;;; darwin-fns.el --- Darwin-specific functions -*- lexical-binding: t -*- ;; Copyright (C) 2021 Free Software Foundation, Inc. ;; This file is part of GNU Emacs. ;; GNU Emacs is free software: you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation, either version 3 of the License, or ;; (at your option) any later version. ;; GNU Emacs is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs. If not, see . ;;; Code: (defun darwin--sandbox-enter (spec) "Enter a sandbox only permitting actions described by SPEC. SPEC is a plist allowing the keys: `:read-dirs' -- value is a list of directories in which reading is allowed. `:write-dirs' -- value is a list of directories in which writing is allowed. `:exec-dirs' -- value is a list of directories from which executables can be run as subprocesses. Most other operations such as network access are disallowed. Existing open descriptors can still be used freely. This is not a supported interface and is for internal use only." (let ((read-dirs (plist-get spec :read-dirs)) (write-dirs (plist-get spec :write-dirs)) (exec-dirs (plist-get spec :exec-dirs))) (darwin-sandbox-init (concat "(version 1)\n" "(deny default)\n" ;; Emacs seems to need /dev/null; allowing it does no harm. "(allow file-read* (path \"/dev/null\"))\n" (mapconcat (lambda (dir) (format "(allow file-read* (subpath %S))\n" dir)) read-dirs "") (mapconcat (lambda (dir) (format "(allow file-write* (subpath %S))\n" dir)) write-dirs "") (mapconcat (lambda (dir) (format "(allow process-exec (subpath %S))\n" dir)) exec-dirs "") (and exec-dirs "(allow process-fork)\n"))))) (provide 'darwin-fns) ;;; darwin-fns.el ends here