summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-06-27 14:45:14 -0400
committerNick Mathewson <nickm@torproject.org>2018-06-27 14:45:14 -0400
commit21136037182f55b5aef3730853e65fa2c7ebd722 (patch)
treeb7c34c053994378170a4b080adcc1c77ccc51b40
parentb9b05e437d09c4d06b554d0484c7ae1a3aa1d647 (diff)
parent05040a9e84caab86fb66793a7604887d2aaaa2d9 (diff)
downloadtor-21136037182f55b5aef3730853e65fa2c7ebd722.tar.gz
tor-21136037182f55b5aef3730853e65fa2c7ebd722.zip
Merge branch 'sandbox_refactor'
-rw-r--r--.gitignore2
-rw-r--r--Makefile.am2
-rw-r--r--src/common/compat.c2
-rw-r--r--src/common/include.am3
-rw-r--r--src/common/storagedir.c2
-rw-r--r--src/common/util.c2
-rw-r--r--src/include.am1
-rw-r--r--src/lib/crypt_ops/.may_include1
-rw-r--r--src/lib/crypt_ops/crypto.c1
-rw-r--r--src/lib/crypt_ops/crypto_rand.c2
-rw-r--r--src/lib/sandbox/.may_include15
-rw-r--r--src/lib/sandbox/include.am18
-rw-r--r--src/lib/sandbox/linux_syscalls.inc (renamed from src/common/linux_syscalls.inc)0
-rw-r--r--src/lib/sandbox/sandbox.c (renamed from src/common/sandbox.c)12
-rw-r--r--src/lib/sandbox/sandbox.h (renamed from src/common/sandbox.h)0
-rw-r--r--src/or/config.c2
-rw-r--r--src/or/connection.c2
-rw-r--r--src/or/dns.c2
-rw-r--r--src/or/main.c2
-rw-r--r--src/or/routerlist.c2
-rw-r--r--src/or/routerparse.c2
-rw-r--r--src/or/statefile.c2
-rw-r--r--src/rust/build.rs1
-rw-r--r--src/test/test_options.c2
-rw-r--r--src/tools/tor-resolve.c2
25 files changed, 60 insertions, 22 deletions
diff --git a/.gitignore b/.gitignore
index 390859f5ea..13c5a67884 100644
--- a/.gitignore
+++ b/.gitignore
@@ -185,6 +185,8 @@ uptime-*.json
/src/lib/libtor-malloc-testing.a
/src/lib/libtor-net.a
/src/lib/libtor-net-testing.a
+/src/lib/libtor-sandbox.a
+/src/lib/libtor-sandbox-testing.a
/src/lib/libtor-string.a
/src/lib/libtor-string-testing.a
/src/lib/libtor-smartlist-core.a
diff --git a/Makefile.am b/Makefile.am
index c151d441cc..c10790c52c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -40,6 +40,7 @@ endif
# "Common" libraries used to link tor's utility code.
TOR_UTIL_LIBS = \
src/common/libor.a \
+ src/lib/libtor-sandbox.a \
src/lib/libtor-container.a \
src/lib/libtor-net.a \
src/lib/libtor-log.a \
@@ -57,6 +58,7 @@ TOR_UTIL_LIBS = \
# and tests)
TOR_UTIL_TESTING_LIBS = \
src/common/libor-testing.a \
+ src/lib/libtor-sandbox-testing.a \
src/lib/libtor-container-testing.a \
src/lib/libtor-net-testing.a \
src/lib/libtor-log-testing.a \
diff --git a/src/common/compat.c b/src/common/compat.c
index 9575ab0808..9cc0b4f040 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -129,7 +129,7 @@ SecureZeroMemory(PVOID ptr, SIZE_T cnt)
#include "lib/container/smartlist.h"
#include "lib/wallclock/tm_cvt.h"
#include "lib/net/address.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
/** As open(path, flags, mode), but return an fd with the close-on-exec mode
* set. */
diff --git a/src/common/include.am b/src/common/include.am
index 56666b87f2..c8be3658e9 100644
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -41,7 +41,6 @@ LIBOR_A_SRC = \
src/common/util.c \
src/common/util_format.c \
src/common/util_process.c \
- src/common/sandbox.c \
src/common/storagedir.c \
src/common/token_bucket.c \
src/common/workqueue.c \
@@ -84,9 +83,7 @@ COMMONHEADERS = \
src/common/confline.h \
src/common/handles.h \
src/common/memarea.h \
- src/common/linux_syscalls.inc \
src/common/procmon.h \
- src/common/sandbox.h \
src/common/storagedir.h \
src/common/timers.h \
src/common/token_bucket.h \
diff --git a/src/common/storagedir.c b/src/common/storagedir.c
index 10b2301274..0e0618d517 100644
--- a/src/common/storagedir.c
+++ b/src/common/storagedir.c
@@ -5,7 +5,7 @@
#include "common/compat.h"
#include "common/confline.h"
#include "common/memarea.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "common/storagedir.h"
