source: trunk/base/src/darwintracelib1.0/rename.c @ 113026

Last change on this file since 113026 was 113026, checked in by cal@…, 7 years ago

darwintrace: major overhaul, now successfully compiles all ports I have installed (except go)

  • Split darwintrace.c into separate files for different syscalls to clean up the mess. This does prevent some inlining that used to take place before, makes some global variables necessary and required me to define a darwintrace functions API, but it makes the whole thing so much cleaner.
  • Now compiles without -Wno-deprecated-declarations, because stat.c no longer includes sys/stat.h. While that might seem wrong at first, it actually makes things easier for us, because we can avoid the function renaming magic Apple introduced to support 64-bit inodes.
  • darwintrace now prints all syscalls with their returned result in debug mode (except for syscalls that do not return on success, those are printed with a question mark instead, but with the return value, if they do return).
  • Dropped legacy code supporting non C99 compilers in darwintrace.c
  • Removed the code that enabled redirecting opened locations into a different directory, since it was completely untested, very likely broken and hard to maintain.
  • Added handler for posix_spawn(2). This fixes a lot of problems that would previously break builds (e.g. using /opt/local/bin/ar, although that should have been outside the sandbox, which in turn used /opt/local/bin/ranlib, which failed and broke builds).
  • Avoid memory leak when execve(2) failed that was also affecting posix_spawn(2).
  • Use compare and swap primitives provided by Apple in libkern/OSAtomic.h instead of GCC's sync_bool_compare_and_swap. Should fix the build on some older systems that don't support the compiler builtin.
  • Use getattrlist(2) instead of fcntl(F_GETPATH) to get the absolute path of files referenced using the volfs at /.vol/. TODO: Do this before checking against sandbox bounds (it's currently only used before reporting sandbox violations).
  • Improve support for tracing symlinks: Previously, only the symlink's name would be checked against the sandbox, not its target. Now both the name and the target is checked, if it is the last component of a path to be checked against the sandbox bounds. While there are some directory symlinks in some ports I doubt any of them cross a port boundary, which would be incorrectly detected at the moment.
  • Add a flag to support allowing access to directories completely for syscalls that do not operate on directories (i.e., all except rename, rmdir and mkdir).
  • Increase the size of the communication buffer used between tracelib and darwintrace.
  • Abort in tracelib, if the filemap buffer size is exceeded, rather than reading invalid memory later in darwintrace.
  • Fix a segfault in tracelib when installing a port with no dependents.
  • Property svn:eol-style set to native
File size: 2.4 KB
Line 
1/*
2 * Copyright (c) 2005 Apple Inc. All rights reserved.
3 * Copyright (c) 2005-2006 Paul Guyot <pguyot@kallisys.net>,
4 * All rights reserved.
5 * Copyright (c) 2006-2013 The MacPorts Project
6 *
7 * $Id: darwintrace.c 112642 2013-10-28 18:59:19Z cal@macports.org $
8 *
9 * @APPLE_BSD_LICENSE_HEADER_START@
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 *
15 * 1.  Redistributions of source code must retain the above copyright
16 *     notice, this list of conditions and the following disclaimer.
17 * 2.  Redistributions in binary form must reproduce the above copyright
18 *     notice, this list of conditions and the following disclaimer in the
19 *     documentation and/or other materials provided with the distribution.
20 * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
21 *     its contributors may be used to endorse or promote products derived
22 *     from this software without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
26 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
28 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 *
35 * @APPLE_BSD_LICENSE_HEADER_END@
36 */
37
38#include "darwintrace.h"
39
40#include <errno.h>
41#include <stdio.h>
42#include <sys/syscall.h>
43#include <unistd.h>
44
45/**
46 * Wrapper around \c rename(2) to prevent moving a file outside, or out of the
47 * sandbox.
48 */
49int rename(const char *from, const char *to) {
50#define rename(x,y) syscall(SYS_rename, (x), (y))
51        __darwintrace_setup();
52
53        int result = 0;
54
55        if (!__darwintrace_is_in_sandbox(from, DT_REPORT)) {
56                errno = ENOENT;
57                result = -1;
58        } else if (!__darwintrace_is_in_sandbox(to, DT_REPORT)) {
59                errno = EACCES;
60                result = -1;
61        } else {
62                result = rename(from, to);
63        }
64
65        debug_printf("rename(%s, %s) = %d\n", from, to, result);
66
67        return result;
68#undef rename
69}
Note: See TracBrowser for help on using the repository browser.