123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 |
- #ifndef _SANDBOX_H_
- #define _SANDBOX_H_
- #include <sys/cdefs.h>
- #include <stdint.h>
- #include <unistd.h>
- __BEGIN_DECLS
- int sandbox_init(const char *profile, uint64_t flags, char **errorbuf);
- #define SANDBOX_NAMED 0x0001
- #ifdef __APPLE_API_PRIVATE
- #define SANDBOX_NAMED_BUILTIN 0x0002
- #define SANDBOX_NAMED_EXTERNAL 0x0003
- #define SANDBOX_NAMED_MASK 0x000f
- #endif
- extern const char kSBXProfileNoInternet[];
- extern const char kSBXProfileNoNetwork[];
- extern const char kSBXProfileNoWrite[];
- extern const char kSBXProfileNoWriteExceptTemporary[];
- extern const char kSBXProfilePureComputation[];
- void sandbox_free_error(char *errorbuf);
- #ifdef __APPLE_API_PRIVATE
- int sandbox_init_with_parameters(const char *profile, uint64_t flags, const char *const parameters[], char **errorbuf);
- int sandbox_init_with_extensions(const char *profile, uint64_t flags, const char *const extensions[], char **errorbuf);
- enum sandbox_filter_type {
- SANDBOX_FILTER_NONE,
- SANDBOX_FILTER_PATH,
- SANDBOX_FILTER_GLOBAL_NAME,
- SANDBOX_FILTER_LOCAL_NAME,
- SANDBOX_FILTER_APPLEEVENT_DESTINATION,
- SANDBOX_FILTER_RIGHT_NAME,
- };
- extern const enum sandbox_filter_type SANDBOX_CHECK_NO_REPORT __attribute__((weak_import));
- enum sandbox_extension_flags {
- FS_EXT_DEFAULTS = 0,
- FS_EXT_FOR_PATH = (1 << 0),
- FS_EXT_FOR_FILE = (1 << 1),
- FS_EXT_READ = (1 << 2),
- FS_EXT_WRITE = (1 << 3),
- FS_EXT_PREFER_FILEID = (1 << 4),
- };
- int sandbox_check(pid_t pid, const char *operation, enum sandbox_filter_type type, ...);
- int sandbox_note(const char *note);
- int sandbox_suspend(pid_t pid);
- int sandbox_unsuspend(void);
- int sandbox_issue_extension(const char *path, char **ext_token);
- int sandbox_issue_fs_extension(const char *path, uint64_t flags, char **ext_token);
- int sandbox_issue_fs_rw_extension(const char *path, char **ext_token);
- int sandbox_issue_mach_extension(const char *name, char **ext_token);
- int sandbox_consume_extension(const char *path, const char *ext_token);
- int sandbox_consume_fs_extension(const char *ext_token, char **path);
- int sandbox_consume_mach_extension(const char *ext_token, char **name);
- int sandbox_release_fs_extension(const char *ext_token);
- int sandbox_container_path_for_pid(pid_t pid, char *buffer, size_t bufsize);
- int sandbox_wakeup_daemon(char **errorbuf);
- const char *_amkrtemp(const char *);
- #endif
- __END_DECLS
- #endif
|