admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

sandbox: add methods for allowing/denying network access

Browse Source
This commit is contained in:
Caleb Xu 2024-04-13 00:21:34 -04:00
parent a49fc9d558
commit 3d5c3a0589
No known key found for this signature in database
GPG Key ID: 47E6040D07B8407D
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Library/Homebrew/sandbox.rb
View File

@ -91,6 +91,32 @@ class Sandbox
end end
end end
sig { params(path: T.any(String, Pathname), type: Symbol).void }
def allow_network(path:, type: :literal)
add_rule allow: true, operation: "network*", filter: path_filter(path, type)
end
sig { params(path: T.any(String, Pathname), type: Symbol).void }
def deny_network(path:, type: :literal)
add_rule allow: false, operation: "network*", filter: path_filter(path, type)
end
sig { void }
def allow_all_network
add_rule allow: true, operation: "network*"
end
sig { void }
def deny_all_network
add_rule allow: false, operation: "network*"
end
sig { params(path: T.any(String, Pathname)).void }
def deny_all_network_except_pipe(path)
deny_all_network
allow_network path:, type: :literal
end
def exec(*args) def exec(*args)
seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP) seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)
seatbelt.write(@profile.dump) seatbelt.write(@profile.dump)