Ignore:
Timestamp:
Jul 28, 2006, 10:11:10 AM (14 years ago)
Author:
pguyot (Paul Guyot)
Message:

darwintrace now reports creation of directories outside the sandbox.
It works with rb-rubygems. Cf:
http://bugzilla.opendarwin.org/show_bug.cgi?id=5491

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/base/src/darwintracelib1.0/darwintrace.c

    r18777 r18781  
    44 * All rights reserved.
    55 *
    6  * $Id: darwintrace.c,v 1.18 2006/07/28 08:14:12 pguyot Exp $
     6 * $Id: darwintrace.c,v 1.19 2006/07/28 10:11:09 pguyot Exp $
    77 *
    88 * @APPLE_BSD_LICENSE_HEADER_START@
     
    5353#include <string.h>
    5454#include <unistd.h>
     55#include <sys/types.h>
    5556#include <sys/stat.h>
    5657#include <sys/param.h>
     
    8283 * DARWINTRACE_SHOW_PROCESS: show the process id of every access
    8384 * DARWINTRACE_LOG_CREATE: log creation of files as well.
    84  * DARWINTRACE_SANDBOX: control creation, deletion and writing to files.
     85 * DARWINTRACE_SANDBOX: control creation, deletion and writing to files and dirs.
    8586 * DARWINTRACE_LOG_FULL_PATH: use F_GETPATH to log the full path.
    8687 * DARWINTRACE_DEBUG_OUTPUT: verbose output of stuff to debug darwintrace.
     
    598599}
    599600#endif
     601
     602#if DARWINTRACE_SANDBOX
     603/* Trap attempts to create directories outside the sandbox.
     604 */
     605int mkdir(const char* path, mode_t mode) {
     606#define __mkdir(x,y) syscall(SYS_mkdir, (x), (y))
     607        int result = 0;
     608        int isInSandbox = __darwintrace_is_in_sandbox(path);
     609        if (isInSandbox == 1) {
     610                dprintf("darwintrace: mkdir was allowed at %s\n", path);
     611        } else if (isInSandbox == 0) {
     612                /* outside sandbox, but sandbox is defined: forbid */
     613                /* only consider directories that do not exist. */
     614                struct stat theInfo;
     615                int err;
     616                err = lstat(path, &theInfo);
     617                if ((err == -1) && (errno == ENOENT))
     618                {
     619                        dprintf("darwintrace: mkdir was forbidden at %s\n", path);
     620                        __darwintrace_log_op("sandbox_violation", NULL, path, 0);
     621                        errno = EACCES;
     622                        result = -1;
     623                } /* otherwise, mkdir will do nothing (directory exists) or fail
     624                     (another error) */
     625        }
     626       
     627        if (result == 0) {
     628                result = __mkdir(path, mode);
     629        }
     630       
     631        return result;
     632}
     633#endif
Note: See TracChangeset for help on using the changeset viewer.