karm-sys: Added API for sandboxing.

skift-org · Nov 12, 2024 · 252a856 · 252a856
1 parent 9b609c1
commit 252a856
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 2 deletions.
diff --git a/src/impls/impl-posix/sys.cpp b/src/impls/impl-posix/sys.cpp
@@ -17,6 +17,7 @@
 //
 #include <karm-io/funcs.h>
 #include <karm-logger/logger.h>
+#include <karm-sys/proc.h>
 
 #include <karm-sys/_embed.h>
 
@@ -26,6 +27,8 @@
 namespace Karm::Sys::_Embed {
 
 Res<Mime::Path> resolve(Mime::Url const &url) {
+    try$(ensureUnrestricted());
+
     Mime::Path resolved;
     if (url.scheme == "file") {
         resolved = url.path;
@@ -114,6 +117,8 @@ Res<Strong<Fd>> openOrCreateFile(Mime::Url const &url) {
 }
 
 Res<Pair<Strong<Fd>>> createPipe() {
+    try$(ensureUnrestricted());
+
     int fds[2];
 
     if (::pipe(fds) < 0)
@@ -144,6 +149,8 @@ Res<Strong<Fd>> createErr() {
 }
 
 Res<Vec<DirEntry>> readDir(Mime::Url const &url) {
+    try$(ensureUnrestricted());
+
     String str = try$(resolve(url)).str();
 
     DIR *dir = ::opendir(str.buf());
@@ -174,6 +181,8 @@ Res<Vec<DirEntry>> readDir(Mime::Url const &url) {
 }
 
 Res<Stat> stat(Mime::Url const &url) {
+    try$(ensureUnrestricted());
+
     String str = try$(resolve(url)).str();
     struct stat buf;
     if (::stat(str.buf(), &buf) < 0)
@@ -184,6 +193,8 @@ Res<Stat> stat(Mime::Url const &url) {
 // MARK: User interactions -----------------------------------------------------
 
 Res<> launch([[maybe_unused]] Mime::Uti const &uti, [[maybe_unused]] Mime::Url const &url) {
+    try$(ensureUnrestricted());
+
     String str = try$(resolve(url)).str();
 
     int pid = fork();
@@ -220,6 +231,8 @@ Async::Task<> launchAsync(Mime::Uti const &uti, Mime::Url const &url) {
 // MARK: Sockets ---------------------------------------------------------------
 
 Res<Strong<Fd>> listenUdp(SocketAddr addr) {
+    try$(ensureUnrestricted());
+
     int fd = ::socket(AF_INET, SOCK_DGRAM, 0);
     if (fd < 0)
         return Posix::fromLastErrno();
@@ -233,6 +246,8 @@ Res<Strong<Fd>> listenUdp(SocketAddr addr) {
 }
 
 Res<Strong<Fd>> connectTcp(SocketAddr addr) {
+    try$(ensureUnrestricted());
+
     int fd = ::socket(AF_INET, SOCK_STREAM, 0);
     if (fd < 0)
         return Posix::fromLastErrno();
@@ -245,6 +260,8 @@ Res<Strong<Fd>> connectTcp(SocketAddr addr) {
 }
 
 Res<Strong<Fd>> listenTcp(SocketAddr addr) {
+    try$(ensureUnrestricted());
+
     int fd = ::socket(AF_INET, SOCK_STREAM, 0);
     if (fd < 0)
         return Posix::fromLastErrno();
@@ -265,6 +282,8 @@ Res<Strong<Fd>> listenTcp(SocketAddr addr) {
 }
 
 Res<Strong<Fd>> listenIpc(Mime::Url url) {
+    try$(ensureUnrestricted());
+
     int fd = ::socket(AF_UNIX, SOCK_STREAM, 0);
     if (fd < 0)
         return Posix::fromLastErrno();
@@ -421,4 +440,10 @@ Res<> exit(i32 res) {
     return Ok();
 }
 
+// MARK: Sandboxing ------------------------------------------------------------
+
+void hardenSandbox() {
+    logError("could not harden sandbox");
+}
+
 } // namespace Karm::Sys::_Embed
diff --git a/src/libs/karm-image/jpeg/encoder.cpp b/src/libs/karm-image/jpeg/encoder.cpp
@@ -16,7 +16,7 @@ static Res<> _encodeMcu(
     i16 coeff = mcu[0] - previousDC;
     previousDC = mcu[0];
 
-    usize coeffLength = bitLength(abs(coeff));
+    usize coeffLength = bitLength(Math::abs(coeff));
     if (coeffLength > 11) {
         return Error::invalidData("dc coefficient length exceeds 11 bits");
     }
@@ -59,7 +59,7 @@ static Res<> _encodeMcu(
 
         // find coeff length
         coeff = mcu[ZIGZAG[i]];
-        coeffLength = bitLength(abs(coeff));
+        coeffLength = bitLength(Math::abs(coeff));
         if (coeffLength > 10) {
             return Error::invalidData("ac coefficient length exceeds 10 bits");
         }

diff --git a/src/libs/karm-sys/_embed.h b/src/libs/karm-sys/_embed.h
@@ -89,6 +89,10 @@ Res<> sleepUntil(TimeStamp);
 
 Res<> exit(i32);
 
+// MARK: Sandboxing ------------------------------------------------------------
+
+void hardenSandbox();
+
 // MARK: Asynchronous I/O ------------------------------------------------------
 
 Sched &globalSched();

diff --git a/src/libs/karm-sys/proc.cpp b/src/libs/karm-sys/proc.cpp
@@ -0,0 +1,18 @@
+#include "proc.h"
+
+namespace Karm::Sys {
+
+static bool _sandboxed = false;
+
+void enterSandbox() {
+    _Embed::hardenSandbox();
+    _sandboxed = true;
+}
+
+Res<> ensureUnrestricted() {
+    if (_sandboxed)
+        return Error::permissionDenied("sandboxed");
+    return Ok();
+}
+
+} // namespace Karm::Sys
diff --git a/src/libs/karm-sys/proc.h b/src/libs/karm-sys/proc.h
@@ -14,4 +14,10 @@ inline Res<> sleepUntil(TimeStamp until) {
     return _Embed::sleepUntil(until);
 }
 
+// MARK: Sandboxing ------------------------------------------------------------
+
+void enterSandbox();
+
+Res<> ensureUnrestricted();
+
 } // namespace Karm::Sys