fix: guard more private API usage on MAS builds (#37309)
This commit is contained in:
Shelley Vohr
GitHub
parent
a92fd2aa05
commit
85cf56d80b
1 changed files with 151 additions and 2 deletions
|
|
@ -222,10 +222,159 @@ index f35d9ef2a2df3db8ecbf1d7b909c7b1cf33f3cd9..a710b8b4f851666fd65bb37f69ec2fa7
|
|||
|
||||
bool SandboxCompiler::CompilePolicyToProto(mac::SandboxPolicy& policy,
|
||||
diff --git a/sandbox/mac/seatbelt.cc b/sandbox/mac/seatbelt.cc
|
||||
index 15c835e118456394c0a00ac98c11241c14ca75bd..49332a94219fc3e64ab05baa04681325edddfeb0 100644
|
||||
index 15c835e118456394c0a00ac98c11241c14ca75bd..83759e5fbc252fa57ca2fa122873dfac3d61d46d 100644
|
||||
--- a/sandbox/mac/seatbelt.cc
|
||||
+++ b/sandbox/mac/seatbelt.cc
|
||||
@@ -175,7 +175,11 @@ void Seatbelt::FreeError(char* errorbuf) {
|
||||
@@ -9,7 +9,7 @@
|
||||
|
||||
extern "C" {
|
||||
#include <sandbox.h>
|
||||
-
|
||||
+#if !IS_MAS_BUILD()
|
||||
int sandbox_init_with_parameters(const char* profile,
|
||||
uint64_t flags,
|
||||
const char* const parameters[],
|
||||
@@ -40,13 +40,13 @@ sandbox_profile_t* sandbox_compile_string(const char* data,
|
||||
char** error);
|
||||
int sandbox_apply(sandbox_profile_t*);
|
||||
void sandbox_free_profile(sandbox_profile_t*);
|
||||
-
|
||||
+#endif
|
||||
} // extern "C"
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
namespace {
|
||||
-
|
||||
+#if !IS_MAS_BUILD()
|
||||
bool HandleSandboxResult(int rv, char* errorbuf, std::string* error) {
|
||||
if (rv == 0) {
|
||||
if (error)
|
||||
@@ -74,36 +74,48 @@ bool HandleSandboxErrno(int rv, const char* message, std::string* error) {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
-
|
||||
+#endif
|
||||
} // namespace
|
||||
|
||||
// static
|
||||
Seatbelt::Parameters Seatbelt::Parameters::Create() {
|
||||
Parameters params;
|
||||
+#if !IS_MAS_BUILD()
|
||||
params.params_ = ::sandbox_create_params();
|
||||
+#endif
|
||||
return params;
|
||||
}
|
||||
|
||||
Seatbelt::Parameters::Parameters() = default;
|
||||
|
||||
Seatbelt::Parameters::Parameters(Seatbelt::Parameters&& other) {
|
||||
+#if !IS_MAS_BUILD()
|
||||
params_ = std::exchange(other.params_, nullptr);
|
||||
+#endif
|
||||
}
|
||||
|
||||
Seatbelt::Parameters& Seatbelt::Parameters::operator=(
|
||||
Seatbelt::Parameters&& other) {
|
||||
+#if !IS_MAS_BUILD()
|
||||
params_ = std::exchange(other.params_, nullptr);
|
||||
+#endif
|
||||
return *this;
|
||||
}
|
||||
|
||||
bool Seatbelt::Parameters::Set(const char* key, const char* value) {
|
||||
+#if !IS_MAS_BUILD()
|
||||
return ::sandbox_set_param(params_, key, value) == 0;
|
||||
+#else
|
||||
+ return true;
|
||||
+#endif
|
||||
}
|
||||
|
||||
Seatbelt::Parameters::~Parameters() {
|
||||
+#if !IS_MAS_BUILD()
|
||||
if (params_) {
|
||||
::sandbox_free_params(params_);
|
||||
}
|
||||
+#endif
|
||||
}
|
||||
|
||||
// Initialize the static member variables.
