Author: Armin Rigo <[email protected]>
Branch: sandbox-2
Changeset: r97290:76b447660dd6
Date: 2019-08-27 09:26 +0200
http://bitbucket.org/pypy/pypy/changeset/76b447660dd6/
Log: More review of the posix modules
diff --git a/rpython/rlib/rposix.py b/rpython/rlib/rposix.py
--- a/rpython/rlib/rposix.py
+++ b/rpython/rlib/rposix.py
@@ -395,12 +395,14 @@
save_err=rffi.RFFI_SAVE_ERRNO)
c_open = external(UNDERSCORE_ON_WIN32 + 'open',
[rffi.CCHARP, rffi.INT, rffi.MODE_T], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO,
+ sandboxsafe="nowrite")
# Win32 Unicode functions
c_wopen = external(UNDERSCORE_ON_WIN32 + 'wopen',
[rffi.CWCHARP, rffi.INT, rffi.MODE_T], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO,
+ sandboxsafe="nowrite")
#___________________________________________________________________
# Wrappers around posix functions, that accept either strings, or
@@ -495,7 +497,6 @@
#___________________________________________________________________
-@sandbox_review(reviewed=True)
@replace_os_function('open')
@specialize.argtype(0)
@enforceargs(NOT_CONSTANT, int, int, typecheck=False)
@@ -652,13 +653,13 @@
#___________________________________________________________________
c_chdir = external('chdir', [rffi.CCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_fchdir = external('fchdir', [rffi.INT], rffi.INT,
save_err=rffi.RFFI_SAVE_ERRNO)
c_access = external(UNDERSCORE_ON_WIN32 + 'access',
- [rffi.CCHARP, rffi.INT], rffi.INT)
+ [rffi.CCHARP, rffi.INT], rffi.INT, sandboxsafe="nowrite")
c_waccess = external(UNDERSCORE_ON_WIN32 + 'waccess',
- [rffi.CWCHARP, rffi.INT], rffi.INT)
+ [rffi.CWCHARP, rffi.INT], rffi.INT, sandboxsafe="nowrite")
@replace_os_function('chdir')
@specialize.argtype(0)
@@ -714,7 +715,6 @@
with FdValidator(fd):
handle_posix_error('fchdir', c_fchdir(fd))
-@sandbox_review(reviewed=True)
@replace_os_function('access')
@specialize.argtype(0)
def access(path, mode):
@@ -817,9 +817,11 @@
DIRENT = dirent_config['DIRENT']
DIRENTP = lltype.Ptr(DIRENT)
c_opendir = external('opendir',
- [rffi.CCHARP], DIRP, save_err=rffi.RFFI_SAVE_ERRNO)
+ [rffi.CCHARP], DIRP, save_err=rffi.RFFI_SAVE_ERRNO,
+ sandboxsafe="nowrite")
c_fdopendir = external('fdopendir',
- [rffi.INT], DIRP, save_err=rffi.RFFI_SAVE_ERRNO)
+ [rffi.INT], DIRP, save_err=rffi.RFFI_SAVE_ERRNO,
+ sandboxsafe="nowrite")
c_rewinddir = external('rewinddir',
[DIRP], lltype.Void, releasegil=False)
# XXX macro=True is hack to make sure we get the correct kind of
@@ -834,6 +836,7 @@
else:
dirent_config = {}
+@sandbox_review(reviewed=True)
def _listdir(dirp, rewind=False):
result = []
while True:
@@ -853,6 +856,7 @@
return result
if not _WIN32:
+ @sandbox_review(reviewed=True)
def fdlistdir(dirfd):
"""
Like listdir(), except that the directory is specified as an open
@@ -927,17 +931,17 @@
#___________________________________________________________________
c_execv = external('execv', [rffi.CCHARP, rffi.CCHARPP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_execve = external('execve',
[rffi.CCHARP, rffi.CCHARPP, rffi.CCHARPP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_spawnv = external(UNDERSCORE_ON_WIN32 + 'spawnv',
[rffi.INT, rffi.CCHARP, rffi.CCHARPP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_spawnve = external(UNDERSCORE_ON_WIN32 + 'spawnve',
[rffi.INT, rffi.CCHARP, rffi.CCHARPP, rffi.CCHARPP],
rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
@replace_os_function('execv')
