sandbox: allow access to cookie files, approved-routers

fixes part of 12064

1 files changed, 11 insertions, 0 deletions

diff --git a/src/or/main.c b/src/or/main.c
index 8e241d407b..ba462dcc49 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2838,6 +2838,16 @@ sandbox_init_filter(void)
     smartlist_free(logfiles);
   }
 
+  {
+    char *fname;
+    if ((fname = get_controller_cookie_file_name())) {
+      sandbox_cfg_allow_open_filename(&cfg, fname);
+    }
+    if ((fname = get_ext_or_auth_cookie_file_name())) {
+      sandbox_cfg_allow_open_filename(&cfg, fname);
+    }
+  }
+
   // orport
   if (server_mode(get_options())) {
     sandbox_cfg_allow_open_filename_array(&cfg,
@@ -2862,6 +2872,7 @@ sandbox_init_filter(void)
         get_datadir_fname2("stats", "buffer-stats.tmp"),
         get_datadir_fname2("stats", "conn-stats"),
         get_datadir_fname2("stats", "conn-stats.tmp"),
+        get_datadir_fname("approved-routers"),
         get_datadir_fname("fingerprint"),
         get_datadir_fname("fingerprint.tmp"),
         get_datadir_fname("hashed-fingerprint"),