diff --git a/src/nvim/edit.c b/src/nvim/edit.c index c0bd8cc8fd..fcbbc8ab7f 100644 --- a/src/nvim/edit.c +++ b/src/nvim/edit.c @@ -268,13 +268,11 @@ edit ( // set Insstart_orig to Insstart update_Insstart_orig = true; -#ifdef HAVE_SANDBOX - /* Don't allow inserting in the sandbox. */ + // Don't allow inserting in the sandbox. if (sandbox != 0) { EMSG(_(e_sandbox)); return FALSE; } -#endif /* Don't allow changes in the buffer while editing the cmdline. The * caller of getcmdline() may get confused. */ if (textlock != 0) { diff --git a/src/nvim/ex_cmds.c b/src/nvim/ex_cmds.c index 3dde055c2a..2d6ef5ef17 100644 --- a/src/nvim/ex_cmds.c +++ b/src/nvim/ex_cmds.c @@ -3396,16 +3396,13 @@ int check_secure(void) EMSG(_(e_curdir)); return TRUE; } -#ifdef HAVE_SANDBOX - /* - * In the sandbox more things are not allowed, including the things - * disallowed in secure mode. - */ + + // In the sandbox more things are not allowed, including the things + // disallowed in secure mode. if (sandbox != 0) { EMSG(_(e_sandbox)); return TRUE; } -#endif return FALSE; } diff --git a/src/nvim/ex_docmd.c b/src/nvim/ex_docmd.c index 22ffd67fdd..e1835a9b78 100644 --- a/src/nvim/ex_docmd.c +++ b/src/nvim/ex_docmd.c @@ -1093,9 +1093,7 @@ static char_u * do_one_cmd(char_u **cmdlinep, int save_msg_scroll = msg_scroll; int save_msg_silent = -1; int did_esilent = 0; -#ifdef HAVE_SANDBOX int did_sandbox = FALSE; -#endif cmdmod_T save_cmdmod; int ni; /* set when Not Implemented */ @@ -1240,11 +1238,9 @@ static char_u * do_one_cmd(char_u **cmdlinep, continue; case 's': if (checkforcmd(&ea.cmd, "sandbox", 3)) { -#ifdef HAVE_SANDBOX if (!did_sandbox) ++sandbox; did_sandbox = TRUE; -#endif continue; } if (!checkforcmd(&ea.cmd, "silent", 3)) @@ -1509,13 +1505,11 @@ static char_u * do_one_cmd(char_u **cmdlinep, } if (!ea.skip) { -#ifdef HAVE_SANDBOX if (sandbox != 0 && !(ea.argt & SBOXOK)) { /* Command not allowed in sandbox. */ errormsg = (char_u *)_(e_sandbox); goto doend; } -#endif if (!curbuf->b_p_ma && (ea.argt & MODIFY)) { /* Command not allowed in non-'modifiable' buffer */ errormsg = (char_u *)_(e_modifiable); @@ -1983,10 +1977,8 @@ doend: msg_col = 0; } -#ifdef HAVE_SANDBOX if (did_sandbox) --sandbox; -#endif if (ea.nextcmd && *ea.nextcmd == NUL) /* not really a next command */ ea.nextcmd = NULL; diff --git a/src/nvim/globals.h b/src/nvim/globals.h index c0d5217fc2..192e52b1a3 100644 --- a/src/nvim/globals.h +++ b/src/nvim/globals.h @@ -622,7 +622,6 @@ EXTERN int allbuf_lock INIT(= 0); * changed, no buffer can be deleted and * current directory can't be changed. * Used for SwapExists et al. */ -# define HAVE_SANDBOX EXTERN int sandbox INIT(= 0); /* Non-zero when evaluating an expression in a * "sandbox". Several things are not allowed @@ -1180,9 +1179,7 @@ EXTERN char_u e_readonlyvar[] INIT(= N_( EXTERN char_u e_readonlysbx[] INIT(= N_( "E794: Cannot set variable in the sandbox: \"%s\"")); EXTERN char_u e_readerrf[] INIT(= N_("E47: Error while reading errorfile")); -#ifdef HAVE_SANDBOX EXTERN char_u e_sandbox[] INIT(= N_("E48: Not allowed in sandbox")); -#endif EXTERN char_u e_secure[] INIT(= N_("E523: Not allowed here")); EXTERN char_u e_screenmode[] INIT(= N_( "E359: Screen mode setting not supported")); diff --git a/src/nvim/option.c b/src/nvim/option.c index d52b9ebf7a..9571398ed1 100644 --- a/src/nvim/option.c +++ b/src/nvim/option.c @@ -2525,13 +2525,11 @@ do_set ( goto skip; } -#ifdef HAVE_SANDBOX /* Disallow changing some options in the sandbox */ if (sandbox != 0 && (flags & P_SECURE)) { errmsg = (char_u *)_(e_sandbox); goto skip; } -#endif if (vim_strchr((char_u *)"?