def execv(path, args):
@@ -1116,6 +1120,7 @@
c_getloadavg = external('getloadavg',
[rffi.CArrayPtr(lltype.Float), rffi.INT], rffi.INT)
+@sandbox_review(reviewed=True)
@replace_os_function('getlogin')
def getlogin():
result = c_getlogin()
@@ -1123,6 +1128,7 @@
raise OSError(get_saved_errno(), "getlogin failed")
return rffi.charp2str(result)
+@sandbox_review(reviewed=True)
@replace_os_function('getloadavg')
def getloadavg():
load = lltype.malloc(rffi.CArrayPtr(lltype.Float).TO, 3, flavor='raw')
@@ -1140,6 +1146,7 @@
[rffi.CCHARP, rffi.CCHARP, rffi.SIZE_T], rffi.SSIZE_T,
save_err=rffi.RFFI_SAVE_ERRNO)
+@sandbox_review(reviewed=True)
@replace_os_function('readlink')
def readlink(path):
path = _as_bytes0(path)
@@ -1174,6 +1181,7 @@
releasegil=False,
save_err=rffi.RFFI_SAVE_ERRNO)
+@sandbox_review(reviewed=True)
@replace_os_function('ttyname')
def ttyname(fd):
l_name = c_ttyname(fd)
@@ -1184,6 +1192,7 @@
c_strerror = external('strerror', [rffi.INT], rffi.CCHARP,
releasegil=False, sandboxsafe=True)
+@sandbox_review(reviewed=True)
@replace_os_function('strerror')
def strerror(errnum):
res = c_strerror(errnum)
@@ -1191,20 +1200,20 @@
raise ValueError("os_strerror failed")
return rffi.charp2str(res)
-c_system = external('system', [rffi.CCHARP], rffi.INT)
+c_system = external('system', [rffi.CCHARP], rffi.INT, sandboxsafe="nowrite")
@replace_os_function('system')
def system(command):
return widen(c_system(command))
c_unlink = external('unlink', [rffi.CCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_mkdir = external('mkdir', [rffi.CCHARP, rffi.MODE_T], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_rmdir = external(UNDERSCORE_ON_WIN32 + 'rmdir', [rffi.CCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_wrmdir = external(UNDERSCORE_ON_WIN32 + 'wrmdir', [rffi.CWCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
@replace_os_function('unlink')
@specialize.argtype(0)
@@ -1238,11 +1247,11 @@
handle_posix_error('rmdir', c_rmdir(_as_bytes0(path)))
c_chmod = external('chmod', [rffi.CCHARP, rffi.MODE_T], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_fchmod = external('fchmod', [rffi.INT, rffi.MODE_T], rffi.INT,
save_err=rffi.RFFI_SAVE_ERRNO,)
c_rename = external('rename', [rffi.CCHARP, rffi.CCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
@replace_os_function('chmod')
@specialize.argtype(0)
@@ -1299,10 +1308,11 @@
#___________________________________________________________________
c_mkfifo = external('mkfifo', [rffi.CCHARP, rffi.MODE_T], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_mknod = external('mknod', [rffi.CCHARP, rffi.MODE_T, rffi.INT], rffi.INT,
# # xxx: actually ^^^ dev_t
- macro=_MACRO_ON_POSIX, save_err=rffi.RFFI_SAVE_ERRNO)
+ macro=_MACRO_ON_POSIX, save_err=rffi.RFFI_SAVE_ERRNO,
+ sandboxsafe="nowrite")
@replace_os_function('mkfifo')
@specialize.argtype(0)
@@ -1391,9 +1401,9 @@
lltype.free(filedes, flavor='raw')
c_link = external('link', [rffi.CCHARP, rffi.CCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO,)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_symlink = external('symlink', [rffi.CCHARP, rffi.CCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
#___________________________________________________________________
@@ -1426,9 +1436,9 @@
return widen(c_umask(newmask))
