1 677d90f7 2021-03-12 op /*
 2 677d90f7 2021-03-12 op  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
 3 677d90f7 2021-03-12 op  *
 4 677d90f7 2021-03-12 op  * Permission to use, copy, modify, and distribute this software for any
 5 677d90f7 2021-03-12 op  * purpose with or without fee is hereby granted, provided that the above
 6 677d90f7 2021-03-12 op  * copyright notice and this permission notice appear in all copies.
 7 677d90f7 2021-03-12 op  *
 8 677d90f7 2021-03-12 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 9 677d90f7 2021-03-12 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 677d90f7 2021-03-12 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 677d90f7 2021-03-12 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 677d90f7 2021-03-12 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 677d90f7 2021-03-12 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 677d90f7 2021-03-12 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 677d90f7 2021-03-12 op  */
16 677d90f7 2021-03-12 op 
17 754622a2 2021-03-15 op #include "telescope.h"
18 677d90f7 2021-03-12 op 
19 677d90f7 2021-03-12 op #ifdef __OpenBSD__
20 677d90f7 2021-03-12 op 
21 35e1f40a 2021-03-14 op # include <limits.h>
22 35e1f40a 2021-03-14 op # include <stdlib.h>
23 35e1f40a 2021-03-14 op # include <string.h>
24 2b1f38ab 2021-03-13 op # include <unistd.h>
25 2b1f38ab 2021-03-13 op 
26 677d90f7 2021-03-12 op void
27 17c10c65 2021-07-12 op sandbox_net_process(void)
28 677d90f7 2021-03-12 op {
29 677d90f7 2021-03-12 op 	if (pledge("stdio inet dns", NULL) == -1)
30 677d90f7 2021-03-12 op 		err(1, "pledge");
31 677d90f7 2021-03-12 op }
32 677d90f7 2021-03-12 op 
33 b1d4d01b 2021-03-14 op void
34 b1d4d01b 2021-03-14 op sandbox_ui_process(void)
35 b1d4d01b 2021-03-14 op {
36 de2a69bb 2021-05-17 op 	if (pledge("stdio tty recvfd", NULL) == -1)
37 b1d4d01b 2021-03-14 op 		err(1, "pledge");
38 b1d4d01b 2021-03-14 op }
39 b1d4d01b 2021-03-14 op 
40 35e1f40a 2021-03-14 op void
41 35e1f40a 2021-03-14 op sandbox_fs_process(void)
42 35e1f40a 2021-03-14 op {
43 35e1f40a 2021-03-14 op 	char path[PATH_MAX];
44 35e1f40a 2021-03-14 op 
45 de2a69bb 2021-05-17 op 	if (unveil("/tmp", "rwc") == -1)
46 35e1f40a 2021-03-14 op 		err(1, "unveil");
47 35e1f40a 2021-03-14 op 
48 35e1f40a 2021-03-14 op 	strlcpy(path, getenv("HOME"), sizeof(path));
49 35e1f40a 2021-03-14 op 	strlcat(path, "/Downloads", sizeof(path));
50 35e1f40a 2021-03-14 op 	if (unveil(path, "r") == -1)
51 35e1f40a 2021-03-14 op 		err(1, "unveil");
52 35e1f40a 2021-03-14 op 
53 35e1f40a 2021-03-14 op 	strlcpy(path, getenv("HOME"), sizeof(path));
54 e98a72df 2021-03-15 op 	strlcat(path, "/.telescope/", sizeof(path));
55 e98a72df 2021-03-15 op 	if (unveil(path, "rwc") == -1)
56 35e1f40a 2021-03-14 op 		err(1, "unveil");
57 35e1f40a 2021-03-14 op 
58 de2a69bb 2021-05-17 op 	if (pledge("stdio rpath wpath cpath sendfd", NULL) == -1)
59 35e1f40a 2021-03-14 op 		err(1, "pledge");
60 35e1f40a 2021-03-14 op }
61 35e1f40a 2021-03-14 op 
62 68a9b7d2 2021-03-13 op #else
63 68a9b7d2 2021-03-13 op 
64 68a9b7d2 2021-03-13 op #warning "No sandbox for this OS"
65 68a9b7d2 2021-03-13 op 
66 68a9b7d2 2021-03-13 op void
67 17c10c65 2021-07-12 op sandbox_net_process(void)
68 68a9b7d2 2021-03-13 op {
69 68a9b7d2 2021-03-13 op 	return;
70 68a9b7d2 2021-03-13 op }
71 68a9b7d2 2021-03-13 op 
72 35e1f40a 2021-03-14 op void
73 35e1f40a 2021-03-14 op sandbox_ui_process(void)
74 35e1f40a 2021-03-14 op {
75 35e1f40a 2021-03-14 op 	return;
76 35e1f40a 2021-03-14 op }
77 35e1f40a 2021-03-14 op 
78 35e1f40a 2021-03-14 op void
79 35e1f40a 2021-03-14 op sandbox_fs_process(void)
80 35e1f40a 2021-03-14 op {
81 35e1f40a 2021-03-14 op 	return;
82 35e1f40a 2021-03-14 op }
83 35e1f40a 2021-03-14 op 
84 677d90f7 2021-03-12 op #endif