From 6053fc586dcc39af6109cc7a781987f764d94f13 Mon Sep 17 00:00:00 2001
From: Kamil Jarosz <kjarosh256@gmail.com>
Date: Sun, 1 Sep 2024 21:31:47 +0200
Subject: [PATCH] core: Move SandboxType from avm1 to sandbox module

---
 core/src/avm1/globals/system.rs               | 21 +--------------
 core/src/avm1/globals/system_security.rs      |  8 +++++-
 .../src/avm2/globals/flash/system/security.rs |  8 +++++-
 core/src/lib.rs                               |  2 +-
 core/src/player.rs                            |  2 +-
 core/src/sandbox.rs                           | 27 +++++++++++++++++++
 web/src/builder.rs                            |  4 +--
 7 files changed, 46 insertions(+), 26 deletions(-)
 create mode 100644 core/src/sandbox.rs

diff --git a/core/src/avm1/globals/system.rs b/core/src/avm1/globals/system.rs
index d1fda99a7..5211247f9 100644
--- a/core/src/avm1/globals/system.rs
+++ b/core/src/avm1/globals/system.rs
@@ -7,6 +7,7 @@ use crate::avm1::runtime::Avm1;
 use crate::avm1::{ScriptObject, TObject, Value};
 use crate::avm1_stub;
 use crate::context::{GcContext, UpdateContext};
+use crate::sandbox::SandboxType;
 use bitflags::bitflags;
 use core::fmt;
 
@@ -39,26 +40,6 @@ impl fmt::Display for CpuArchitecture {
     }
 }
 
-/// Available type of sandbox for a given SWF
-#[allow(dead_code)]
-pub enum SandboxType {
-    Remote,
-    LocalWithFile,
-    LocalWithNetwork,
-    LocalTrusted,
-}
-
-impl fmt::Display for SandboxType {
-    fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
-        fmt.write_str(match self {
-            SandboxType::Remote => "remote",
-            SandboxType::LocalWithFile => "localWithFile",
-            SandboxType::LocalWithNetwork => "localWithNetwork",
-            SandboxType::LocalTrusted => "localTrusted",
-        })
-    }
-}
-
 /// The available host operating systems
 #[allow(dead_code)]
 pub enum OperatingSystem {
diff --git a/core/src/avm1/globals/system_security.rs b/core/src/avm1/globals/system_security.rs
index a3387140b..b5bfb12fd 100644
--- a/core/src/avm1/globals/system_security.rs
+++ b/core/src/avm1/globals/system_security.rs
@@ -5,6 +5,7 @@ use crate::avm1::property_decl::{define_properties_on, Declaration};
 use crate::avm1::{ScriptObject, Value};
 use crate::avm1_stub;
 use crate::context::GcContext;
+use crate::sandbox::SandboxType;
 use crate::string::AvmString;
 
 const OBJECT_DECLS: &[Declaration] = declare_properties! {
@@ -60,7 +61,12 @@ fn get_sandbox_type<'gc>(
 ) -> Result<Value<'gc>, Error<'gc>> {
     Ok(AvmString::new_utf8(
         activation.context.gc_context,
-        activation.context.system.sandbox_type.to_string(),
+        match activation.context.system.sandbox_type {
+            SandboxType::Remote => "remote",
+            SandboxType::LocalWithFile => "localWithFile",
+            SandboxType::LocalWithNetwork => "localWithNetwork",
+            SandboxType::LocalTrusted => "localTrusted",
+        },
     )
     .into())
 }
diff --git a/core/src/avm2/globals/flash/system/security.rs b/core/src/avm2/globals/flash/system/security.rs
index 38f590b8c..f9b16c25e 100644
--- a/core/src/avm2/globals/flash/system/security.rs
+++ b/core/src/avm2/globals/flash/system/security.rs
@@ -5,6 +5,7 @@ use crate::avm2::object::Object;
 use crate::avm2::value::Value;
 use crate::avm2::Error;
 use crate::avm2_stub_method;
+use crate::sandbox::SandboxType;
 use crate::string::AvmString;
 use url::Url;
 
