libopenbsd(3): adds pledge(2) and unveil(2) support for Rust; Makefile, include: adds conditional compilation
This commit is contained in:
88
src/libopenbsd.rs
Normal file
88
src/libopenbsd.rs
Normal file
@@ -0,0 +1,88 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Emma Tebibyte <emma@tebibyte.media>
|
||||
* SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify it under
|
||||
* the terms of the GNU Affero General Public License as published by the Free
|
||||
* Software Foundation, either version 3 of the License, or (at your option) any
|
||||
* later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see https://www.gnu.org/licenses/.
|
||||
*/
|
||||
|
||||
use std::{
|
||||
ffi::{ CString, c_int },
|
||||
io::Error,
|
||||
ptr::null,
|
||||
};
|
||||
|
||||
mod openbsd {
|
||||
use std::ffi::{ c_char, c_int };
|
||||
extern "C" {
|
||||
pub fn pledge(arg1: *const c_char, arg2: *const c_char) -> c_int;
|
||||
|
||||
pub fn unveil(arg1: *const c_char, arg2: *const c_char) -> c_int;
|
||||
|
||||
pub fn __errno() -> *mut c_int;
|
||||
}
|
||||
}
|
||||
|
||||
pub struct Promises(*const i8);
|
||||
|
||||
impl Promises {
|
||||
pub fn new(promises: &str) -> Self {
|
||||
let p = CString::new(promises).unwrap();
|
||||
|
||||
Promises(p.into_raw() as *const i8)
|
||||
}
|
||||
}
|
||||
|
||||
pub fn pledge(
|
||||
promises: Option<Promises>, execpromises: Option<Promises>
|
||||
) -> Result<(), Error> {
|
||||
/* From pledge(2):
|
||||
*
|
||||
* Passing NULL to promises or execpromises specifies to not change
|
||||
* the current value. */
|
||||
let arg1 = promises.unwrap_or(Promises(null())).0;
|
||||
let arg2 = execpromises.unwrap_or(Promises(null())).0;
|
||||
|
||||
unsafe {
|
||||
match openbsd::pledge(arg1, arg2) {
|
||||
-1 => Err(Error::from_raw_os_error(*openbsd::__errno())),
|
||||
0 => Ok(()),
|
||||
_ => panic!(), /* unreachable */
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub struct UnveilPerms(CString);
|
||||
|
||||
impl UnveilPerms {
|
||||
pub fn new(permissions: Vec<char>) -> Self {
|
||||
if permissions.is_empty() {
|
||||
return UnveilPerms(CString::new("").unwrap());
|
||||
}
|
||||
|
||||
UnveilPerms(
|
||||
CString::new(permissions.iter().collect::<String>()).unwrap()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
pub fn unveil(path: Option<&str>, permissions: Option<UnveilPerms>) -> c_int {
|
||||
let path_c = path.map(CString::new).map(Result::unwrap);
|
||||
let arg1 = path_c.map(|p| p.into_raw() as *const i8).unwrap_or(null());
|
||||
|
||||
let arg2 = permissions
|
||||
.map(|p| p.0.into_raw() as *const i8)
|
||||
.unwrap_or(null());
|
||||
|
||||
unsafe { openbsd::unveil(arg1, arg2) }
|
||||
}
|
||||
Reference in New Issue
Block a user