#include "lib/log/torlog.h"
#include "common/util.h"
diff --git a/src/common/util.c b/src/common/util.c
index 25eba4b577..8334dd7ae0 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -21,7 +21,7 @@
#include "lib/container/smartlist.h"
#include "lib/fdio/fdio.h"
#include "lib/net/address.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "lib/err/backtrace.h"
#include "common/util_process.h"
#include "common/util_format.h"
diff --git a/src/include.am b/src/include.am
index b6ef3cf16c..54b6505e5c 100644
--- a/src/include.am
+++ b/src/include.am
@@ -13,6 +13,7 @@ include src/lib/lock/include.am
include src/lib/log/include.am
include src/lib/malloc/include.am
include src/lib/net/include.am
+include src/lib/sandbox/include.am
include src/lib/string/include.am
include src/lib/smartlist_core/include.am
include src/lib/testsupport/include.am
diff --git a/src/lib/crypt_ops/.may_include b/src/lib/crypt_ops/.may_include
index 8031bb9bcc..d05e86f720 100644
--- a/src/lib/crypt_ops/.may_include
+++ b/src/lib/crypt_ops/.may_include
@@ -7,6 +7,7 @@ lib/defs/*.h
lib/malloc/*.h
lib/err/*.h
lib/intmath/*.h
+lib/sandbox/*.h
lib/string/*.h
lib/testsupport/testsupport.h
lib/log/*.h
diff --git a/src/lib/crypt_ops/crypto.c b/src/lib/crypt_ops/crypto.c
index fcd6945c84..1935803979 100644
--- a/src/lib/crypt_ops/crypto.c
+++ b/src/lib/crypt_ops/crypto.c
@@ -67,7 +67,6 @@ ENABLE_GCC_WARNING(redundant-decls)
#include "lib/crypt_ops/aes.h"
#include "common/util.h"
#include "common/compat.h"
-#include "common/sandbox.h"
#include "common/util_format.h"
#include "keccak-tiny/keccak-tiny.h"
diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c
index bff32c7ec6..bf6a35ddbc 100644
--- a/src/lib/crypt_ops/crypto_rand.c
+++ b/src/lib/crypt_ops/crypto_rand.c
@@ -25,7 +25,7 @@
#include "common/compat.h"
#include "lib/crypt_ops/compat_openssl.h"
#include "lib/crypt_ops/crypto_util.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "lib/testsupport/testsupport.h"
#include "lib/log/torlog.h"
#include "common/util.h"
diff --git a/src/lib/sandbox/.may_include b/src/lib/sandbox/.may_include
new file mode 100644
index 0000000000..84906dfb3d
--- /dev/null
+++ b/src/lib/sandbox/.may_include
@@ -0,0 +1,15 @@
+orconfig.h
+
+lib/cc/*.h
+lib/container/*.h
+lib/err/*.h
+lib/log/*.h
+lib/malloc/*.h
+lib/net/*.h
+lib/sandbox/*.h
+lib/sandbox/*.inc
+lib/string/*.h
+
+ht.h
+siphash.h
+tor_queue.h
diff --git a/src/lib/sandbox/include.am b/src/lib/sandbox/include.am
new file mode 100644
index 0000000000..adfda6bde5
--- /dev/null
+++ b/src/lib/sandbox/include.am
@@ -0,0 +1,18 @@
+
+noinst_LIBRARIES += src/lib/libtor-sandbox.a
+
+if UNITTESTS_ENABLED
+noinst_LIBRARIES += src/lib/libtor-sandbox-testing.a
+endif
+
+src_lib_libtor_sandbox_a_SOURCES = \
+ src/lib/sandbox/sandbox.c
+
+src_lib_libtor_sandbox_testing_a_SOURCES = \
+ $(src_lib_libtor_sandbox_a_SOURCES)
+src_lib_libtor_sandbox_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_lib_libtor_sandbox_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+
+noinst_HEADERS += \
+ src/lib/sandbox/linux_syscalls.inc \
+ src/lib/sandbox/sandbox.h
diff --git a/src/common/linux_syscalls.inc b/src/lib/sandbox/linux_syscalls.inc
index cf47c73809..cf47c73809 100644
--- a/src/common/linux_syscalls.inc
+++ b/src/lib/sandbox/linux_syscalls.inc
diff --git a/src/common/sandbox.c b/src/lib/sandbox/sandbox.c
index 9842fd9831..e49cbd863a 100644
--- a/src/common/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -31,18 +31,19 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <errno.h>
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "lib/container/map.h"
#include "lib/err/torerr.h"
#include "lib/log/torlog.h"
#include "lib/cc/torint.h"
#include "lib/net/resolve.h"
-#include "common/util.h"
