From 690740b4a4e1ce9c661ca07fdd14cb2486f04e00 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 14 Nov 2019 18:56:34 +0100 Subject: executor: refactor sandbox flags In preparation for future changes. --- executor/common_linux.h | 14 +++++--------- executor/executor.cc | 42 +++++++++++++++++------------------------- 2 files changed, 22 insertions(+), 34 deletions(-) (limited to 'executor') diff --git a/executor/common_linux.h b/executor/common_linux.h index 4c8e79c4e..cc5c58950 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -1912,9 +1912,7 @@ static void reset_ebtables() static void checkpoint_net_namespace(void) { #if SYZ_EXECUTOR - if (!flag_net_reset) - return; - if (flag_sandbox == sandbox_setuid) + if (!flag_net_reset || flag_sandbox_setuid) return; #endif checkpoint_ebtables(); @@ -1926,9 +1924,7 @@ static void checkpoint_net_namespace(void) static void reset_net_namespace(void) { #if SYZ_EXECUTOR - if (!flag_net_reset) - return; - if (flag_sandbox == sandbox_setuid) + if (!flag_net_reset || flag_sandbox_setuid) return; #endif reset_ebtables(); @@ -2539,8 +2535,8 @@ static void syz_setfilecon(const char* path, const char* context) fail("setfilecon: could not set context to %s, currently %s", context, new_context); } -#define SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP 1 -static int do_sandbox_android_untrusted_app(void) +#define SYZ_HAVE_SANDBOX_ANDROID 1 +static int do_sandbox_android(void) { setup_common(); sandbox_common(); @@ -2564,7 +2560,7 @@ static int do_sandbox_android_untrusted_app(void) initialize_tun(); #endif #if SYZ_EXECUTOR || SYZ_NET_DEVICES - // Note: sandbox_android_untrusted_app does not unshare net namespace. + // Note: sandbox_android does not unshare net namespace. initialize_netdevices_init(); initialize_netdevices(); #endif diff --git a/executor/executor.cc b/executor/executor.cc index a01893eb7..c8a4b8b2e 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -100,18 +100,14 @@ static uint32 hash(uint32 a); static bool dedup(uint32 sig); #endif -enum sandbox_type { - sandbox_none, - sandbox_setuid, - sandbox_namespace, - sandbox_android_untrusted_app -}; - uint64 start_time_ms = 0; static bool flag_debug; static bool flag_coverage; -static sandbox_type flag_sandbox; +static bool flag_sandbox_none; +static bool flag_sandbox_setuid; +static bool flag_sandbox_namespace; +static bool flag_sandbox_android; static bool flag_extra_coverage; static bool flag_net_injection; static bool flag_net_devices; @@ -408,28 +404,23 @@ int main(int argc, char** argv) } int status = 0; - switch (flag_sandbox) { - case sandbox_none: + if (flag_sandbox_none) status = do_sandbox_none(); - break; #if SYZ_HAVE_SANDBOX_SETUID - case sandbox_setuid: + else if (flag_sandbox_setuid) status = do_sandbox_setuid(); - break; #endif #if SYZ_HAVE_SANDBOX_NAMESPACE - case sandbox_namespace: + else if (flag_sandbox_namespace) status = do_sandbox_namespace(); - break; #endif -#if SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP - case sandbox_android_untrusted_app: - status = do_sandbox_android_untrusted_app(); - break; +#if SYZ_HAVE_SANDBOX_ANDROID + else if (flag_sandbox_android) + status = do_sandbox_android(); #endif - default: + else fail("unknown sandbox type"); - } + #if SYZ_EXECUTOR_USES_FORK_SERVER fprintf(stderr, "loop exited with status %d\n", status); // Other statuses happen when fuzzer processes manages to kill loop, e.g. with: @@ -469,13 +460,14 @@ void parse_env_flags(uint64 flags) // Note: Values correspond to ordering in pkg/ipc/ipc.go, e.g. FlagSandboxNamespace flag_debug = flags & (1 << 0); flag_coverage = flags & (1 << 1); - flag_sandbox = sandbox_none; if (flags & (1 << 2)) - flag_sandbox = sandbox_setuid; + flag_sandbox_setuid = true; else if (flags & (1 << 3)) - flag_sandbox = sandbox_namespace; + flag_sandbox_namespace = true; else if (flags & (1 << 4)) - flag_sandbox = sandbox_android_untrusted_app; + flag_sandbox_android = true; + else + flag_sandbox_none = true; flag_extra_coverage = flags & (1 << 5); flag_net_injection = flags & (1 << 6); flag_net_devices = flags & (1 << 7); -- cgit mrf-deployment