@@ -38,7 +39,12 @@ pub fn get_sandbox_type<'gc>(
     _this: Object<'gc>,
     _args: &[Value<'gc>],
 ) -> Result<Value<'gc>, Error<'gc>> {
-    let sandbox_type = activation.context.system.sandbox_type.to_string();
+    let sandbox_type = match activation.context.system.sandbox_type {
+        SandboxType::Remote => "remote",
+        SandboxType::LocalWithFile => "localWithFile",
+        SandboxType::LocalWithNetwork => "localWithNetwork",
+        SandboxType::LocalTrusted => "localTrusted",
+    };
     return Ok(AvmString::new_utf8(activation.context.gc_context, sandbox_type).into());
 }
 
diff --git a/core/src/lib.rs b/core/src/lib.rs
index 2a76613d5..bbdb0c803 100644
--- a/core/src/lib.rs
+++ b/core/src/lib.rs
@@ -43,6 +43,7 @@ mod net_connection;
 pub mod pixel_bender;
 mod player;
 mod prelude;
+pub mod sandbox;
 pub mod socket;
 mod streams;
 pub mod string;
@@ -61,7 +62,6 @@ pub mod external;
 pub mod i18n;
 pub mod stub;
 
-pub use avm1::globals::system::SandboxType;
 pub use context_menu::ContextMenuItem;
 pub use events::PlayerEvent;
 pub use font::DefaultFont;
diff --git a/core/src/player.rs b/core/src/player.rs
index ddbac26b5..b3cd7e8d6 100644
--- a/core/src/player.rs
+++ b/core/src/player.rs
@@ -1,4 +1,3 @@
-use crate::avm1::globals::system::SandboxType;
 use crate::avm1::Attribute;
 use crate::avm1::Avm1;
 use crate::avm1::Object;
@@ -42,6 +41,7 @@ use crate::local_connection::LocalConnections;
 use crate::locale::get_current_date_time;
 use crate::net_connection::NetConnections;
 use crate::prelude::*;
+use crate::sandbox::SandboxType;
 use crate::socket::Sockets;
 use crate::streams::StreamManager;
 use crate::string::{AvmString, AvmStringInterner};
diff --git a/core/src/sandbox.rs b/core/src/sandbox.rs
new file mode 100644
index 000000000..e4dbeed77
--- /dev/null
+++ b/core/src/sandbox.rs
@@ -0,0 +1,27 @@
+//! Security Sandbox implementation, see
+//! https://help.adobe.com/en_US/as3/dev/WS5b3ccc516d4fbf351e63e3d118a9b90204-7e3f.html
+
+/// Type of sandbox that defines what a movie can access
+/// and how movies interact with each other.
+///
+/// Note: sandbox type is defined *per SWF*.
+pub enum SandboxType {
+    /// The movie originates from a remote URL.
+    ///
+    /// In this case domain-based sandbox rules are used,
+    /// no filesystem access.
+    Remote,
+
+    /// The movie is a local movie with filesystem access.
+    ///
+    /// This implies no network access.
+    LocalWithFile,
+
+    /// The movie is a local movie with network access.
+    ///
+    /// This implies no filesystem access.
+    LocalWithNetwork,
+
+    /// The movie is a trusted local movie with access to both filesystem and network.
+    LocalTrusted,
+}
diff --git a/web/src/builder.rs b/web/src/builder.rs
index a4389f870..b276382de 100644
--- a/web/src/builder.rs
+++ b/web/src/builder.rs
@@ -11,9 +11,9 @@ use ruffle_core::backend::storage::{MemoryStorageBackend, StorageBackend};
 use ruffle_core::backend::ui::FontDefinition;
 use ruffle_core::compatibility_rules::CompatibilityRules;
 use ruffle_core::config::{Letterbox, NetworkingAccessMode};
+use ruffle_core::sandbox::SandboxType;
 use ruffle_core::{
-    swf, Color, DefaultFont, Player, PlayerBuilder, PlayerRuntime, SandboxType, StageAlign,
-    StageScaleMode,
+    swf, Color, DefaultFont, Player, PlayerBuilder, PlayerRuntime, StageAlign, StageScaleMode,
 };
 use ruffle_render::backend::RenderBackend;
 use ruffle_render::quality::StageQuality;