-#include "tor_queue.h"
+#include "lib/malloc/util_malloc.h"
+#include "lib/string/scanf.h"
+#include "tor_queue.h"
#include "ht.h"
-
#include "siphash.h"
#define DEBUGGING_CLOSE
@@ -1558,7 +1559,8 @@ install_syscall_filter(sandbox_cfg_t* cfg)
return (rc < 0 ? -rc : rc);
}
-#include "linux_syscalls.inc"
+#include "lib/sandbox/linux_syscalls.inc"
+
static const char *
get_syscall_name(int syscall_num)
{
diff --git a/src/common/sandbox.h b/src/lib/sandbox/sandbox.h
index 60d8e8816a..60d8e8816a 100644
--- a/src/common/sandbox.h
+++ b/src/lib/sandbox/sandbox.h
diff --git a/src/or/config.c b/src/or/config.c
index cc3cc3ec55..98f3ff77b0 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -98,7 +98,7 @@
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
diff --git a/src/or/connection.c b/src/or/connection.c
index e06e9c650a..01067e94f4 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -102,7 +102,7 @@
#include "or/routerlist.h"
#include "or/transports.h"
#include "or/routerparse.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#ifdef HAVE_PWD_H
#include <pwd.h>
diff --git a/src/or/dns.c b/src/or/dns.c
index 8d809d8c3c..ddb50d1964 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -63,7 +63,7 @@
#include "or/relay.h"
#include "or/router.h"
#include "ht.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "or/edge_connection_st.h"
#include "or/or_circuit_st.h"
diff --git a/src/or/main.c b/src/or/main.c
index c690fdd906..1c77cdfb56 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -111,7 +111,7 @@
#include "common/util_process.h"
#include "or/ext_orport.h"
#include "common/memarea.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include <event2/event.h>
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 66967f13f5..a86e29adb2 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -119,7 +119,7 @@
#include "or/routerlist.h"
#include "or/routerparse.h"
#include "or/routerset.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "or/torcert.h"
#include "or/dirauth/dirvote.h"
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 91475cd511..8f5113f041 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -74,7 +74,7 @@
#include "or/routerkeys.h"
#include "or/routerlist.h"
#include "or/routerparse.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "or/shared_random_client.h"
#include "or/torcert.h"
#include "or/voting_schedule.h"
diff --git a/src/or/statefile.c b/src/or/statefile.c
index 53a25e13f2..80c56b2d52 100644
--- a/src/or/statefile.c
+++ b/src/or/statefile.c
@@ -40,7 +40,7 @@
#include "or/main.h"
#include "or/rephist.h"
#include "or/router.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "or/statefile.h"
/** A list of state-file "abbreviations," for compatibility. */
diff --git a/src/rust/build.rs b/src/rust/build.rs
index 7d58786d6f..90f53bd235 100644
--- a/src/rust/build.rs
+++ b/src/rust/build.rs
@@ -151,6 +151,7 @@ pub fn main() {
// moving forward!
cfg.component("tor-crypt-ops-testing");
cfg.component("or-testing");
+ cfg.component("tor-sandbox");
cfg.component("tor-net");
cfg.component("tor-log");
cfg.component("tor-lock");
diff --git a/src/test/test_options.c b/src/test/test_options.c
index bf35e3c5be..6f31d97673 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -15,7 +15,7 @@
#include "or/main.h"
#include "test/log_test_helpers.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include "common/memarea.h"
#include "or/policies.h"
#include "test/test_helpers.h"
diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c
index a13de0b575..f307f6a912 100644
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@@ -8,7 +8,7 @@
#include "common/util.h"
#include "lib/net/address.h"
#include "lib/log/torlog.h"
-#include "common/sandbox.h"
+#include "lib/sandbox/sandbox.h"
#include <stdio.h>
#include <stdlib.h>