2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include "telescope.h"
28 sandbox_net_process(void)
30 if (pledge("stdio inet dns", NULL) == -1)
35 sandbox_ui_process(void)
37 if (pledge("stdio tty recvfd", NULL) == -1)
42 sandbox_fs_process(void)
46 if (unveil("/tmp", "rwc") == -1)
49 strlcpy(path, getenv("HOME"), sizeof(path));
50 strlcat(path, "/Downloads", sizeof(path));
51 if (unveil(path, "rwc") == -1)
52 err(1, "unveil(%s)", path);
54 if (unveil(config_path_base, "rwc") == -1)
55 err(1, "unveil(%s)", config_path_base);
57 if (unveil(data_path_base, "rwc") == -1)
58 err(1, "unveil(%s)", data_path_base);
60 if (unveil(cache_path_base, "rwc") == -1)
61 err(1, "unveil(%s)", cache_path_base);
63 if (pledge("stdio rpath wpath cpath sendfd", NULL) == -1)
69 #warning "No sandbox for this OS"
72 sandbox_net_process(void)
78 sandbox_ui_process(void)
84 sandbox_fs_process(void)