tor  master
sandbox.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2017, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
12 #ifndef SANDBOX_H_
13 #define SANDBOX_H_
14 
15 #include "orconfig.h"
16 #include "torint.h"
17 
18 #ifndef SYS_SECCOMP
19 
24 #define SYS_SECCOMP 1
25 
26 #endif /* !defined(SYS_SECCOMP) */
27 
28 #if defined(HAVE_SECCOMP_H) && defined(__linux__)
29 #define USE_LIBSECCOMP
30 #endif
31 
32 struct sandbox_cfg_elem;
33 
35 typedef struct sandbox_cfg_elem sandbox_cfg_t;
36 
40 #ifdef USE_LIBSECCOMP
41 
42 #include <sys/ucontext.h>
43 #include <seccomp.h>
44 #include <netdb.h>
45 
46 #define PARAM_PTR 0
47 #define PARAM_NUM 1
48 
52 typedef enum {
54  LIBSECCOMP2 = 0
55 } SB_IMPL;
56 
61 typedef struct smp_param {
63  int syscall;
64 
66  char *value;
68  char *value2;
69 
71  int prot;
72 } smp_param_t;
73 
80 struct sandbox_cfg_elem {
82  SB_IMPL implem;
83 
85  smp_param_t *param;
86 
88  struct sandbox_cfg_elem *next;
89 };
90 
92 typedef int (*sandbox_filter_func_t)(scmp_filter_ctx ctx,
93  sandbox_cfg_t *filter);
94 
96 typedef struct {
98  sandbox_filter_func_t *filter_func;
99 
101  sandbox_cfg_t *filter_dynamic;
102 } sandbox_t;
103 
104 #endif /* defined(USE_LIBSECCOMP) */
105 
106 #ifdef USE_LIBSECCOMP
107 
108 int sandbox_add_addrinfo(const char *addr);
109 
110 struct addrinfo;
112 int sandbox_getaddrinfo(const char *name, const char *servname,
113  const struct addrinfo *hints,
114  struct addrinfo **res);
115 void sandbox_freeaddrinfo(struct addrinfo *addrinfo);
116 void sandbox_free_getaddrinfo_cache(void);
117 #else /* !(defined(USE_LIBSECCOMP)) */
118 #define sandbox_getaddrinfo(name, servname, hints, res) \
119  getaddrinfo((name),(servname), (hints),(res))
120 #define sandbox_add_addrinfo(name) \
121  ((void)(name))
122 #define sandbox_freeaddrinfo(addrinfo) \
123  freeaddrinfo((addrinfo))
124 #define sandbox_free_getaddrinfo_cache()
125 #endif /* defined(USE_LIBSECCOMP) */
126 
127 #ifdef USE_LIBSECCOMP
128 
131 const char* sandbox_intern_string(const char *param);
132 #else /* !(defined(USE_LIBSECCOMP)) */
133 #define sandbox_intern_string(s) (s)
134 #endif /* defined(USE_LIBSECCOMP) */
135 
137 sandbox_cfg_t * sandbox_cfg_new(void);
138 
144 int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
145 
146 int sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file);
147 int sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file);
148 
149 /* DOCDOC */
150 int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
151 
157 int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file);
158 
163 int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file);
164 
166 int sandbox_init(sandbox_cfg_t* cfg);
167 
169 int sandbox_is_active(void);
170 
171 void sandbox_disable_getaddrinfo_cache(void);
172 
173 #endif /* !defined(SANDBOX_H_) */
174 
sandbox_cfg_t
struct sandbox_cfg_elem sandbox_cfg_t
Definition: sandbox.h:35
sandbox_is_active
int sandbox_is_active(void)
Definition: sandbox.c:1967
sandbox_cfg_allow_stat_filename
int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
Definition: sandbox.c:1939
sandbox_init
int sandbox_init(sandbox_cfg_t *cfg)
Definition: sandbox.c:1901
sandbox_cfg_allow_open_filename
int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
Definition: sandbox.c:1925
torint.h
Header file to define uint32_t and friends.
sandbox_cfg_allow_openat_filename
int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
Definition: sandbox.c:1932
sandbox_getaddrinfo
#define sandbox_getaddrinfo(name, servname, hints, res)
Definition: sandbox.h:118
sandbox_cfg_new
sandbox_cfg_t * sandbox_cfg_new(void)
Definition: sandbox.c:1895
Generated by   doxygen 1.8.13