trunk/libsandbox/libsandbox.h

/*
 * libsandbox.h
 *
 * Defines related to libsandbox.
 *
 * Copyright 1999-2008 Gentoo Foundation
 * Licensed under the GPL-2
 */

#ifndef __LIBSANDBOX_H__
#define __LIBSANDBOX_H__

/* glibc sometimes redefines this crap on us */
#undef strdup

/* Macros to check if a function should be executed */
#define FUNCTION_SANDBOX_SAFE_AT(_dirfd, _func, _path) \
        ((0 == is_sandbox_on()) || (1 == before_syscall(_dirfd, _func, _path)))
#define FUNCTION_SANDBOX_SAFE(_func, _path) \
        FUNCTION_SANDBOX_SAFE_AT(AT_FDCWD, _func, _path)

#define FUNCTION_SANDBOX_SAFE_ACCESS_AT(_dirfd, _func, _path, _flags) \
        ((0 == is_sandbox_on()) || (1 == before_syscall_access(_dirfd, _func, _path, _flags)))
#define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \
        FUNCTION_SANDBOX_SAFE_ACCESS_AT(AT_FDCWD, _func, _path, _flags)

#define FUNCTION_SANDBOX_SAFE_OPEN_INT_AT(_dirfd, _func, _path, _flags) \
        ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_dirfd, _func, _path, _flags)))
#define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \
        FUNCTION_SANDBOX_SAFE_OPEN_INT_AT(AT_FDCWD, _func, _path, _flags)

#define FUNCTION_SANDBOX_SAFE_OPEN_CHAR_AT(_dirfd, _func, _path, _mode) \
        ((0 == is_sandbox_on()) || (1 == before_syscall_open_char(_dirfd, _func, _path, _mode)))
#define FUNCTION_SANDBOX_SAFE_OPEN_CHAR(_func, _path, _mode) \
        FUNCTION_SANDBOX_SAFE_OPEN_CHAR_AT(AT_FDCWD, _func, _path, _mode)

int canonicalize(const char *, char *);

int is_sandbox_on(void);
int before_syscall(int, const char *, const char *);
int before_syscall_access(int, const char *, const char *, int);
int before_syscall_open_int(int, const char *, const char *, int);
int before_syscall_open_char(int, const char *, const char *, const char *);

/* glibc modified realpath() function */
char *erealpath(const char *, char *);
char *egetcwd(char *, size_t);

#endif /* __LIBSANDBOX_H__ */
1	/*
2	* libsandbox.h
3	*
4	* Defines related to libsandbox.
5	*
6	* Copyright 1999-2008 Gentoo Foundation
7	* Licensed under the GPL-2
8	*/
9
10	#ifndef __LIBSANDBOX_H__
11	#define __LIBSANDBOX_H__
12
13	/* glibc sometimes redefines this crap on us */
14	#undef strdup
15
16	/* Macros to check if a function should be executed */
17	#define FUNCTION_SANDBOX_SAFE_AT(_dirfd, _func, _path) \
18	((0 == is_sandbox_on()) \|\| (1 == before_syscall(_dirfd, _func, _path)))
19	#define FUNCTION_SANDBOX_SAFE(_func, _path) \
20	FUNCTION_SANDBOX_SAFE_AT(AT_FDCWD, _func, _path)
21
22	#define FUNCTION_SANDBOX_SAFE_ACCESS_AT(_dirfd, _func, _path, _flags) \
23	((0 == is_sandbox_on()) \|\| (1 == before_syscall_access(_dirfd, _func, _path, _flags)))
24	#define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \
25	FUNCTION_SANDBOX_SAFE_ACCESS_AT(AT_FDCWD, _func, _path, _flags)
26
27	#define FUNCTION_SANDBOX_SAFE_OPEN_INT_AT(_dirfd, _func, _path, _flags) \
28	((0 == is_sandbox_on()) \|\| (1 == before_syscall_open_int(_dirfd, _func, _path, _flags)))
29	#define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \
30	FUNCTION_SANDBOX_SAFE_OPEN_INT_AT(AT_FDCWD, _func, _path, _flags)
31
32	#define FUNCTION_SANDBOX_SAFE_OPEN_CHAR_AT(_dirfd, _func, _path, _mode) \
33	((0 == is_sandbox_on()) \|\| (1 == before_syscall_open_char(_dirfd, _func, _path, _mode)))
34	#define FUNCTION_SANDBOX_SAFE_OPEN_CHAR(_func, _path, _mode) \
35	FUNCTION_SANDBOX_SAFE_OPEN_CHAR_AT(AT_FDCWD, _func, _path, _mode)
36
37	int canonicalize(const char , char );
38
39	int is_sandbox_on(void);
40	int before_syscall(int, const char , const char );
41	int before_syscall_access(int, const char , const char , int);
42	int before_syscall_open_int(int, const char , const char , int);
43	int before_syscall_open_char(int, const char , const char , const char *);
44
45	/* glibc modified realpath() function */
46	char erealpath(const char , char *);
47	char egetcwd(char , size_t);
48
49	#endif /* __LIBSANDBOX_H__ */