git.tinc-vpn.org Git - tinc/blob - src/sandbox.h

   1 #ifndef TINC_SANDBOX_H
   2 #define TINC_SANDBOX_H
   3
   4 #include "system.h"
   5
   6 typedef enum sandbox_level_t {
   7         SANDBOX_NONE,
   8         SANDBOX_NORMAL,
   9         SANDBOX_HIGH,
  10 } sandbox_level_t;
  11
  12 typedef enum sandbox_action_t {
  13         START_PROCESSES, // Start child processes
  14         USE_NEW_PATHS,   // Access to filesystem paths that were not known at the start of the process
  15 } sandbox_action_t;
  16
  17 typedef enum sandbox_time_t {
  18         AFTER_SANDBOX, // Check if the action can be performed after entering sandbox
  19         RIGHT_NOW,     // Check if the action can be performed right now
  20 } sandbox_time_t;
  21
  22 // Check if the current process has enough privileges to perform the action
  23 extern bool sandbox_can(sandbox_action_t action, sandbox_time_t when);
  24
  25 // Set the expected sandbox level. Call sandbox_enter() to actually apply it.
  26 extern void sandbox_set_level(sandbox_level_t level);
  27
  28 // Enter sandbox using the passed level. Returns true if successful.
  29 // Obviously, this is a one-way function, there's no way to reverse it.
  30 extern bool sandbox_enter(void);
  31
  32 #endif // TINC_SANDBOX_H