diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-09-17 11:39:04 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2018-09-17 11:39:04 +0200 |
| commit | 98f4a9612dd54429b3f92dccf631fdfa4f9018f3 (patch) | |
| tree | 673d1b4845d7a6de5b0a20c30a28d76c32356018 /pkg/csource | |
| parent | 0eca949a6c271b879d582e01c3d1d79dc704172c (diff) | |
executor: make sandboxes more modular
Currently we have a global fixed set of sandboxes,
which makes it hard to add new OS-specific ones
(all OSes need to updated to say that they don't
support this sandbox).
Let it each OS say what sandboxes it supports instead.
Diffstat (limited to 'pkg/csource')
| -rw-r--r-- | pkg/csource/generated.go | 39 |
1 files changed, 3 insertions, 36 deletions
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index 475982ae5..fd6bcc862 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -390,12 +390,6 @@ void child() } #endif -#if SYZ_EXECUTOR -#define do_sandbox_setuid() 0 -#define do_sandbox_namespace() 0 -#define do_sandbox_android_untrusted_app() 0 -#endif - #elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd #include <unistd.h> @@ -409,12 +403,6 @@ static int do_sandbox_none(void) } #endif -#if SYZ_EXECUTOR -#define do_sandbox_setuid() 0 -#define do_sandbox_namespace() 0 -#define do_sandbox_android_untrusted_app() 0 -#endif - #if GOOS_openbsd #define __syscall syscall @@ -680,12 +668,6 @@ static int do_sandbox_none(void) return 0; } #endif - -#if SYZ_EXECUTOR -#define do_sandbox_setuid() 0 -#define do_sandbox_namespace() 0 -#define do_sandbox_android_untrusted_app() 0 -#endif #define CAST(f) ({void* p = (void*)f; p; }) #elif GOOS_linux @@ -3100,6 +3082,7 @@ static int do_sandbox_none(void) #include <sched.h> #include <sys/prctl.h> +#define SYZ_HAVE_SANDBOX_SETUID 1 static int do_sandbox_setuid(void) { if (unshare(CLONE_NEWPID)) { @@ -3242,6 +3225,7 @@ static int namespace_sandbox_proc(void* arg) doexit(1); } +#define SYZ_HAVE_SANDBOX_NAMESPACE 1 static int do_sandbox_namespace(void) { int pid; @@ -3334,6 +3318,7 @@ static void syz_setfilecon(const char* path, const char* context) fail("setfilecon: could not set context to %s, currently %s", context, new_context); } +#define SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP 1 static int do_sandbox_android_untrusted_app(void) { setup_common(); @@ -3728,12 +3713,6 @@ static int do_sandbox_none(void) } #endif -#if SYZ_EXECUTOR -#define do_sandbox_setuid() 0 -#define do_sandbox_namespace() 0 -#define do_sandbox_android_untrusted_app() 0 -#endif - #elif GOOS_windows #include <windows.h> @@ -3845,12 +3824,6 @@ static int do_sandbox_none(void) } #endif -#if SYZ_EXECUTOR -#define do_sandbox_setuid() 0 -#define do_sandbox_namespace() 0 -#define do_sandbox_android_untrusted_app() 0 -#endif - #elif GOOS_test #include <stdlib.h> @@ -3901,12 +3874,6 @@ static int do_sandbox_none(void) } #endif -#if SYZ_EXECUTOR -#define do_sandbox_setuid() 0 -#define do_sandbox_namespace() 0 -#define do_sandbox_android_untrusted_app() 0 -#endif - #else #error "unknown OS" #endif |