These security plugin calls then call the platform api calls
secCanCreatePathOfSize ioCanCreatePathOfSize if allowFileAccess return 1, otherwise call isAccessiblePathName
secCanDeletePathOfSize ioCanDeletePathOfSize if allowFileAccess return 1, otherwise call isAccessiblePathName
secCanGetFileTypeOfSize ioCanGetFileTypeOfSize return 1
secCanListPathOfSize ioCanListPathOfSize if allowFileAccess return 1, otherwise call isAccessiblePathName
secCanSetFileTypeOfSize ioCanSetFileTypeOfSize return 1
secDisableFileAccess ioDisableFileAccess allowFileAccess = 0
secCanDeleteFileOfSize ioCanDeleteFileOfSize if allowFileAccess return 1, otherwise call isAccessibleFileName
secCanOpenFileOfSizeWritable ioCanOpenFileOfSizeWritable if allowFileAccess return 1, otherwise call isAccessibleFileName
secCanRenameFileOfSize ioCanRenameFileOfSize if allowFileAccess return 1, otherwise call isAccessibleFileName
secHasFileAccess ioHasFileAccess return allowFileAccess
isAccessibleFileName
check to see if the filename is in the untrustedUserDirectory path
isAccessiblePathName
check to see if the path is in the untrustedUserDirectory path
MacIntosh
os-9/OSXCarbon
mirror of windows code
Cocoa:
TBD
iPhone
mirror of windows code
Unix
rewritten code, handles null terminated character and compares between trusted, untrusted paths and incoming data correctly.
Windows
Original code
Check for c:\My Squeak\allowed\..\..\"
BUGS
macintosh does not check for ../../../ etc...
Also macintosh and windows not check lengths properly, see unix version for proper implementation
Also question about encoding, what is encoding for incoming data, versus trusted and untrusted directories
It is quite possible to defeat any sand boxing by coding path level indirection or using tricks like setting up an alias or symbolic link file/directory within the trusted/untrusted directory path.
