1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
| | ;;; darwin-fns.el --- Darwin-specific functions -*- lexical-binding: t -*-
;; Copyright (C) 2021 Free Software Foundation, Inc.
;; This file is part of GNU Emacs.
;; GNU Emacs is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.
;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>.
;;; Code:
(defun darwin-sandbox-enter (dirs)
"Enter a sandbox only permitting reading files under DIRS.
DIRS is a list of directory names. Most other operations such as
writing files and network access are disallowed.
Existing open descriptors can still be used freely.
This is not a supported interface and is for internal use only."
(darwin-sandbox-init
(concat "(version 1)\n"
"(deny default)\n"
;; Emacs seems to need /dev/null; allowing it does no harm.
"(allow file-read* (path \"/dev/null\"))\n"
(mapconcat (lambda (dir)
(format "(allow file-read* (subpath %S))\n" dir))
dirs ""))))
(provide 'darwin-fns)
;;; darwin-fns.el ends here
|