=:!&<", nextchar) != NULL) { arg += len; @@ -3066,9 +3064,7 @@ did_set_option ( * flag. */ uint32_t *p = insecure_flag(opt_idx, opt_flags); if (secure -#ifdef HAVE_SANDBOX || sandbox != 0 -#endif || (opt_flags & OPT_MODELINE)) *p = *p | P_INSECURE; else if (new_value) @@ -3577,11 +3573,8 @@ did_set_string_option ( gvarp = (char_u **)get_varp_scope(&(options[opt_idx]), OPT_GLOBAL); /* Disallow changing some options from secure mode */ - if ((secure -#ifdef HAVE_SANDBOX - || sandbox != 0 -#endif - ) && (options[opt_idx].flags & P_SECURE)) { + if ((secure || sandbox != 0) + && (options[opt_idx].flags & P_SECURE)) { errmsg = e_secure; } /* Check for a "normal" file name in some options. Disallow a path @@ -4697,12 +4690,10 @@ set_bool_option ( int old_value = *(int *)varp; /* Disallow changing some options from secure mode */ - if ((secure -#ifdef HAVE_SANDBOX - || sandbox != 0 -#endif - ) && (options[opt_idx].flags & P_SECURE)) + if ((secure || sandbox != 0) + && (options[opt_idx].flags & P_SECURE)) { return e_secure; + } *(int *)varp = value; /* set the new value */ /* Remember where the option was set. */ @@ -5064,12 +5055,10 @@ set_num_option ( long *pp = (long *)varp; /* Disallow changing some options from secure mode. */ - if ((secure -#ifdef HAVE_SANDBOX - || sandbox != 0 -#endif - ) && (options[opt_idx].flags & P_SECURE)) + if ((secure || sandbox != 0) + && (options[opt_idx].flags & P_SECURE)) { return e_secure; + } *pp = value; /* Remember where the option was set. */ @@ -5755,13 +5744,11 @@ set_option_value ( EMSG2(_("E355: Unknown option: %s"), name); else { uint32_t flags = options[opt_idx].flags; -#ifdef HAVE_SANDBOX - /* Disallow changing some options in the sandbox */ + // Disallow changing some options in the sandbox if (sandbox > 0 && (flags & P_SECURE)) { EMSG(_(e_sandbox)); return NULL; } -#endif if (flags & P_STRING) return set_string_option(opt_idx, string, opt_flags); else { diff --git a/src/nvim/os_unix.c b/src/nvim/os_unix.c index 87ef1220e7..5d8b4ad26a 100644 --- a/src/nvim/os_unix.c +++ b/src/nvim/os_unix.c @@ -317,11 +317,10 @@ int mch_expand_wildcards(int num_pat, char_u **pat, int *num_file, return OK; } -# ifdef HAVE_SANDBOX - /* Don't allow any shell command in the sandbox. */ - if (sandbox != 0 && check_secure()) + // Don't allow any shell command in the sandbox. + if (sandbox != 0 && check_secure()) { return FAIL; -# endif + } /* * Don't allow the use of backticks in secure and restricted mode. diff --git a/src/nvim/tag.c b/src/nvim/tag.c index 44c653c852..9e6a65cef3 100644 --- a/src/nvim/tag.c +++ b/src/nvim/tag.c @@ -2416,9 +2416,7 @@ jumpto_tag ( save_secure = secure; secure = 1; -#ifdef HAVE_SANDBOX ++sandbox; -#endif save_magic = p_magic; p_magic = FALSE; /* always execute with 'nomagic' */ /* Save value of no_hlsearch, jumping to a tag is not a real search */ @@ -2525,9 +2523,7 @@ jumpto_tag ( wait_return(TRUE); secure = save_secure; p_magic = save_magic; -#ifdef HAVE_SANDBOX --sandbox; -#endif /* restore no_hlsearch when keeping the old search pattern */ if (search_options) { SET_NO_HLSEARCH(save_no_hlsearch); diff --git a/src/nvim/undo.c b/src/nvim/undo.c index 4d84c69158..2c287e0fdf 100644 --- a/src/nvim/undo.c +++ b/src/nvim/undo.c @@ -295,13 +295,11 @@ int undo_allowed(void) return FALSE; } -#ifdef HAVE_SANDBOX - /* In the sandbox it's not allowed to change the text. */ + // In the sandbox it's not allowed to change the text. if (sandbox != 0) { EMSG(_(e_sandbox)); return FALSE; } -#endif /* Don't allow changes in the buffer while editing the cmdline. The * caller of getcmdline() may get confused. */