1 files changed, 30 insertions, 11 deletions

diff --git a/pkg/ipc/ipcconfig/ipcconfig.go b/pkg/ipc/ipcconfig/ipcconfig.go
index 021978274..b94579102 100644
--- a/pkg/ipc/ipcconfig/ipcconfig.go
+++ b/pkg/ipc/ipcconfig/ipcconfig.go
@@ -33,18 +33,11 @@ func Default(target *prog.Target) (*ipc.Config, *ipc.ExecOpts, error) {
 	if *flagDebug {
 		c.Flags |= ipc.FlagDebug
 	}
-	switch *flagSandbox {
-	case "none":
-	case "setuid":
-		c.Flags |= ipc.FlagSandboxSetuid
-	case "namespace":
-		c.Flags |= ipc.FlagSandboxNamespace
-	case "android_untrusted_app":
-		c.Flags |= ipc.FlagSandboxAndroidUntrustedApp
-	default:
-		return nil, nil, fmt.Errorf("flag sandbox must contain one of none/setuid/namespace/android_untrusted_app")
+	sandboxFlags, err := SandboxToFlags(*flagSandbox)
+	if err != nil {
+		return nil, nil, err
 	}
-
+	c.Flags |= sandboxFlags
 	sysTarget := targets.Get(target.OS, target.Arch)
 	if sysTarget.ExecutorUsesShmem {
 		c.Flags |= ipc.FlagUseShmem
@@ -65,3 +58,29 @@ func Default(target *prog.Target) (*ipc.Config, *ipc.ExecOpts, error) {
 
 	return c, opts, nil
 }
+
+func SandboxToFlags(sandbox string) (ipc.EnvFlags, error) {
+	switch sandbox {
+	case "none":
+		return 0, nil
+	case "setuid":
+		return ipc.FlagSandboxSetuid, nil
+	case "namespace":
+		return ipc.FlagSandboxNamespace, nil
+	case "android_untrusted_app":
+		return ipc.FlagSandboxAndroidUntrustedApp, nil
+	default:
+		return 0, fmt.Errorf("sandbox must contain one of none/setuid/namespace/android_untrusted_app")
+	}
+}
+
+func FlagsToSandbox(flags ipc.EnvFlags) string {
+	if flags&ipc.FlagSandboxSetuid != 0 {
+		return "setuid"
+	} else if flags&ipc.FlagSandboxNamespace != 0 {
+		return "namespace"
+	} else if flags&ipc.FlagSandboxAndroidUntrustedApp != 0 {
+		return "android_untrusted_app"
+	}
+	return "none"
+}