csource: use sandbox only when required

author: Andrey Konovalov <andreyknvl@google.com> 2017-05-18 17:03:02 +0200
committer: Andrey Konovalov <andreyknvl@google.com> 2017-06-12 19:48:23 +0200
commit: 73a895df6168bc12559d1fa16aae7e52646d7ec3 (patch)
tree: 3a1dc5c7395bbac98dc3f7f82360097f9e72011f /csource
parent: 1bdb387c18a852e75aef0b3c4ddb0481f90d66bd (diff)
3 files changed, 35 insertions, 10 deletions
diff --git a/csource/common.go b/csource/common.go
index 3ac10334d..74f4aba35 100644
--- a/csource/common.go
+++ b/csource/common.go
@@ -1556,6 +1556,7 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a
 	}
 }
 
+#if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NONE) || defined(SYZ_SANDBOX_SETUID) || defined(SYZ_SANDBOX_NAMESPACE)
 static void loop();
 
 static void sandbox_common()
@@ -1578,6 +1579,7 @@ static void sandbox_common()
 	unshare(CLONE_NEWIPC);
 	unshare(CLONE_IO);
 }
+#endif
 
 #if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NONE)
 static int do_sandbox_none(int executor_pid, bool enable_tun)
diff --git a/csource/csource.go b/csource/csource.go
index 8faae8e5e..603cb37f5 100644
--- a/csource/csource.go
+++ b/csource/csource.go
@@ -86,9 +86,16 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) {
 		if opts.UseTmpDir {
 			fmt.Fprintf(w, "\tuse_temporary_dir();\n")
 		}
-		fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun)
-		fmt.Fprint(w, "\tint status = 0;\n")
-		fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n")
+		if opts.Sandbox != "" {
+			fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun)
+			fmt.Fprint(w, "\tint status = 0;\n")
+			fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n")
+		} else {
+			if opts.EnableTun {
+				fmt.Fprintf(w, "\tsetup_tun(0, %v);\n", opts.EnableTun)
+			}
+			fmt.Fprint(w, "\tloop();\n")
+		}
 		fmt.Fprint(w, "\treturn 0;\n}\n")
 	} else {
 		generateTestFunc(w, opts, calls, "test")
@@ -100,9 +107,16 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) {
 			if opts.UseTmpDir {
 				fmt.Fprintf(w, "\tuse_temporary_dir();\n")
 			}
-			fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun)
-			fmt.Fprint(w, "\tint status = 0;\n")
-			fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n")
+			if opts.Sandbox != "" {
+				fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun)
+				fmt.Fprint(w, "\tint status = 0;\n")
+				fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n")
+			} else {
+				if opts.EnableTun {
+					fmt.Fprintf(w, "\tsetup_tun(0, %v);\n", opts.EnableTun)
+				}
+				fmt.Fprint(w, "\tloop();\n")
+			}
 			fmt.Fprint(w, "\treturn 0;\n}\n")
 		} else {
 			fmt.Fprint(w, "int main()\n{\n")
@@ -115,9 +129,16 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) {
 			if opts.UseTmpDir {
 				fmt.Fprintf(w, "\t\t\tuse_temporary_dir();\n")
 			}
-			fmt.Fprintf(w, "\t\t\tint pid = do_sandbox_%v(i, %v);\n", opts.Sandbox, opts.EnableTun)
-			fmt.Fprint(w, "\t\t\tint status = 0;\n")
-			fmt.Fprint(w, "\t\t\twhile (waitpid(pid, &status, __WALL) != pid) {}\n")
+			if opts.Sandbox != "" {
+				fmt.Fprintf(w, "\t\t\tint pid = do_sandbox_%v(i, %v);\n", opts.Sandbox, opts.EnableTun)
+				fmt.Fprint(w, "\t\t\tint status = 0;\n")
+				fmt.Fprint(w, "\t\t\twhile (waitpid(pid, &status, __WALL) != pid) {}\n")
+			} else {
+				if opts.EnableTun {
+					fmt.Fprintf(w, "\t\t\tsetup_tun(i, %v);\n", opts.EnableTun)
+				}
+				fmt.Fprint(w, "\t\t\tloop();\n")
+			}
 			fmt.Fprint(w, "\t\t\treturn 0;\n")
 			fmt.Fprint(w, "\t\t}\n")
 			fmt.Fprint(w, "\t}\n")
@@ -334,6 +355,8 @@ func preprocessCommonHeader(opts Options, handled map[string]int, useBitmasks bo
 		defines = append(defines, "SYZ_USE_BITMASKS")
 	}
 	switch opts.Sandbox {
+	case "":
+		// No sandbox, do nothing.
 	case "none":
 		defines = append(defines, "SYZ_SANDBOX_NONE")
 	case "setuid":
diff --git a/csource/csource_test.go b/csource/csource_test.go
index dbecec54c..ca39b162a 100644
--- a/csource/csource_test.go
+++ b/csource/csource_test.go
@@ -33,7 +33,7 @@ func allOptionsPermutations() []Options {
 		for _, opt.Collide = range []bool{false, true} {
 			for _, opt.Repeat = range []bool{false, true} {
 				for _, opt.Procs = range []int{1, 4} {
-					for _, opt.Sandbox = range []string{"none", "setuid", "namespace"} {
+					for _, opt.Sandbox = range []string{"", "none", "setuid", "namespace"} {
 						for _, opt.Repro = range []bool{false, true} {
 							for _, opt.Fault = range []bool{false, true} {
 								for _, opt.EnableTun = range []bool{false, true} {
author	Andrey Konovalov <andreyknvl@google.com>	2017-05-18 17:03:02 +0200
committer	Andrey Konovalov <andreyknvl@google.com>	2017-06-12 19:48:23 +0200
commit	73a895df6168bc12559d1fa16aae7e52646d7ec3 (patch)
tree	3a1dc5c7395bbac98dc3f7f82360097f9e72011f /csource
parent	1bdb387c18a852e75aef0b3c4ddb0481f90d66bd (diff)