|
||||
@@ -114,6 +126,7 @@ const char* Seatbelt::kProfilePureComputation = kSBXProfilePureComputation;
|
||||
|
||||
// static
|
||||
bool Seatbelt::Init(const char* profile, uint64_t flags, std::string* error) {
|
||||
+#if !IS_MAS_BUILD()
|
||||
// OS X deprecated these functions, but did not provide a suitable replacement,
|
||||
// so ignore the deprecation warning.
|
||||
#pragma clang diagnostic push
|
||||
@@ -122,6 +135,9 @@ bool Seatbelt::Init(const char* profile, uint64_t flags, std::string* error) {
|
||||
int rv = ::sandbox_init(profile, flags, &errorbuf);
|
||||
return HandleSandboxResult(rv, errorbuf, error);
|
||||
#pragma clang diagnostic pop
|
||||
+#else
|
||||
+ return true;
|
||||
+#endif
|
||||
}
|
||||
|
||||
// static
|
||||
@@ -129,10 +145,14 @@ bool Seatbelt::InitWithParams(const char* profile,
|
||||
uint64_t flags,
|
||||
const char* const parameters[],
|
||||
std::string* error) {
|
||||
+#if !IS_MAS_BUILD()
|
||||
char* errorbuf = nullptr;
|
||||
int rv =
|
||||
::sandbox_init_with_parameters(profile, flags, parameters, &errorbuf);
|
||||
return HandleSandboxResult(rv, errorbuf, error);
|
||||
+#else
|
||||
+ return true;
|
||||
+#endif
|
||||
}
|
||||
|
||||
// static
|
||||
@@ -140,6 +160,7 @@ bool Seatbelt::Compile(const char* profile,
|
||||
const Seatbelt::Parameters& params,
|
||||
std::string& compiled_profile,
|
||||
std::string* error) {
|
||||
+#if !IS_MAS_BUILD()
|
||||
char* errorbuf = nullptr;
|
||||
sandbox_profile_t* sandbox_profile =
|
||||
::sandbox_compile_string(profile, params.params(), &errorbuf);
|
||||
@@ -149,33 +170,44 @@ bool Seatbelt::Compile(const char* profile,
|
||||
compiled_profile.assign(reinterpret_cast<const char*>(sandbox_profile->data),
|
||||
sandbox_profile->size);
|
||||
::sandbox_free_profile(sandbox_profile);
|
||||
+#endif
|
||||
return true;
|
||||
}
|
||||
|
||||
// static
|
||||
bool Seatbelt::ApplyCompiledProfile(const std::string& profile,
|
||||
std::string* error) {
|
||||
+#if !IS_MAS_BUILD()
|
||||
sandbox_profile_t sbox_profile = {
|
||||
.builtin = nullptr,
|
||||
.data = reinterpret_cast<const uint8_t*>(profile.data()),
|
||||
.size = profile.size()};
|
||||
return HandleSandboxErrno(::sandbox_apply(&sbox_profile),
|
||||
"sandbox_apply: ", error);
|
||||
+#else
|
||||
+ return true;
|
||||
+#endif
|
||||
}
|
||||
|
||||
// static
|
||||
void Seatbelt::FreeError(char* errorbuf) {
|
||||
+#if !IS_MAS_BUILD()
|
||||
// OS X deprecated these functions, but did not provide a suitable replacement,
|
||||
// so ignore the deprecation warning.
|
||||
#pragma clang diagnostic push
|
||||
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
|
||||
return ::sandbox_free_error(errorbuf);
|
||||
#pragma clang diagnostic pop
|
||||
+#endif
|
||||
}
|
||||
|
||||
// static
|
||||
bool Seatbelt::IsSandboxed() {
|
||||
|
|
|
|||
Loading…
Reference in a new issue