8 files changed, 12 insertions, 66 deletions

diff --git a/executor/common_akaros.h b/executor/common_akaros.h
index 8d83749dc..ead67c36c 100644
--- a/executor/common_akaros.h
+++ b/executor/common_akaros.h
@@ -33,9 +33,3 @@ void child()
 	doexit(0);
 }
 #endif
-
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
diff --git a/executor/common_bsd.h b/executor/common_bsd.h
index 49c6b36de..63ae6c1d1 100644
--- a/executor/common_bsd.h
+++ b/executor/common_bsd.h
@@ -14,12 +14,6 @@ static int do_sandbox_none(void)
 }
 #endif
 
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
-
 #if GOOS_openbsd
 
 #define __syscall syscall
diff --git a/executor/common_fuchsia.h b/executor/common_fuchsia.h
index fb08aa2a0..d232f2a14 100644
--- a/executor/common_fuchsia.h
+++ b/executor/common_fuchsia.h
@@ -241,12 +241,6 @@ static int do_sandbox_none(void)
 }
 #endif
 
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
-
 // Ugly way to work around gcc's "error: function called through a non-compatible type".
 // The macro is used in generated C code.
 #define CAST(f) ({void* p = (void*)f; p; })
diff --git a/executor/common_linux.h b/executor/common_linux.h
index 5ae770800..02c1eb82e 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -1561,6 +1561,7 @@ static int do_sandbox_none(void)
 #include <sched.h>
 #include <sys/prctl.h>
 
+#define SYZ_HAVE_SANDBOX_SETUID 1
 static int do_sandbox_setuid(void)
 {
 	if (unshare(CLONE_NEWPID)) {
@@ -1722,6 +1723,7 @@ static int namespace_sandbox_proc(void* arg)
 	doexit(1);
 }
 
+#define SYZ_HAVE_SANDBOX_NAMESPACE 1
 static int do_sandbox_namespace(void)
 {
 	int pid;
@@ -1844,6 +1846,7 @@ static void syz_setfilecon(const char* path, const char* context)
 		fail("setfilecon: could not set context to %s, currently %s", context, new_context);
 }
 
+#define SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP 1
 static int do_sandbox_android_untrusted_app(void)
 {
 	setup_common();
diff --git a/executor/common_test.h b/executor/common_test.h
index dc162a833..51b135377 100644
--- a/executor/common_test.h
+++ b/executor/common_test.h
@@ -56,9 +56,3 @@ static int do_sandbox_none(void)
 	doexit(0);
 }
 #endif
-
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
diff --git a/executor/common_windows.h b/executor/common_windows.h
index 2a89ea469..d6b786ac1 100644
--- a/executor/common_windows.h
+++ b/executor/common_windows.h
@@ -111,9 +111,3 @@ static int do_sandbox_none(void)
 	doexit(0);
 }
 #endif
-
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
diff --git a/executor/executor.cc b/executor/executor.cc
index 2244cc797..fca80e9be 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -364,15 +364,21 @@ int main(int argc, char** argv)
 	case sandbox_none:
 		status = do_sandbox_none();
 		break;
+#if SYZ_HAVE_SANDBOX_SETUID
 	case sandbox_setuid:
 		status = do_sandbox_setuid();
 		break;
+#endif
+#if SYZ_HAVE_SANDBOX_NAMESPACE
 	case sandbox_namespace:
 		status = do_sandbox_namespace();
 		break;
+#endif
+#if SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP
 	case sandbox_android_untrusted_app:
 		status = do_sandbox_android_untrusted_app();
 		break;
+#endif
 	default:
 		fail("unknown sandbox type");
 	}
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index 475982ae5..fd6bcc862 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -390,12 +390,6 @@ void child()
 }
 #endif
 
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
-
 #elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd
 
 #include <unistd.h>
@@ -409,12 +403,6 @@ static int do_sandbox_none(void)
 }
 #endif
 
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
-
 #if GOOS_openbsd
 
 #define __syscall syscall
@@ -680,12 +668,6 @@ static int do_sandbox_none(void)
 	return 0;
 }
 #endif
-
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
 #define CAST(f) ({void* p = (void*)f; p; })
 
 #elif GOOS_linux
@@ -3100,6 +3082,7 @@ static int do_sandbox_none(void)
 #include <sched.h>
 #include <sys/prctl.h>
 
+#define SYZ_HAVE_SANDBOX_SETUID 1
 static int do_sandbox_setuid(void)
 {
 	if (unshare(CLONE_NEWPID)) {
@@ -3242,6 +3225,7 @@ static int namespace_sandbox_proc(void* arg)
 	doexit(1);
 }
 
+#define SYZ_HAVE_SANDBOX_NAMESPACE 1
 static int do_sandbox_namespace(void)
 {
 	int pid;
@@ -3334,6 +3318,7 @@ static void syz_setfilecon(const char* path, const char* context)
 		fail("setfilecon: could not set context to %s, currently %s", context, new_context);
 }
 
+#define SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP 1
 static int do_sandbox_android_untrusted_app(void)
 {
 	setup_common();
@@ -3728,12 +3713,6 @@ static int do_sandbox_none(void)
 }
 #endif
 
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
-
 #elif GOOS_windows
 
 #include <windows.h>
@@ -3845,12 +3824,6 @@ static int do_sandbox_none(void)
 }
 #endif
 
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
-
 #elif GOOS_test
 
 #include <stdlib.h>
@@ -3901,12 +3874,6 @@ static int do_sandbox_none(void)
 }
 #endif
 
-#if SYZ_EXECUTOR
-#define do_sandbox_setuid() 0
-#define do_sandbox_namespace() 0
-#define do_sandbox_android_untrusted_app() 0
-#endif
-
 #else
 #error "unknown OS"
 #endif