Tor  0.4.7.0-alpha-dev
sandbox.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file sandbox.h
9  * \brief Header file for sandbox.c.
10  **/
11 
12 #ifndef SANDBOX_H_
13 #define SANDBOX_H_
14 
15 #include "orconfig.h"
16 #include "lib/cc/torint.h"
17 
18 #ifndef SYS_SECCOMP
19 
20 /**
21  * Used by SIGSYS signal handler to check if the signal was issued due to a
22  * seccomp2 filter violation.
23  */
24 #define SYS_SECCOMP 1
25 
26 #endif /* !defined(SYS_SECCOMP) */
27 
28 #if defined(HAVE_SECCOMP_H) && defined(__linux__)
29 #define USE_LIBSECCOMP
30 #endif
31 
32 struct sandbox_cfg_elem_t;
33 
34 /** Typedef to structure used to manage a sandbox configuration. */
35 typedef struct sandbox_cfg_elem_t sandbox_cfg_t;
36 
37 /**
38  * Linux definitions
39  */
40 #ifdef USE_LIBSECCOMP
41 
42 #include <sys/ucontext.h>
43 #include <seccomp.h>
44 #include <netdb.h>
45 
46 #define PARAM_PTR 0
47 #define PARAM_NUM 1
48 
49 /**
50  * Enum used to manage the type of the implementation for general purpose.
51  */
52 typedef enum {
53  /** Libseccomp implementation based on seccomp2*/
54  LIBSECCOMP2 = 0
55 } SB_IMPL;
56 
57 /**
58  * Configuration parameter structure associated with the LIBSECCOMP2
59  * implementation.
60  */
61 typedef struct smp_param_t {
62  /** syscall associated with parameter. */
63  int syscall;
64 
65  /** parameter value. */
66  char *value;
67  /** parameter value, second argument. */
68  char *value2;
69 
70  /** parameter flag (0 = not protected, 1 = protected). */
71  int prot;
72 } smp_param_t;
73 
74 /**
75  * Structure used to manage a sandbox configuration.
76  *
77  * It is implemented as a linked list of parameters. Currently only controls
78  * parameters for open, openat, execve, stat64.
79  */
80 struct sandbox_cfg_elem_t {
81  /** Sandbox implementation which dictates the parameter type. */
82  SB_IMPL implem;
83 
84  /** Configuration parameter. */
85  smp_param_t *param;
86 
87  /** Next element of the configuration*/
88  struct sandbox_cfg_elem_t *next;
89 };
90 
91 /** Function pointer defining the prototype of a filter function.*/
92 typedef int (*sandbox_filter_func_t)(scmp_filter_ctx ctx,
93  sandbox_cfg_t *filter);
94 
95 /** Type that will be used in step 3 in order to manage multiple sandboxes.*/
96 typedef struct {
97  /** function pointers associated with the filter */
98  sandbox_filter_func_t *filter_func;
99 
100  /** filter function pointer parameters */
101  sandbox_cfg_t *filter_dynamic;
102 } sandbox_t;
103 
104 #endif /* defined(USE_LIBSECCOMP) */
105 
106 #ifdef USE_LIBSECCOMP
107 const char* sandbox_intern_string(const char *param);
108 bool sandbox_interned_string_is_missing(const char *s);
109 #else /* !defined(USE_LIBSECCOMP) */
110 #define sandbox_intern_string(s) (s)
111 #define sandbox_interned_string_is_missing(s) (false)
112 #endif /* defined(USE_LIBSECCOMP) */
113 
114 /** Creates an empty sandbox configuration file.*/
116 
117 /**
118  * Function used to add a open allowed filename to a supplied configuration.
119  * The (char*) specifies the path to the allowed file; we take ownership
120  * of the pointer.
121  */
122 int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
123 
124 int sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file);
125 int sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file);
126 
127 /* DOCDOC */
128 int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
129 
130 /**
131  * Function used to add a openat allowed filename to a supplied configuration.
132  * The (char*) specifies the path to the allowed file; we steal the pointer to
133  * that file.
134  */
135 int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file);
136 
137 /**
138  * Function used to add a opendir allowed filename to a supplied configuration.
139  * The (char*) specifies the path to the allowed dir; we steal the pointer to
140  * that dir.
141  */
143 
144 /**
145  * Function used to add a stat/stat64 allowed filename to a configuration.
146  * The (char*) specifies the path to the allowed file; that pointer is stolen.
147  */
148 int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file);
149 
150 /** Function used to initialise a sandbox configuration.*/
151 int sandbox_init(sandbox_cfg_t* cfg);
152 
153 /** Return true iff the sandbox is turned on. */
154 int sandbox_is_active(void);
155 
156 #endif /* !defined(SANDBOX_H_) */
int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
Definition: sandbox.c:1904
int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
Definition: sandbox.c:1925
struct sandbox_cfg_elem_t sandbox_cfg_t
Definition: sandbox.h:35
int sandbox_init(sandbox_cfg_t *cfg)
Definition: sandbox.c:1880
int sandbox_is_active(void)
Definition: sandbox.c:1953
int sandbox_cfg_allow_opendir_dirname(sandbox_cfg_t **cfg, char *dir)
Definition: sandbox.c:1918
#define sandbox_intern_string(s)
Definition: sandbox.h:110
sandbox_cfg_t * sandbox_cfg_new(void)
Definition: sandbox.c:1874
int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
Definition: sandbox.c:1911
Integer definitions used throughout Tor.