Add support for restricting access based on restricted execution mode.

Renamed the 'readonly' field to 'flags' and defined some new flag
bits: READ_RESTRICTED and WRITE_RESTRICTED, as well as a shortcut
RESTRICTED that means both.

1 files changed, 16 insertions, 5 deletions

diff --git a/Python/structmember.c b/Python/structmember.c
index e155a6b..ed34783 100644
--- a/Python/structmember.c
+++ b/Python/structmember.c
@@ -38,6 +38,12 @@ PyMember_Get(char *addr, struct memberlist *mlist, char *name)
 	for (l = mlist; l->name != NULL; l++) {
 		if (strcmp(l->name, name) == 0) {
 			PyObject *v;
+			if ((l->flags & READ_RESTRICTED) &&
+			    PyEval_GetRestricted()) {
+				PyErr_SetString(PyExc_RuntimeError,
+						"restricted attribute");
+				return NULL;
+			}
 			addr += l->offset;
 			switch (l->type) {
 			case T_BYTE:
@@ -133,17 +139,22 @@ PyMember_Set(char *addr, struct memberlist *mlist, char *name, PyObject *v)
 	
 	for (l = mlist; l->name != NULL; l++) {
 		if (strcmp(l->name, name) == 0) {
+			if ((l->flags & READONLY) || l->type == T_STRING
 #ifdef macintosh
-			if (l->readonly || l->type == T_STRING ||
-			    l->type == T_PSTRING)
+			    || l->type == T_PSTRING
+#endif
+				)
 			{
-#else
-			if (l->readonly || l->type == T_STRING ) {
-#endif /* macintosh */
 				PyErr_SetString(PyExc_TypeError,
 						"readonly attribute");
 				return -1;
 			}
+			if ((l->flags & WRITE_RESTRICTED) &&
+			    PyEval_GetRestricted()) {
+				PyErr_SetString(PyExc_RuntimeError,
+						"restricted attribute");
+				return -1;
+			}
 			if (v == NULL && l->type != T_OBJECT) {
 				PyErr_SetString(PyExc_TypeError,
 				  "can't delete numeric/char attribute");