Class: Sandbox

Inherits:
Data show all

Overview

Sandbox class which restricts the access to network, to files, etc. Sandbox class is implemented using the sandbox(7).

You can restrict easily your application to access the network by Sandbox.no_network.apply!. Ruby methods and Cocoa APIs both are restricted by the Sandbox.

The Sandbox is a good companion to the Ruby standard $SAFE functionality, you may use the Sandbox and $SAFE at the same time.

The Sandbox will be able to restrict your application,

- TCP/IP networking is prohibited.
- All sockets-based networking is prohibited.
- File system writes are prohibited.
- File system writes are restricted to temporary folders.
- All operating system services are prohibited.

As notes,

- Restriction is not able to change after applying.
- Restricts with respect to each process.

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods inherited from NSObject

#!, #!=, #!~, #, #==, #===, #=~, #Rational, #__callee__, #__method__, #__send__, #__type__, `, allocWithZone:, #autoContentAccessingProxy, autoload, autoload?, autorelease_pool, #awakeAfterUsingCoder:, binding, block_given?, caller, cancelPreviousPerformRequestsWithTarget:, cancelPreviousPerformRequestsWithTarget:selector:object:, catch, class, classFallbacksForKeyedArchiver, #classForCoder, #classForKeyedArchiver, classForKeyedUnarchiver, #clone, conformsToProtocol:, #copy, copyWithZone:, #dealloc, #define_singleton_method, description, display, #doesNotRecognizeSelector:, #dup, #enum_for, #eql?, #equal?, #extend, fail, #finalize, format, #forwardInvocation:, #forwardingTargetForSelector:, framework, #freeze, #frozen?, getpass, gets, global_variables, #init, initialize, #initialize_clone, #initialize_copy, #initialize_dup, #inspect, instanceMethodForSelector:, instanceMethodSignatureForSelector:, #instance_eval, #instance_exec, #instance_of?, #instance_variable_defined?, #instance_variable_get, #instance_variable_set, #instance_variables, instancesRespondToSelector:, isSubclassOfClass:, #is_a?, iterator?, #kind_of?, lambda, load, load_bridge_support_file, load_plist, local_variables, loop, #method, #methodForSelector:, #methodSignatureForSelector:, #methods, #mutableCopy, mutableCopyWithZone:, new, #nil?, open, p, #performSelector:onThread:withObject:waitUntilDone:, #performSelector:onThread:withObject:waitUntilDone:modes:, #performSelector:withObject:afterDelay:, #performSelector:withObject:afterDelay:inModes:, #performSelectorInBackground:withObject:, #performSelectorOnMainThread:withObject:waitUntilDone:, #performSelectorOnMainThread:withObject:waitUntilDone:modes:, print, printf, #private_methods, proc, #protected_methods, #public_method, #public_methods, #public_send, putc, puts, raise, rand, readline, readlines, #replacementObjectForCoder:, #replacementObjectForKeyedArchiver:, require, resolveClassMethod:, resolveInstanceMethod:, #respond_to?, #respond_to_missing?, select, #send, setVersion:, #singleton_methods, sprintf, srand, superclass, #taint, #tainted?, #tap, test, throw, #to_plist, #to_s, trace_var, trap, #trust, #untaint, untrace_var, #untrust, #untrusted?, version

Constructor Details

- (Object) initialize

:nodoc:

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class NSObject

Class Method Details

+ (Object) alloc

:nodoc:

+ (Sandbox) no_internet

Restricts TCP/IP networking in current process and returns a Sandbox instance.

Returns:

+ (Sandbox) no_network

Restricts all sockets-based networking in current process and returns a Sandbox instance.

Returns:

+ (Sandbox) no_writes

Restricts to write in current process and returns a Sandbox instance.

Returns:

+ (Sandbox) pure_computation

Restricts all operating system services in current process and returns a Sandbox instance.

Returns:

+ (Sandbox) temporary_writes

Restricts to write outside temporary folders in current process and returns a Sandbox instance.

Returns:

Instance Method Details

- (Object) apply!

Applies the restriction.