c_chown = external('chown', [rffi.CCHARP, rffi.INT, rffi.INT], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_lchown = external('lchown', [rffi.CCHARP, rffi.INT, rffi.INT], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_fchown = external('fchown', [rffi.INT, rffi.INT, rffi.INT], rffi.INT,
save_err=rffi.RFFI_SAVE_ERRNO)
@@ -1686,12 +1696,14 @@
c_ctermid = external('ctermid', [rffi.CCHARP], rffi.CCHARP)
+@sandbox_review(reviewed=True)
@replace_os_function('ctermid')
def ctermid():
return rffi.charp2str(c_ctermid(lltype.nullptr(rffi.CCHARP.TO)))
c_tmpnam = external('tmpnam', [rffi.CCHARP], rffi.CCHARP)
+@sandbox_review(reviewed=True)
@replace_os_function('tmpnam')
def tmpnam():
return rffi.charp2str(c_tmpnam(lltype.nullptr(rffi.CCHARP.TO)))
@@ -1743,8 +1755,10 @@
c_setgroups = external('setgroups', [rffi.SIZE_T, GID_GROUPS_T], rffi.INT,
save_err=rffi.RFFI_SAVE_ERRNO)
c_initgroups = external('initgroups', [rffi.CCHARP, GID_T], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO,
+ sandboxsafe="nowrite")
+@sandbox_review(reviewed=True)
@replace_os_function('getgroups')
def getgroups():
n = handle_posix_error('getgroups',
@@ -1962,6 +1976,7 @@
c_chroot = external('chroot', [rffi.CCHARP], rffi.INT,
save_err=rffi.RFFI_SAVE_ERRNO,
macro=_MACRO_ON_POSIX,
+ sandboxsafe="nowrite",
compilation_info=ExternalCompilationInfo(includes=['unistd.h']))
@replace_os_function('chroot')
@@ -1987,6 +2002,7 @@
compilation_info=CConfig._compilation_info_,
save_err=rffi.RFFI_SAVE_ERRNO)
+@sandbox_review(reviewed=True)
@replace_os_function('uname')
def uname():
l_utsbuf = lltype.malloc(UTSNAMEP.TO, flavor='raw')
@@ -2030,7 +2046,8 @@
c_fpathconf = external('fpathconf', [rffi.INT, rffi.INT], rffi.LONG,
save_err=rffi.RFFI_FULL_ERRNO_ZERO)
c_pathconf = external('pathconf', [rffi.CCHARP, rffi.INT], rffi.LONG,
- save_err=rffi.RFFI_FULL_ERRNO_ZERO)
+ save_err=rffi.RFFI_FULL_ERRNO_ZERO,
+ sandboxsafe="nowrite")
c_confstr = external('confstr',
[rffi.INT, rffi.CCHARP, rffi.SIZE_T], rffi.SIZE_T,
save_err=rffi.RFFI_FULL_ERRNO_ZERO)
@@ -2062,6 +2079,7 @@
raise OSError(errno, "pathconf failed")
return res
+@sandbox_review(reviewed=True)
@replace_os_function('confstr')
def confstr(value):
n = intmask(c_confstr(value, lltype.nullptr(rffi.CCHARP.TO), 0))
@@ -2135,7 +2153,8 @@
if HAVE_FACCESSAT:
c_faccessat = external('faccessat',
- [rffi.INT, rffi.CCHARP, rffi.INT, rffi.INT], rffi.INT)
+ [rffi.INT, rffi.CCHARP, rffi.INT, rffi.INT], rffi.INT,
+ sandboxsafe="nowrite")
def faccessat(pathname, mode, dir_fd=AT_FDCWD,
effective_ids=False, follow_symlinks=True):
@@ -2153,7 +2172,7 @@
if HAVE_FCHMODAT:
c_fchmodat = external('fchmodat',
[rffi.INT, rffi.CCHARP, rffi.INT, rffi.INT], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO,)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def fchmodat(path, mode, dir_fd=AT_FDCWD, follow_symlinks=True):
if follow_symlinks:
@@ -2166,7 +2185,7 @@
if HAVE_FCHOWNAT:
c_fchownat = external('fchownat',
[rffi.INT, rffi.CCHARP, rffi.INT, rffi.INT, rffi.INT], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO,)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def fchownat(path, owner, group, dir_fd=AT_FDCWD,
follow_symlinks=True, empty_path=False):
@@ -2181,7 +2200,7 @@
if HAVE_FEXECVE:
c_fexecve = external('fexecve',
[rffi.INT, rffi.CCHARPP, rffi.CCHARPP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def fexecve(fd, args, env):
envstrs = []
@@ -2202,7 +2221,7 @@
c_linkat = external(
'linkat',
