Sandbox: allow access to stats/bridge-stats

Fix for 12041; bugfix on 0.2.5.1-alpha.

changes/bug12041

@@ -0,0 +1,5 @@
+  o Minor bugfixes (linux syscall sandbox):
+    - Fix a "BUG" warning when trying to write bridge-stats files with
+      the Linux syscall sandbox filter enabled. Fixes bug 12041;
+      bugfix on 0.2.5.1-alpha.
+

src/or/main.c

@@ -2834,6 +2834,8 @@ sandbox_init_filter(void)
         get_datadir_fname2("keys", "secret_onion_key_ntor.old"),
         get_datadir_fname2("keys", "secret_onion_key.tmp"),
         get_datadir_fname2("keys", "secret_id_key.tmp"),
+        get_datadir_fname2("stats", "bridge-stats"),
+        get_datadir_fname2("stats", "bridge-stats.tmp"),
         get_datadir_fname("fingerprint"),
         get_datadir_fname("fingerprint.tmp"),
         get_datadir_fname("hashed-fingerprint"),
@@ -2850,6 +2852,7 @@ sandbox_init_filter(void)
     RENAME_SUFFIX2("keys", "secret_id_key.old", ".tmp");
     RENAME_SUFFIX2("keys", "secret_onion_key", ".tmp");
     RENAME_SUFFIX2("keys", "secret_onion_key.old", ".tmp");
+    RENAME_SUFFIX2("stats", "bridge_stats", ".tmp");
     RENAME_SUFFIX("hashed-fingerprint", ".tmp");
     RENAME_SUFFIX("router-stability", ".tmp");
 
@@ -2862,7 +2865,7 @@ sandbox_init_filter(void)
 
     sandbox_cfg_allow_stat_filename_array(&cfg,
         get_datadir_fname("keys"),
-        get_datadir_fname("stats/dirreq-stats"),
+        get_datadir_fname2("stats", "dirreq-stats"),
         NULL, 0
     );
   }