executor: refactor sandbox flags

In preparation for future changes.

2 files changed, 22 insertions, 34 deletions

diff --git a/executor/common_linux.h b/executor/common_linux.h
index 4c8e79c4e..cc5c58950 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -1912,9 +1912,7 @@ static void reset_ebtables()
 static void checkpoint_net_namespace(void)
 {
 #if SYZ_EXECUTOR
-	if (!flag_net_reset)
-		return;
-	if (flag_sandbox == sandbox_setuid)
+	if (!flag_net_reset || flag_sandbox_setuid)
 		return;
 #endif
 	checkpoint_ebtables();
@@ -1926,9 +1924,7 @@ static void checkpoint_net_namespace(void)
 static void reset_net_namespace(void)
 {
 #if SYZ_EXECUTOR
-	if (!flag_net_reset)
-		return;
-	if (flag_sandbox == sandbox_setuid)
+	if (!flag_net_reset || flag_sandbox_setuid)
 		return;
 #endif
 	reset_ebtables();
@@ -2539,8 +2535,8 @@ static void syz_setfilecon(const char* path, const char* context)
 		fail("setfilecon: could not set context to %s, currently %s", context, new_context);
 }
 
-#define SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP 1
-static int do_sandbox_android_untrusted_app(void)
+#define SYZ_HAVE_SANDBOX_ANDROID 1
+static int do_sandbox_android(void)
 {
 	setup_common();
 	sandbox_common();
@@ -2564,7 +2560,7 @@ static int do_sandbox_android_untrusted_app(void)
 	initialize_tun();
 #endif
 #if SYZ_EXECUTOR || SYZ_NET_DEVICES
-	// Note: sandbox_android_untrusted_app does not unshare net namespace.
+	// Note: sandbox_android does not unshare net namespace.
 	initialize_netdevices_init();
 	initialize_netdevices();
 #endif
diff --git a/executor/executor.cc b/executor/executor.cc
index a01893eb7..c8a4b8b2e 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -100,18 +100,14 @@ static uint32 hash(uint32 a);
 static bool dedup(uint32 sig);
 #endif
 
-enum sandbox_type {
-	sandbox_none,
-	sandbox_setuid,
-	sandbox_namespace,
-	sandbox_android_untrusted_app
-};
-
 uint64 start_time_ms = 0;
 
 static bool flag_debug;
 static bool flag_coverage;
-static sandbox_type flag_sandbox;
+static bool flag_sandbox_none;
+static bool flag_sandbox_setuid;
+static bool flag_sandbox_namespace;
+static bool flag_sandbox_android;
 static bool flag_extra_coverage;
 static bool flag_net_injection;
 static bool flag_net_devices;
@@ -408,28 +404,23 @@ int main(int argc, char** argv)
 	}
 
 	int status = 0;
-	switch (flag_sandbox) {
-	case sandbox_none:
+	if (flag_sandbox_none)
 		status = do_sandbox_none();
-		break;
 #if SYZ_HAVE_SANDBOX_SETUID
-	case sandbox_setuid:
+	else if (flag_sandbox_setuid)
 		status = do_sandbox_setuid();
-		break;
 #endif
 #if SYZ_HAVE_SANDBOX_NAMESPACE
-	case sandbox_namespace:
+	else if (flag_sandbox_namespace)
 		status = do_sandbox_namespace();
-		break;
 #endif
-#if SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP
-	case sandbox_android_untrusted_app:
-		status = do_sandbox_android_untrusted_app();
-		break;
+#if SYZ_HAVE_SANDBOX_ANDROID
+	else if (flag_sandbox_android)
+		status = do_sandbox_android();
 #endif
-	default:
+	else
 		fail("unknown sandbox type");
-	}
+
 #if SYZ_EXECUTOR_USES_FORK_SERVER
 	fprintf(stderr, "loop exited with status %d\n", status);
 	// Other statuses happen when fuzzer processes manages to kill loop, e.g. with:
@@ -469,13 +460,14 @@ void parse_env_flags(uint64 flags)
 	// Note: Values correspond to ordering in pkg/ipc/ipc.go, e.g. FlagSandboxNamespace
 	flag_debug = flags & (1 << 0);
 	flag_coverage = flags & (1 << 1);
-	flag_sandbox = sandbox_none;
 	if (flags & (1 << 2))
-		flag_sandbox = sandbox_setuid;
+		flag_sandbox_setuid = true;
 	else if (flags & (1 << 3))
-		flag_sandbox = sandbox_namespace;
+		flag_sandbox_namespace = true;
 	else if (flags & (1 << 4))
-		flag_sandbox = sandbox_android_untrusted_app;
+		flag_sandbox_android = true;
+	else
+		flag_sandbox_none = true;
 	flag_extra_coverage = flags & (1 << 5);
 	flag_net_injection = flags & (1 << 6);
 	flag_net_devices = flags & (1 << 7);