1/*
2 * Copyright (c) 2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23/*
24 * FILE: safecalls.h
25 * AUTH: Soren Spies (sspies)
26 * DATE: 16 June 2006 (Copyright Apple Computer, Inc)
27 * DESC: picky syscalls (constrained to one volume)
28 *
29 * CAVEAT: fchdir is used heavily ... until we have openat(2) and/or
30 * per-thread chdir, this code is not safe to use on multiple threads.
31 * we attempt to restore CWD within each call, but failure is not returned
32 *
33 */
34
35#include <sys/types.h>
36
37// secure versions of common syscalls (only if args on vol specified by fd)
38
39// O_EXCL added if O_CREAT specified
40int sopen(int fdvol, const char *path, int flags, mode_t mode);
41// WARNING: child will point to basename() [static] data
42// additionally, caller must close non-(-1) olddir if requested (cf. restoredir)
43int schdir(int fdvol, const char *path, int *olddir);
44int schdirparent(int fdvol, const char *path, int *olddir, char childname[PATH_MAX]);
45int restoredir(int savedir);        // check errors if you want them
46
47// these are trivially implemented with the above
48int smkdir(int fdvol, const char *path, mode_t mode);
49int srmdir(int fdvol, const char *path);
50int sunlink(int fdvol, const char *path);
51// srename only renames within a directory; uses basename(newname)
52int srename(int fdvol, const char *oldpath, const char *newname);
53
54// uses FTS to recurse downwards, calling sunlink and srmdir as appropriate
55int sdeepunlink(int fdvol, char *path);     // fts_open won't take const char*
56// overwrite a file with zeros; attempt to ftruncate; no unlink; ENOENT okay
57int szerofile(int fdvol, const char *path);
58// 'mkdir -p' (recursively applies mode)
59int sdeepmkdir(int fdvol, const char *path, mode_t mode);
60// creates intermediate directories for you; only copies one file
61int scopyitem(int srcvolfd, const char *src, int dstvolfd, const char *dst);
62
63#ifndef STRICT_SAFETY
64#define STRICT_SAFETY 1
65#endif
66#if STRICT_SAFETY
67
68// #define open()               // #error use sopen (need a chicken)
69#define chdir()                 // #error use schdir
70
71#define mkdir()                 // #error use smkdir
72#define rmdir()                 // #error use srmdir
73#define unlink()                // #error use sunlink
74#define rename()                // #error srename
75
76#define copyfile()              // #error use scopyfile
77
78#endif // STRICT_SAFETY
79