtemp(const char *path)
137{
138	size_t len = strlen(path);
139	const char suffix[] = ".amkrtempXXXXXX";
140	char *template = malloc(len + sizeof(suffix));
141	memcpy(template, path, len);
142	memcpy(template + len, suffix, sizeof(suffix));
143	return mktemp(template);
144}
145
146int rootless_allows_task_for_pid(pid_t pid) {
147	return 1;
148}
149
150int sandbox_check_by_audit_token(audit_token_t tok, const char* operation, enum sandbox_filter_type filt, ...) {
151	// technically unimplemented
152	// just return 0 as an indiciation that whatever operation the caller asked about is allowed
153	return 0;
154};
155
156int rootless_check_trusted(const char* path) {
157	// also unimplemented
158	// Darling doesn't have rootless anyways so just return a value indicating trust
159	return 0;
160};
161
162int rootless_restricted_environment() {
163	// also unimplemented
164	// Darling doesn't have rootless anyways, so just return a value indicating an unrestricted environment
165	return 0;
166};
167
168int rootless_check_datavault_flag(const char* path, const char* storage_class) {
169	// also unimplemented
170	// not quite sure what a "data vault" is here, but its usage in `JSScript.mm` in JavaScriptCore seems to indicate that we should return `0`
171	return 0;
172};
173
174int sandbox_query_approval_policy_for_path(const char* query, const char* path, char **approval) {
175	return -1;
176}