1 677d90f7 2021-03-12 op /*
 2 677d90f7 2021-03-12 op  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
 3 677d90f7 2021-03-12 op  *
 4 677d90f7 2021-03-12 op  * Permission to use, copy, modify, and distribute this software for any
 5 677d90f7 2021-03-12 op  * purpose with or without fee is hereby granted, provided that the above
 6 677d90f7 2021-03-12 op  * copyright notice and this permission notice appear in all copies.
 7 677d90f7 2021-03-12 op  *
 8 677d90f7 2021-03-12 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 9 677d90f7 2021-03-12 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 677d90f7 2021-03-12 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 677d90f7 2021-03-12 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 677d90f7 2021-03-12 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 677d90f7 2021-03-12 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 677d90f7 2021-03-12 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 677d90f7 2021-03-12 op  */
16 677d90f7 2021-03-12 op 
17 677d90f7 2021-03-12 op #include "compat.h"
18 677d90f7 2021-03-12 op 
19 677d90f7 2021-03-12 op #ifdef __OpenBSD__
20 677d90f7 2021-03-12 op 
21 2b1f38ab 2021-03-13 op # include <err.h>
22 35e1f40a 2021-03-14 op # include <limits.h>
23 35e1f40a 2021-03-14 op # include <stdlib.h>
24 35e1f40a 2021-03-14 op # include <string.h>
25 2b1f38ab 2021-03-13 op # include <unistd.h>
26 2b1f38ab 2021-03-13 op 
27 677d90f7 2021-03-12 op void
28 677d90f7 2021-03-12 op sandbox_network_process(void)
29 677d90f7 2021-03-12 op {
30 677d90f7 2021-03-12 op 	if (pledge("stdio inet dns", NULL) == -1)
31 677d90f7 2021-03-12 op 		err(1, "pledge");
32 677d90f7 2021-03-12 op }
33 677d90f7 2021-03-12 op 
34 b1d4d01b 2021-03-14 op void
35 b1d4d01b 2021-03-14 op sandbox_ui_process(void)
36 b1d4d01b 2021-03-14 op {
37 35e1f40a 2021-03-14 op 	if (pledge("stdio tty", NULL) == -1)
38 b1d4d01b 2021-03-14 op 		err(1, "pledge");
39 b1d4d01b 2021-03-14 op }
40 b1d4d01b 2021-03-14 op 
41 35e1f40a 2021-03-14 op void
42 35e1f40a 2021-03-14 op sandbox_fs_process(void)
43 35e1f40a 2021-03-14 op {
44 35e1f40a 2021-03-14 op 	char path[PATH_MAX];
45 35e1f40a 2021-03-14 op 
46 35e1f40a 2021-03-14 op         if (unveil("/tmp", "r") == -1)
47 35e1f40a 2021-03-14 op 		err(1, "unveil");
48 35e1f40a 2021-03-14 op 
49 35e1f40a 2021-03-14 op 	strlcpy(path, getenv("HOME"), sizeof(path));
50 35e1f40a 2021-03-14 op 	strlcat(path, "/Downloads", sizeof(path));
51 35e1f40a 2021-03-14 op 	if (unveil(path, "r") == -1)
52 35e1f40a 2021-03-14 op 		err(1, "unveil");
53 35e1f40a 2021-03-14 op 
54 35e1f40a 2021-03-14 op 	strlcpy(path, getenv("HOME"), sizeof(path));
55 35e1f40a 2021-03-14 op 	strlcat(path, "/.telescope", sizeof(path));
56 35e1f40a 2021-03-14 op 	if (unveil(path, "r") == -1)
57 35e1f40a 2021-03-14 op 		err(1, "unveil");
58 35e1f40a 2021-03-14 op 
59 35e1f40a 2021-03-14 op 	if (pledge("stdio rpath", NULL) == -1)
60 35e1f40a 2021-03-14 op 		err(1, "pledge");
61 35e1f40a 2021-03-14 op }
62 35e1f40a 2021-03-14 op 
63 68a9b7d2 2021-03-13 op #else
64 68a9b7d2 2021-03-13 op 
65 68a9b7d2 2021-03-13 op #warning "No sandbox for this OS"
66 68a9b7d2 2021-03-13 op 
67 68a9b7d2 2021-03-13 op void
68 68a9b7d2 2021-03-13 op sandbox_network_process(void)
69 68a9b7d2 2021-03-13 op {
70 68a9b7d2 2021-03-13 op 	return;
71 68a9b7d2 2021-03-13 op }
72 68a9b7d2 2021-03-13 op 
73 35e1f40a 2021-03-14 op void
74 35e1f40a 2021-03-14 op sandbox_ui_process(void)
75 35e1f40a 2021-03-14 op {
76 35e1f40a 2021-03-14 op 	return;
77 35e1f40a 2021-03-14 op }
78 35e1f40a 2021-03-14 op 
79 35e1f40a 2021-03-14 op void
80 35e1f40a 2021-03-14 op sandbox_fs_process(void)
81 35e1f40a 2021-03-14 op {
82 35e1f40a 2021-03-14 op 	return;
83 35e1f40a 2021-03-14 op }
84 35e1f40a 2021-03-14 op 
85 677d90f7 2021-03-12 op #endif