executor: refactor sandbox flags

In preparation for future changes.
author: Dmitry Vyukov <dvyukov@google.com> 2019-11-14 18:56:34 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2019-11-16 09:58:54 +0100
commit: 690740b4a4e1ce9c661ca07fdd14cb2486f04e00 (patch)
tree: 5ce0ababf2c64b623115a0fbd33edfd11ec9b47e /pkg/ipc
parent: a6e3054436b5cc7f8c4acbce9841ecb17f699fb1 (diff)
2 files changed, 19 insertions, 19 deletions
diff --git a/pkg/ipc/ipc.go b/pkg/ipc/ipc.go
index cd3d6b02e..9fdb63241 100644
--- a/pkg/ipc/ipc.go
+++ b/pkg/ipc/ipc.go
@@ -27,18 +27,18 @@ type EnvFlags uint64
 
 // Note: New / changed flags should be added to parse_env_flags in executor.cc
 const (
-	FlagDebug                      EnvFlags = 1 << iota // debug output from executor
-	FlagSignal                                          // collect feedback signals (coverage)
-	FlagSandboxSetuid                                   // impersonate nobody user
-	FlagSandboxNamespace                                // use namespaces for sandboxing
-	FlagSandboxAndroidUntrustedApp                      // use Android sandboxing for the untrusted_app domain
-	FlagExtraCover                                      // collect extra coverage
-	FlagEnableTun                                       // setup and use /dev/tun for packet injection
-	FlagEnableNetDev                                    // setup more network devices for testing
-	FlagEnableNetReset                                  // reset network namespace between programs
-	FlagEnableCgroups                                   // setup cgroups for testing
-	FlagEnableCloseFds                                  // close fds after each program
-	FlagEnableDevlinkPCI                                // setup devlink PCI device
+	FlagDebug            EnvFlags = 1 << iota // debug output from executor
+	FlagSignal                                // collect feedback signals (coverage)
+	FlagSandboxSetuid                         // impersonate nobody user
+	FlagSandboxNamespace                      // use namespaces for sandboxing
+	FlagSandboxAndroid                        // use Android sandboxing for the untrusted_app domain
+	FlagExtraCover                            // collect extra coverage
+	FlagEnableTun                             // setup and use /dev/tun for packet injection
+	FlagEnableNetDev                          // setup more network devices for testing
+	FlagEnableNetReset                        // reset network namespace between programs
+	FlagEnableCgroups                         // setup cgroups for testing
+	FlagEnableCloseFds                        // close fds after each program
+	FlagEnableDevlinkPCI                      // setup devlink PCI device
 	// Executor does not know about these:
 	FlagUseShmem      // use shared memory instead of pipes for communication
 	FlagUseForkServer // use extended protocol with handshake
@@ -134,10 +134,10 @@ func SandboxToFlags(sandbox string) (EnvFlags, error) {
 		return FlagSandboxSetuid, nil
 	case "namespace":
 		return FlagSandboxNamespace, nil
-	case "android_untrusted_app":
-		return FlagSandboxAndroidUntrustedApp, nil
+	case "android":
+		return FlagSandboxAndroid, nil
 	default:
-		return 0, fmt.Errorf("sandbox must contain one of none/setuid/namespace/android_untrusted_app")
+		return 0, fmt.Errorf("sandbox must contain one of none/setuid/namespace/android")
 	}
 }
 
@@ -146,8 +146,8 @@ func FlagsToSandbox(flags EnvFlags) string {
 		return "setuid"
 	} else if flags&FlagSandboxNamespace != 0 {
 		return "namespace"
-	} else if flags&FlagSandboxAndroidUntrustedApp != 0 {
-		return "android_untrusted_app"
+	} else if flags&FlagSandboxAndroid != 0 {
+		return "android"
 	}
 	return "none"
 }
@@ -542,7 +542,7 @@ func makeCommand(pid int, bin []string, config *Config, inFile, outFile *os.File
 		}
 	}()
 
-	if config.Flags&(FlagSandboxSetuid|FlagSandboxNamespace|FlagSandboxAndroidUntrustedApp) != 0 {
+	if config.Flags&(FlagSandboxSetuid|FlagSandboxNamespace|FlagSandboxAndroid) != 0 {
 		if err := os.Chmod(dir, 0777); err != nil {
 			return nil, fmt.Errorf("failed to chmod temp dir: %v", err)
 		}
diff --git a/pkg/ipc/ipcconfig/ipcconfig.go b/pkg/ipc/ipcconfig/ipcconfig.go
index f2bd2028e..55e29fae4 100644
--- a/pkg/ipc/ipcconfig/ipcconfig.go
+++ b/pkg/ipc/ipcconfig/ipcconfig.go
@@ -16,7 +16,7 @@ var (
 	flagThreaded = flag.Bool("threaded", true, "use threaded mode in executor")
 	flagCollide  = flag.Bool("collide", true, "collide syscalls to provoke data races")
 	flagSignal   = flag.Bool("cover", false, "collect feedback signals (coverage)")
-	flagSandbox  = flag.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace/android_untrusted_app)")
+	flagSandbox  = flag.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace/android)")
 	flagDebug    = flag.Bool("debug", false, "debug output from executor")
 	flagTimeout  = flag.Duration("timeout", 0, "execution timeout")
 )
author	Dmitry Vyukov <dvyukov@google.com>	2019-11-14 18:56:34 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2019-11-16 09:58:54 +0100
commit	690740b4a4e1ce9c661ca07fdd14cb2486f04e00 (patch)
tree	5ce0ababf2c64b623115a0fbd33edfd11ec9b47e /pkg/ipc
parent	a6e3054436b5cc7f8c4acbce9841ecb17f699fb1 (diff)