1/* 2 * Copyright (c) 2007 Apple Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23/* 24 * FILE: safecalls.h 25 * AUTH: Soren Spies (sspies) 26 * DATE: 16 June 2006 (Copyright Apple Computer, Inc) 27 * DESC: picky syscalls (constrained to one volume) 28 * 29 * CAVEAT: fchdir is used heavily ... until we have openat(2) and/or 30 * per-thread chdir, this code is not safe to use on multiple threads. 31 * we attempt to restore CWD within each call, but failure is not returned 32 * 33 */ 34 35#include <sys/types.h> 36 37// secure versions of common syscalls (only if args on vol specified by fd) 38 39// O_EXCL added if O_CREAT specified 40int sopen(int fdvol, const char *path, int flags, mode_t mode); 41// WARNING: child will point to basename() [static] data 42// additionally, caller must close non-(-1) olddir if requested (cf. restoredir) 43int schdir(int fdvol, const char *path, int *olddir); 44int schdirparent(int fdvol, const char *path, int *olddir, char childname[PATH_MAX]); 45int restoredir(int savedir); // check errors if you want them 46 47// these are trivially implemented with the above 48int smkdir(int fdvol, const char *path, mode_t mode); 49int srmdir(int fdvol, const char *path); 50int sunlink(int fdvol, const char *path); 51// srename only renames within a directory; uses basename(newname) 52int srename(int fdvol, const char *oldpath, const char *newname); 53 54// uses FTS to recurse downwards, calling sunlink and srmdir as appropriate 55int sdeepunlink(int fdvol, char *path); // fts_open won't take const char* 56// overwrite a file with zeros; attempt to ftruncate; no unlink; ENOENT okay 57int szerofile(int fdvol, const char *path); 58// 'mkdir -p' (recursively applies mode) 59int sdeepmkdir(int fdvol, const char *path, mode_t mode); 60// creates intermediate directories for you; only copies one file 61int scopyitem(int srcvolfd, const char *src, int dstvolfd, const char *dst); 62 63#ifndef STRICT_SAFETY 64#define STRICT_SAFETY 1 65#endif 66#if STRICT_SAFETY 67 68// #define open() // #error use sopen (need a chicken) 69#define chdir() // #error use schdir 70 71#define mkdir() // #error use smkdir 72#define rmdir() // #error use srmdir 73#define unlink() // #error use sunlink 74#define rename() // #error srename 75 76#define copyfile() // #error use scopyfile 77 78#endif // STRICT_SAFETY 79