sandbox: Correct fix for hs part of 12064

Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor

1 files changed, 20 insertions, 1 deletions

diff --git a/src/or/main.c b/src/or/main.c
index 4ac7781cdc..8b79c42734 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2833,7 +2833,6 @@ sandbox_init_filter(void)
   {
     smartlist_t *files = smartlist_new();
     tor_log_get_logfile_names(files);
-    rend_services_add_filenames_to_list(files);
     SMARTLIST_FOREACH(files, char *, file_name, {
       /* steals reference */
       sandbox_cfg_allow_open_filename(&cfg, file_name);
@@ -2842,6 +2841,26 @@ sandbox_init_filter(void)
   }
 
   {
+    smartlist_t *files = smartlist_new();
+    smartlist_t *dirs = smartlist_new();
+    rend_services_add_filenames_to_lists(files, dirs);
+    SMARTLIST_FOREACH(files, char *, file_name, {
+      char *tmp_name = NULL;
+      tor_asprintf(&tmp_name, "%s.tmp", file_name);
+      sandbox_cfg_allow_rename(&cfg,
+                               tor_strdup(tmp_name), tor_strdup(file_name));
+      /* steals references */
+      sandbox_cfg_allow_open_filename_array(&cfg, file_name, tmp_name, NULL);
+    });
+    SMARTLIST_FOREACH(dirs, char *, dir, {
+      /* steals reference */
+      sandbox_cfg_allow_stat_filename(&cfg, dir);
+    });
+    smartlist_free(files);
+    smartlist_free(dirs);
+  }
+
+  {
     char *fname;
     if ((fname = get_controller_cookie_file_name())) {
       sandbox_cfg_allow_open_filename(&cfg, fname);