Class: Sandbox Private

Inherits:

Object

• Object
• Sandbox

Defined in:

extend/os/mac/sandbox.rb,
sandbox.rb

Overview

This class is part of a private API. This class may only be used in the Homebrew/brew repository. Third parties should avoid using this class if possible, as it may be removed or changed without warning.

Helper class for running a sub-process inside of a sandboxed environment.

Class Method Summary

• .available? ⇒ Boolean

Instance Method Summary

• #add_rule(rule) ⇒ Object private
• #allow_cvs ⇒ Object private
• #allow_fossil ⇒ Object private
• #allow_write(path, options = {}) ⇒ Object private
• #allow_write_cellar(formula) ⇒ Object private
• #allow_write_log(formula) ⇒ Object private
• #allow_write_path(path) ⇒ Object private
• #allow_write_temp_and_cache ⇒ Object private
• #allow_write_xcode ⇒ Object private

  Xcode projects expect access to certain cache/archive dirs.

• #deny_write(path, options = {}) ⇒ Object private
• #deny_write_homebrew_repository ⇒ Object private
• #deny_write_path(path) ⇒ Object private
• #exec(*args) ⇒ Object private
• #initialize ⇒ void constructor private
• #record_log(file) ⇒ Object private

Constructor Details

#initialize ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 22

def initialize
  @profile = SandboxProfile.new
end

Class Method Details

.available? ⇒ Boolean

Returns:

• (Boolean)

# File 'extend/os/mac/sandbox.rb', line 6

def self.available?
  File.executable?(SANDBOX_EXEC)
end

Instance Method Details

#add_rule(rule) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 30

def add_rule(rule)
  @profile.add_rule(rule)
end

#allow_cvs ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 59

def allow_cvs
  allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.cvspass"
end

#allow_fossil ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 63

def allow_fossil
  allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.fossil"
  allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.fossil-journal"
end

#allow_write(path, options = {}) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 34

def allow_write(path, options = {})
  add_rule allow: true, operation: "file-write*", filter: path_filter(path, options[:type])
  add_rule allow: true, operation: "file-write-setugid", filter: path_filter(path, options[:type])
end

#allow_write_cellar(formula) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 68

def allow_write_cellar(formula)
  allow_write_path formula.rack
  allow_write_path formula.etc
  allow_write_path formula.var
end

#allow_write_log(formula) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 79

def allow_write_log(formula)
  allow_write_path formula.logs
end

#allow_write_path(path) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 43

def allow_write_path(path)
  allow_write path, type: :subpath
end

#allow_write_temp_and_cache ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 51

def allow_write_temp_and_cache
  allow_write_path "/private/tmp"
  allow_write_path "/private/var/tmp"
  allow_write "^/private/var/folders/[^/]+/[^/]+/[C,T]/", type: :regex
  allow_write_path HOMEBREW_TEMP
  allow_write_path HOMEBREW_CACHE
end

#allow_write_xcode ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Xcode projects expect access to certain cache/archive dirs.

# File 'sandbox.rb', line 75

def allow_write_xcode
  allow_write_path "#{Dir.home(ENV.fetch("USER"))}/Library/Developer"
end

#deny_write(path, options = {}) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 39

def deny_write(path, options = {})
  add_rule allow: false, operation: "file-write*", filter: path_filter(path, options[:type])
end

#deny_write_homebrew_repository ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 83

def deny_write_homebrew_repository
  deny_write HOMEBREW_BREW_FILE
  if HOMEBREW_PREFIX.to_s == HOMEBREW_REPOSITORY.to_s
    deny_write_path HOMEBREW_LIBRARY
    deny_write_path HOMEBREW_REPOSITORY/".git"
  else
    deny_write_path HOMEBREW_REPOSITORY
  end
end

#deny_write_path(path) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 47

def deny_write_path(path)
  deny_write path, type: :subpath
end

#exec(*args) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 93

def exec(*args)
  seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)
  seatbelt.write(@profile.dump)
  seatbelt.close
  @start = Time.now

  begin
    command = [SANDBOX_EXEC, "-f", seatbelt.path, *args]
    # Start sandbox in a pseudoterminal to prevent access of the parent terminal.
    PTY.spawn(*command) do |r, w, pid|
      # Set the PTY's window size to match the parent terminal.
      # Some formula tests are sensitive to the terminal size and fail if this is not set.
      winch = proc do |_sig|
        w.winsize = if $stdout.tty?
          # We can only use IO#winsize if the IO object is a TTY.
          $stdout.winsize
        else
          # Otherwise, default to tput, if available.
          # This relies on ncurses rather than the system's ioctl.
          [Utils.popen_read("tput", "lines").to_i, Utils.popen_read("tput", "cols").to_i]
        end
      end

      write_to_pty = proc do
        # Don't hang if stdin is not able to be used - throw EIO instead.
        old_ttin = trap(:TTIN, "IGNORE")

        # Update the window size whenever the parent terminal's window size changes.
        old_winch = trap(:WINCH, &winch)
        winch.call(nil)

        stdin_thread = Thread.new do
          IO.copy_stream($stdin, w)
        rescue Errno::EIO
          # stdin is unavailable - move on.
        end

        r.each_char { |c| print(c) }

        Process.wait(pid)
      ensure
        stdin_thread&.kill
        trap(:TTIN, old_ttin)
        trap(:WINCH, old_winch)
      end

      if $stdin.tty?
        # If stdin is a TTY, use io.raw to set stdin to a raw, passthrough
        # mode while we copy the input/output of the process spawned in the
        # PTY. After we've finished copying to/from the PTY process, io.raw
        # will restore the stdin TTY to its original state.
        begin
          # Ignore SIGTTOU as setting raw mode will hang if the process is in the background.
          old_ttou = trap(:TTOU, "IGNORE")
          $stdin.raw(&write_to_pty)
        ensure
          trap(:TTOU, old_ttou)
        end
      else
        write_to_pty.call
      end
    end
    raise ErrorDuringExecution.new(command, status: $CHILD_STATUS) unless $CHILD_STATUS.success?
  rescue
    @failed = true
    raise
  ensure
    seatbelt.unlink
    sleep 0.1 # wait for a bit to let syslog catch up the latest events.
    syslog_args = [
      "-F", "$((Time)(local)) $(Sender)[$(PID)]: $(Message)",
      "-k", "Time", "ge", @start.to_i.to_s,
      "-k", "Message", "S", "deny",
      "-k", "Sender", "kernel",
      "-o",
      "-k", "Time", "ge", @start.to_i.to_s,
      "-k", "Message", "S", "deny",
      "-k", "Sender", "sandboxd"
    ]
    logs = Utils.popen_read("syslog", *syslog_args)

    # These messages are confusing and non-fatal, so don't report them.
    logs = logs.lines.reject { |l| l.match(/^.*Python\(\d+\) deny file-write.*pyc$/) }.join

    unless logs.empty?
      if @logfile
        File.open(@logfile, "w") do |log|
          log.write logs
          log.write "\nWe use time to filter sandbox log. Therefore, unrelated logs may be recorded.\n"
        end
      end

      if @failed && Homebrew::EnvConfig.verbose?
        ohai "Sandbox Log", logs
        $stdout.flush # without it, brew test-bot would fail to catch the log
      end
    end
  end
end

#record_log(file) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'sandbox.rb', line 26

def record_log(file)
  @logfile = file
end