Created
September 4, 2009 19:23
-
-
Save hdon/181066 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| donny@pacemates:~/gpsee/narwhal-old$ js test.js | |
| policies: | |
| Policy: | |
| function Policy() { | |
| this.identity = true; | |
| this.requirepath = new SearchPath; | |
| this.filejail = "/"; | |
| } | |
| instance: | |
| identity: | |
| true | |
| requirepath: | |
| allowed: | |
| denied: | |
| filejail: | |
| / | |
| default: | |
| function () { | |
| exports.policies[base].apply(this, arguments); | |
| cons.apply(this, arguments); | |
| } | |
| instance: | |
| identity: | |
| true | |
| requirepath: | |
| allowed: | |
| . | |
| /usr/local/gpsee/libexec | |
| denied: | |
| filejail: | |
| / | |
| narwhal: | |
| function () { | |
| exports.policies[base].apply(this, arguments); | |
| cons.apply(this, arguments); | |
| } | |
| instance: | |
| identity: | |
| true | |
| requirepath: | |
| allowed: | |
| . | |
| /usr/local/gpsee/libexec | |
| /usr/local/narwhal/engines/gpsee | |
| /usr/local/narwhal/lib | |
| denied: | |
| filejail: | |
| / | |
| Some Narwhal Proggy: | |
| function () { | |
| exports.policies[base].apply(this, arguments); | |
| cons.apply(this, arguments); | |
| } | |
| instance: | |
| identity: | |
| true | |
| requirepath: | |
| allowed: | |
| . | |
| /usr/local/gpsee/libexec | |
| /usr/local/narwhal/engines/gpsee | |
| /usr/local/narwhal/lib | |
| /usr/local/lib/somenarwhalproggy | |
| denied: | |
| filejail: | |
| /usr/local/share/somenarwhalproggy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* A SearchPath is a prudent abstraction for composing access policies for any resource which may be found under only | |
| * one of multiple hierarchical locations (local file paths or URLs work.) | |
| * | |
| * Right now implementation doesn't do much but allow() and deny() paths. */ | |
| function SearchPath() { | |
| this.allowed = []; | |
| this.denied = []; | |
| } | |
| SearchPath.prototype.allow = function() { | |
| for (var i=0, l=arguments.length; i<l; i++) | |
| /* Add to allowed list if in neither allowed nor denied list */ | |
| if (this.allowed.indexOf(arguments[i])<0 && this.denied.indexOf(arguments[i])<0) | |
| this.allowed.push(arguments[i]); | |
| } | |
| SearchPath.prototype.deny = function() { | |
| for (var i=0, l=arguments.length; i<l; i++) { | |
| /* Remove from allowed list */ | |
| var allowed = this.allowed.indexOf(arguments[i]); | |
| if (allowed >= 0) | |
| this.allowed.splice(allowed, 1); | |
| /* Add to denied list */ | |
| if (this.denied.indexOf(arguments[i])<0) | |
| this.allowed.push(arguments[i]); | |
| } | |
| } | |
| /* A VirtualFileSystem is like in-process symlinks */ | |
| function VirtualFileSystem() { | |
| /* An empty tree */ | |
| this.tree = {'':{}}; | |
| } | |
| VirtualFileSystem.prototype.pass = function(path) { | |
| } | |
| /* A Policy is just a base class for all policies */ | |
| function Policy() { | |
| this.identity = true; | |
| this.requirepath = new SearchPath(); | |
| this.filejail = '/'; | |
| } | |
| /* Instantiate. Prototypal inheritance and all that jazz. */ | |
| Policy.instance = new Policy(); | |
| /* Fake exports object, for demonstration purposes */ | |
| if (exports === undefined) | |
| var exports = {}; | |
| /* Create list of policies */ | |
| exports.policies = {"Policy":Policy}; | |
| /* The add_policy() function is for convenience in adding policies */ | |
| function add_policy(name, base, cons) { | |
| /* Insert into policy collection */ | |
| exports.policies[name] = function() { | |
| /* Make sure each policy hasOwnProperty() all its important properties */ | |
| exports.policies[base].apply(this, arguments); | |
| cons.apply(this, arguments); | |
| }; | |
| /* Inherit from base class */ | |
| exports.policies[name].prototype = exports.policies[base].instance; | |
| /* Instantiate */ | |
| exports.policies[name].instance = new exports.policies[name](); | |
| } | |
| /* Add some example policies. These would be in a separate file, probably. Perhaps more than one separate file. */ | |
| add_policy("default", "Policy", function() { | |
| this.requirepath.allow(".", "/usr/local/gpsee/libexec"); | |
| }); | |
| add_policy("narwhal", "default", function() { | |
| this.requirepath.allow("/usr/local/narwhal/engines/gpsee", "/usr/local/narwhal/lib"); | |
| }); | |
| add_policy("Some Narwhal Proggy", "narwhal", function() { | |
| this.requirepath.allow("/usr/local/lib/somenarwhalproggy"); | |
| this.filejail = '/usr/local/share/somenarwhalproggy'; | |
| }); | |
| /* A dump function, for demonstration purposes */ | |
| function dump(subject, dent_string) { | |
| var emit = print; | |
| function dump_internal(crud, dent) { | |
| if ('function' == typeof crud) | |
| emit(dent+crud.toString().split('\n').join('\n'+dent)); | |
| if ('object' == typeof crud || 'function' == typeof crud) { | |
| if (crud instanceof Array) | |
| for (var i=0, l=crud.length; i<l; i++) | |
| dump(crud[i], dent+' '); | |
| else | |
| for (var key in crud) | |
| if (key != 'prototype' && crud.hasOwnProperty(key)) { | |
| emit(dent+key+':'); | |
| dump(crud[key], dent+' '); | |
| } | |
| } | |
| else emit(dent+crud); | |
| } | |
| dump_internal(subject, 'string' == typeof dent_string ? dent_string : ''); | |
| } | |
| /* Demonstrate */ | |
| dump(exports); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment