Module: OS::Mac::Sandbox::ClassMethods Private

Extended by:
T::Helpers
Defined in:
extend/os/mac/sandbox.rb

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Instance Method Summary collapse

Instance Method Details

#available?Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

  • (Boolean) 


66
67
68
 
# File 'extend/os/mac/sandbox.rb', line 66

def available?
  File.executable?(SANDBOX_EXEC)
end

#nested_sandbox?Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Nested sandbox-exec invocations hang inside an existing macOS sandbox (e.g. an agent's), so detect that via the libSystem sandbox_check syscall. The shared avoid_nested_sandboxing? only calls this once the $HOMEBREW_AVOID_NESTED_SANDBOXING opt-in is set.

Returns:

  • (Boolean) 


75
76
77
78
79
80
81
82
83
84
 
# File 'extend/os/mac/sandbox.rb', line 75

def nested_sandbox?
  sandbox_check = Fiddle::Function.new(
    Fiddle.dlopen(nil)["sandbox_check"],
    [Fiddle::TYPE_INT, Fiddle::TYPE_VOIDP, Fiddle::TYPE_INT],
    Fiddle::TYPE_INT,
  )
  sandbox_check.call(Process.pid, nil, 0) == 1
rescue Fiddle::DLError
  false
end

#terminal_ioctl_requestInteger

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:



87
88
89
 
# File 'extend/os/mac/sandbox.rb', line 87

def terminal_ioctl_request
  TIOCSCTTY
end