integrated context for dynamic filters

src/common/sandbox.c

@@ -228,12 +228,6 @@ prot_strdup(char* str)
    return res;
 }
 
-sandbox_cfg_t*
-sandbox_cfg_new()
-{
-  return NULL;
-}
-
 int
 sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
 {
@@ -253,7 +247,7 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
 }
 
 static int
-add_param_filter(scmp_filter_ctx ctx)
+add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
 {
   int i, filter_size, rc = 0;
   sandbox_cfg_t *elem;
@@ -265,7 +259,8 @@ add_param_filter(scmp_filter_ctx ctx)
   }
 
   // for each dynamic parameter filters
-  for (elem = filter_dynamic; elem != NULL; elem = elem->next) {
+  elem = (cfg == NULL) ? filter_dynamic : cfg;
+  for (; elem != NULL; elem = elem->next) {
     rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, elem->syscall, 1,
            SCMP_CMP(elem->pindex, SCMP_CMP_EQ, elem->param));
      if (rc != 0) {
@@ -327,7 +322,7 @@ add_noparam_filter(scmp_filter_ctx ctx)
  * Returns 0 on success.
  */
 static int
-install_glob_syscall_filter(void)
+install_syscall_filter(sandbox_cfg_t* cfg)
 {
   int rc = 0;
   scmp_filter_ctx ctx;
@@ -340,7 +335,7 @@ install_glob_syscall_filter(void)
   }
 
   // add parameter filters
-  if ((rc = add_param_filter(ctx))) {
+  if ((rc = add_param_filter(ctx, cfg))) {
     log_err(LD_BUG, "(Sandbox) failed to add param filters!");
     goto end;
   }
@@ -450,12 +445,12 @@ install_sigsys_debugging(void)
  * into account various available features for different linux flavours.
  */
 static int
-initialise_libseccomp_sandbox(void)
+initialise_libseccomp_sandbox(sandbox_cfg_t* cfg)
 {
   if (install_sigsys_debugging())
     return -1;
 
-  if (install_glob_syscall_filter())
+  if (install_syscall_filter(cfg))
     return -2;
 
   return 0;
@@ -463,6 +458,33 @@ initialise_libseccomp_sandbox(void)
 
 #endif // USE_LIBSECCOMP
 
+sandbox_cfg_t*
+sandbox_cfg_new() {
+  return NULL;
+}
+
+int
+sandbox_init(sandbox_cfg_t* cfg)
+{
+#if defined(USE_LIBSECCOMP)
+  return initialise_libseccomp_sandbox(cfg);
+
+#elif defined(_WIN32)
+  log_warn(LD_BUG,"Windows sandboxing is not implemented. The feature is "
+      "currently disabled.");
+  return 0;
+
+#elif defined(TARGET_OS_MAC)
+  log_warn(LD_BUG,"Mac OSX sandboxing is not implemented. The feature is "
+      "currently disabled");
+  return 0;
+#else
+  log_warn(LD_BUG,"Sandboxing is not implemented for your platform. The "
+      "feature is currently disabled");
+  return 0;
+#endif
+}
+
 /**
  * Enables the stage 1 general sandbox. It applies a syscall filter which does
  * not restrict any Tor features. The filter is representative for the whole
@@ -473,7 +495,7 @@ tor_global_sandbox(void)
 {
 
 #if defined(USE_LIBSECCOMP)
-  return initialise_libseccomp_sandbox();
+  return initialise_libseccomp_sandbox(NULL);
 
 #elif defined(_WIN32)
   log_warn(LD_BUG,"Windows sandboxing is not implemented. The feature is "

src/common/sandbox.h

@@ -81,7 +81,10 @@ typedef struct pfd_elem sandbox_cfg_t;
 void sandbox_set_debugging_fd(int fd);
 int tor_global_sandbox(void);
 char* get_prot_param(char *param);
+
+sandbox_cfg_t * sandbox_cfg_new();
 int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
+int sandbox_init(sandbox_cfg_t* cfg);
 
 #endif /* SANDBOX_H_ */
 

src/or/main.c

@@ -2639,41 +2639,43 @@ find_flashcard_path(PWCHAR path, size_t size)
 }
 #endif
 
-static int
-sandbox_cfg_init_open()
+static sandbox_cfg_t*
+sandbox_init_filter()
 {
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_t *cfg = sandbox_cfg_new();
+
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-certs"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-consensus"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("unverified-consensus"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-microdesc-consensus"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-microdesc-consensus.tmp"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-microdescs"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-microdescs.tmp"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-microdescs.new"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("unverified-microdesc-consensus"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-descriptors"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-descriptors.new"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-extrainfo"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("state.tmp"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("unparseable-desc.tmp"));
-  sandbox_cfg_allow_open_filename(NULL,
+  sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("unparseable-desc"));
 
-  return 0;
+  return cfg;
 }
 
 /** Main entry point for the Tor process.  Called from main(). */
@@ -2744,10 +2746,9 @@ tor_main(int argc, char *argv[])
     return -1;
 
   if (get_options()->Sandbox) {
-    if (sandbox_cfg_init_open() < 0)
-      return -1;
+    sandbox_cfg_t* cfg = sandbox_init_filter();
 
-    if (tor_global_sandbox()) {
+    if (sandbox_init(cfg)) {
       log_err(LD_BUG,"Failed to create syscall sandbox filter");
       return -1;
     }