[rffi.INT, rffi.CCHARP, rffi.INT, rffi.CCHARP, rffi.INT], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def linkat(src, dst, src_dir_fd=AT_FDCWD, dst_dir_fd=AT_FDCWD,
follow_symlinks=True):
@@ -2296,7 +2315,7 @@
if HAVE_MKDIRAT:
c_mkdirat = external('mkdirat',
[rffi.INT, rffi.CCHARP, rffi.INT], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def mkdirat(pathname, mode, dir_fd=AT_FDCWD):
error = c_mkdirat(dir_fd, pathname, mode)
@@ -2305,7 +2324,7 @@
if HAVE_UNLINKAT:
c_unlinkat = external('unlinkat',
[rffi.INT, rffi.CCHARP, rffi.INT], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def unlinkat(pathname, dir_fd=AT_FDCWD, removedir=False):
flag = AT_REMOVEDIR if removedir else 0
@@ -2343,7 +2362,7 @@
c_renameat = external(
'renameat',
[rffi.INT, rffi.CCHARP, rffi.INT, rffi.CCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def renameat(src, dst, src_dir_fd=AT_FDCWD, dst_dir_fd=AT_FDCWD):
error = c_renameat(src_dir_fd, src, dst_dir_fd, dst)
@@ -2353,7 +2372,7 @@
if HAVE_SYMLINKAT:
c_symlinkat = external('symlinkat',
[rffi.CCHARP, rffi.INT, rffi.CCHARP], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def symlinkat(src, dst, dir_fd=AT_FDCWD):
error = c_symlinkat(src, dir_fd, dst)
@@ -2362,7 +2381,7 @@
if HAVE_OPENAT:
c_openat = external('openat',
[rffi.INT, rffi.CCHARP, rffi.INT, rffi.MODE_T], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
@enforceargs(s_Str0, int, int, int, typecheck=False)
def openat(path, flags, mode, dir_fd=AT_FDCWD):
@@ -2372,7 +2391,7 @@
if HAVE_MKFIFOAT:
c_mkfifoat = external('mkfifoat',
[rffi.INT, rffi.CCHARP, rffi.MODE_T], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def mkfifoat(path, mode, dir_fd=AT_FDCWD):
error = c_mkfifoat(dir_fd, path, mode)
@@ -2381,7 +2400,7 @@
if HAVE_MKNODAT:
c_mknodat = external('mknodat',
[rffi.INT, rffi.CCHARP, rffi.MODE_T, rffi.INT], rffi.INT,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
def mknodat(path, mode, device, dir_fd=AT_FDCWD):
error = c_mknodat(dir_fd, path, mode, device)
@@ -2693,29 +2712,29 @@
[rffi.INT, rffi.CCHARP, rffi.CCHARP, rffi.SIZE_T, rffi.INT],
rffi.INT,
compilation_info=CConfig._compilation_info_,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_setxattr = external('setxattr',
[rffi.CCHARP, rffi.CCHARP, rffi.CCHARP, rffi.SIZE_T, rffi.INT],
rffi.INT,
compilation_info=CConfig._compilation_info_,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_lsetxattr = external('lsetxattr',
[rffi.CCHARP, rffi.CCHARP, rffi.CCHARP, rffi.SIZE_T, rffi.INT],
rffi.INT,
compilation_info=CConfig._compilation_info_,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_fremovexattr = external('fremovexattr',
[rffi.INT, rffi.CCHARP], rffi.INT,
compilation_info=CConfig._compilation_info_,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_removexattr = external('removexattr',
[rffi.CCHARP, rffi.CCHARP], rffi.INT,
compilation_info=CConfig._compilation_info_,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_lremovexattr = external('lremovexattr',
[rffi.CCHARP, rffi.CCHARP], rffi.INT,
compilation_info=CConfig._compilation_info_,
- save_err=rffi.RFFI_SAVE_ERRNO)
+ save_err=rffi.RFFI_SAVE_ERRNO, sandboxsafe="nowrite")
c_flistxattr = external('flistxattr',
[rffi.INT, rffi.CCHARP, rffi.SIZE_T], rffi.SSIZE_T,
compilation_info=CConfig._compilation_info_,
@@ -2730,6 +2749,7 @@
save_err=rffi.RFFI_SAVE_ERRNO)
buf_sizes = [256, XATTR_SIZE_MAX]
+ @sandbox_review(reviewed=True)
def fgetxattr(fd, name):
for size in buf_sizes:
