2 677d90f7 2021-03-12 op * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
4 677d90f7 2021-03-12 op * Permission to use, copy, modify, and distribute this software for any
5 677d90f7 2021-03-12 op * purpose with or without fee is hereby granted, provided that the above
6 677d90f7 2021-03-12 op * copyright notice and this permission notice appear in all copies.
8 677d90f7 2021-03-12 op * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 677d90f7 2021-03-12 op * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 677d90f7 2021-03-12 op * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 677d90f7 2021-03-12 op * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 677d90f7 2021-03-12 op * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 677d90f7 2021-03-12 op * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 677d90f7 2021-03-12 op * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 4b877649 2021-10-07 op #include "fs.h"
18 754622a2 2021-03-15 op #include "telescope.h"
20 677d90f7 2021-03-12 op #ifdef __OpenBSD__
22 35e1f40a 2021-03-14 op # include <limits.h>
23 35e1f40a 2021-03-14 op # include <stdlib.h>
24 35e1f40a 2021-03-14 op # include <string.h>
25 2b1f38ab 2021-03-13 op # include <unistd.h>
28 17c10c65 2021-07-12 op sandbox_net_process(void)
30 677d90f7 2021-03-12 op if (pledge("stdio inet dns", NULL) == -1)
31 677d90f7 2021-03-12 op err(1, "pledge");
35 b1d4d01b 2021-03-14 op sandbox_ui_process(void)
37 de2a69bb 2021-05-17 op if (pledge("stdio tty recvfd", NULL) == -1)
38 b1d4d01b 2021-03-14 op err(1, "pledge");
42 35e1f40a 2021-03-14 op sandbox_fs_process(void)
44 35e1f40a 2021-03-14 op char path[PATH_MAX];
46 de2a69bb 2021-05-17 op if (unveil("/tmp", "rwc") == -1)
47 35e1f40a 2021-03-14 op err(1, "unveil");
49 35e1f40a 2021-03-14 op strlcpy(path, getenv("HOME"), sizeof(path));
50 35e1f40a 2021-03-14 op strlcat(path, "/Downloads", sizeof(path));
51 6845bee7 2021-09-13 op if (unveil(path, "rwc") == -1)
52 fd0beb53 2021-10-07 op err(1, "unveil(%s)", path);
54 4b877649 2021-10-07 op if (unveil(config_path_base, "rwc") == -1)
55 fd0beb53 2021-10-07 op err(1, "unveil(%s)", config_path_base);
57 4b877649 2021-10-07 op if (unveil(data_path_base, "rwc") == -1)
58 fd0beb53 2021-10-07 op err(1, "unveil(%s)", data_path_base);
60 4b877649 2021-10-07 op if (unveil(cache_path_base, "rwc") == -1)
61 fd0beb53 2021-10-07 op err(1, "unveil(%s)", cache_path_base);
63 de2a69bb 2021-05-17 op if (pledge("stdio rpath wpath cpath sendfd", NULL) == -1)
64 35e1f40a 2021-03-14 op err(1, "pledge");
69 68a9b7d2 2021-03-13 op #warning "No sandbox for this OS"
72 17c10c65 2021-07-12 op sandbox_net_process(void)
78 35e1f40a 2021-03-14 op sandbox_ui_process(void)
84 35e1f40a 2021-03-14 op sandbox_fs_process(void)
