summaryrefslogtreecommitdiffstats
path: root/src/xz/sandbox.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/xz/sandbox.h')
-rw-r--r--src/xz/sandbox.h43
1 files changed, 43 insertions, 0 deletions
diff --git a/src/xz/sandbox.h b/src/xz/sandbox.h
new file mode 100644
index 0000000..98b9862
--- /dev/null
+++ b/src/xz/sandbox.h
@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: 0BSD
+
+///////////////////////////////////////////////////////////////////////////////
+//
+/// \file sandbox.h
+/// \brief Sandbox support
+//
+// Author: Lasse Collin
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#if defined(HAVE_PLEDGE) || defined(HAVE_LINUX_LANDLOCK) \
+ || defined(HAVE_CAP_RIGHTS_LIMIT)
+# define ENABLE_SANDBOX 1
+#endif
+
+
+/// \brief Enables early sandboxing that can always be enabled
+///
+/// This requires that tuklib_progname() and io_init() have been called.
+extern void sandbox_init(void);
+
+
+/// \brief Enable sandboxing that only allows opening files for reading
+extern void sandbox_enable_read_only(void);
+
+
+/// \brief Tell sandboxing code that strict sandboxing can be used
+///
+/// This function only sets a flag which will be read by
+/// sandbox_enable_strict_if_allowed().
+extern void sandbox_allow_strict(void);
+
+
+/// \brief Enable sandboxing that allows reading from one file
+///
+/// This does nothing if sandbox_allow_strict() hasn't been called.
+///
+/// \param src_fd File descriptor open for reading
+/// \param pipe_event_fd user_abort_pipe[0] from file_io.c
+/// \param pipe_write_fd user_abort_pipe[1] from file_io.c
+extern void sandbox_enable_strict_if_allowed(
+ int src_fd, int pipe_event_fd, int pipe_write_fd);