with rffi.scoped_alloc_buffer(size) as buf:
@@ -2744,6 +2764,7 @@
else:
raise OSError(errno.ERANGE, 'fgetxattr failed')
+ @sandbox_review(reviewed=True)
def getxattr(path, name, follow_symlinks=True):
for size in buf_sizes:
with rffi.scoped_alloc_buffer(size) as buf:
@@ -2789,6 +2810,7 @@
del result[-1]
return result
+ @sandbox_review(reviewed=True)
def flistxattr(fd):
for size in buf_sizes:
with rffi.scoped_alloc_buffer(size) as buf:
@@ -2802,6 +2824,7 @@
else:
raise OSError(errno.ERANGE, 'flistxattr failed')
+ @sandbox_review(reviewed=True)
def listxattr(path, follow_symlinks=True):
for size in buf_sizes:
with rffi.scoped_alloc_buffer(size) as buf:
diff --git a/rpython/rlib/rposix_environ.py b/rpython/rlib/rposix_environ.py
--- a/rpython/rlib/rposix_environ.py
+++ b/rpython/rlib/rposix_environ.py
@@ -198,6 +198,7 @@
os_unsetenv = llexternal('unsetenv', [rffi.CCHARP], rffi.INT,
save_err=rffi.RFFI_SAVE_ERRNO)
+ @sandbox_review(reviewed=True)
def r_unsetenv(name):
with rffi.scoped_str2charp(name) as l_name:
error = rffi.cast(lltype.Signed, os_unsetenv(l_name))
diff --git a/rpython/rlib/rposix_stat.py b/rpython/rlib/rposix_stat.py
--- a/rpython/rlib/rposix_stat.py
+++ b/rpython/rlib/rposix_stat.py
@@ -535,6 +535,7 @@
compilation_info=compilation_info,
save_err=rffi.RFFI_SAVE_ERRNO)
+@sandbox_review(reviewed=True)
@replace_os_function('fstat')
def fstat(fd):
if not _WIN32:
@@ -642,12 +643,14 @@
handle_posix_error('fstatat', error)
return build_stat_result(stresult)
+@sandbox_review(reviewed=True)
@replace_os_function('fstatvfs')
def fstatvfs(fd):
with lltype.scoped_alloc(STATVFS_STRUCT.TO) as stresult:
handle_posix_error('fstatvfs', c_fstatvfs(fd, stresult))
return build_statvfs_result(stresult)
+@sandbox_review(reviewed=True)
@replace_os_function('statvfs')
@specialize.argtype(0)
def statvfs(path):
diff --git a/rpython/rlib/rtime.py b/rpython/rlib/rtime.py
--- a/rpython/rlib/rtime.py
+++ b/rpython/rlib/rtime.py
@@ -236,6 +236,7 @@
diff = a[0] - state.counter_start
return float(diff) / state.divisor
+@sandbox_review(reviewed=True)
@replace_time_function('clock')
def clock():
if _WIN32:
diff --git a/rpython/rtyper/lltypesystem/rffi.py
b/rpython/rtyper/lltypesystem/rffi.py
--- a/rpython/rtyper/lltypesystem/rffi.py
+++ b/rpython/rtyper/lltypesystem/rffi.py
@@ -102,7 +102,13 @@
is sandboxed. If False, it will turn into a stdin/stdout
communication with the parent process. If "check_caller",
it is like True but we call @sandbox_review(check_caller=True)
- which means that we need to also check the callers.
+ which means that we need to also check the callers. If
+ "nowrite", we don't need to check the callers. The default
+ of False either implies "check_caller" or "nowrite"
+ depending on whether the function takes and returns pointer
+ arguments or not. Use "nowrite" only if the external
+ function call will only *read* from 'char *' or other data
+ structures passed in.
calling_conv: if 'unknown' or 'win', the C function is not directly seen
by the JIT. If 'c', it can be seen (depending on
@@ -344,6 +350,8 @@
wrapper = sandbox_review(check_caller=True)(wrapper)
elif sandboxsafe == 'abort':
wrapper = sandbox_review(abort=True)(wrapper)
+ elif sandboxsafe == 'nowrite':
+ wrapper = sandbox_review(reviewed=True)(wrapper)
else:
assert isinstance(sandboxsafe, bool)
if sandboxsafe or (all(_sandbox_type_safe(ARG) for ARG in args) and
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit
