3 files changed, 98 insertions, 15 deletions

diff --git a/src/common/address.c b/src/common/address.c
index f9647b9a90..945e5e79bd 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -235,7 +235,7 @@ tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr)
     memset(&hints, 0, sizeof(hints));
     hints.ai_family = family;
     hints.ai_socktype = SOCK_STREAM;
-    err = sandbox_getaddrinfo(name, &hints, &res);
+    err = sandbox_getaddrinfo(name, NULL, &hints, &res);
     if (!err) {
       best = NULL;
       for (res_p = res; res_p; res_p = res_p->ai_next) {
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index a5bc892973..0eb27bc510 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -26,10 +26,6 @@
 #include "util.h"
 #include "tor_queue.h"
 
-#if defined(HAVE_SECCOMP_H) && defined(__linux__)
-#define USE_LIBSECCOMP
-#endif
-
 #define DEBUGGING_CLOSE
 
 #if defined(USE_LIBSECCOMP)
@@ -1083,11 +1079,15 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
 }
 
 int
-sandbox_getaddrinfo(const char *name, const struct addrinfo *hints,
-    struct addrinfo **res)
+sandbox_getaddrinfo(const char *name, const char *servname,
+                    const struct addrinfo *hints,
+                    struct addrinfo **res)
 {
   sb_addr_info_t *el;
 
+  if (servname != NULL)
+    return -1;
+
   *res = NULL;
 
   for (el = sb_addr_info; el; el = el->next) {
@@ -1386,21 +1386,24 @@ sandbox_cfg_new(void)
 }
 
 int
-sandbox_init(sandbox_cfg_t* cfg)
+sandbox_init(sandbox_cfg_t *cfg)
 {
 #if defined(USE_LIBSECCOMP)
   return initialise_libseccomp_sandbox(cfg);
 
 #elif defined(_WIN32)
+  (void)cfg;
   log_warn(LD_BUG,"Windows sandboxing is not implemented. The feature is "
       "currently disabled.");
   return 0;
 
 #elif defined(TARGET_OS_MAC)
+  (void)cfg;
   log_warn(LD_BUG,"Mac OSX sandboxing is not implemented. The feature is "
       "currently disabled");
   return 0;
 #else
+  (void)cfg;
   log_warn(LD_BUG,"Sandboxing is not implemented for your platform. The "
       "feature is currently disabled");
   return 0;
@@ -1417,3 +1420,63 @@ sandbox_set_debugging_fd(int fd)
 #endif
 }
 
+#ifndef USE_LIBSECCOMP
+int
+sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file,
+                                int fr)
+{
+  (void)cfg; (void)file; (void)fr;
+  return 0;
+}
+
+int
+sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...)
+{
+  (void)cfg;
+  return 0;
+}
+
+int
+sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file,
+                                  int fr)
+{
+  (void)cfg; (void)file; (void)fr;
+  return 0;
+}
+
+int
+sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
+{
+  (void)cfg;
+  return 0;
+}
+
+int
+sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
+{
+  (void)cfg; (void)com;
+  return 0;
+}
+
+int
+sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
+{
+  (void)cfg;
+  return 0;
+}
+
+int
+sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file,
+                                int fr)
+{
+  (void)cfg; (void)file; (void)fr;
+  return 0;
+}
+
+int
+sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...)
+{
+  (void)cfg;
+  return 0;
+}
+#endif
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index a1434cea92..07c34a4fd8 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -12,6 +12,9 @@
 #ifndef SANDBOX_H_
 #define SANDBOX_H_
 
+#include "orconfig.h"
+#include "torint.h"
+
 #ifndef SYS_SECCOMP
 
 /**
@@ -22,12 +25,15 @@
 
 #endif
 
-#include "torint.h"
+#if defined(HAVE_SECCOMP_H) && defined(__linux__)
+#define USE_LIBSECCOMP
+#endif
+
 
 /**
  * Linux definitions
  */
-#ifdef __linux__
+#ifdef USE_LIBSECCOMP
 
 #ifndef __USE_GNU
 #define __USE_GNU
@@ -80,8 +86,6 @@ struct sandbox_cfg_elem {
   /** Next element of the configuration*/
   struct sandbox_cfg_elem *next;
 };
-/** Typedef to structure used to manage a sandbox configuration. */
-typedef struct sandbox_cfg_elem sandbox_cfg_t;
 
 /**
  * Structure used for keeping a linked list of getaddrinfo pre-recorded
@@ -127,22 +131,38 @@ typedef struct {
 
 #endif
 
-#endif // __linux__
+#endif // USE_LIBSECCOMP
+
+/** Typedef to structure used to manage a sandbox configuration. */
+typedef struct sandbox_cfg_elem sandbox_cfg_t;
 
+#ifdef USE_LIBSECCOMP
 /** Pre-calls getaddrinfo in order to pre-record result. */
 int sandbox_add_addrinfo(const char *addr);
 
+struct addrinfo;
 /** Replacement for getaddrinfo(), using pre-recorded results. */
-int sandbox_getaddrinfo(const char *name, const struct addrinfo *hints,
-    struct addrinfo **res);
+int sandbox_getaddrinfo(const char *name, const char *servname,
+                        const struct addrinfo *hints,
+                        struct addrinfo **res);
+#else
+#define sandbox_getaddrinfo(name, servname, hints, res)  \
+  getaddrinfo((name),(servname), (hints),(res))
+#define sandbox_add_addrinfo(name) \
+  ((void)(name))
+#endif
 
 /** Use <b>fd</b> to log non-survivable sandbox violations. */
 void sandbox_set_debugging_fd(int fd);
 
+#ifdef USE_LIBSECCOMP
 /** Returns a registered protected string used with the sandbox, given that
  * it matches the parameter.
  */
 const char* sandbox_intern_string(const char *param);
+#else
+#define sandbox_intern_string(s) (s)
+#endif
 
 /** Creates an empty sandbox configuration file.*/
 sandbox_cfg_t * sandbox_cfg_new(void);