tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE

sandbox.h (4316B)

      1 /* Copyright (c) 2001 Matej Pfajfar.
      2 * Copyright (c) 2001-2004, Roger Dingledine.
      3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
      4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
      5 /* See LICENSE for licensing information */
      6 
      7 /**
      8 * \file sandbox.h
      9 * \brief Header file for sandbox.c.
     10 **/
     11 
     12 #ifndef SANDBOX_H_
     13 #define SANDBOX_H_
     14 
     15 #include "orconfig.h"
     16 #include "lib/cc/torint.h"
     17 
     18 #ifndef SYS_SECCOMP
     19 #ifdef HAVE_SIGNAL_H
     20 #include <signal.h>
     21 #endif
     22 
     23 /**
     24 * Used by SIGSYS signal handler to check if the signal was issued due to a
     25 * seccomp2 filter violation.
     26 */
     27 #define SYS_SECCOMP 1
     28 
     29 #endif /* !defined(SYS_SECCOMP) */
     30 
     31 #if defined(HAVE_SECCOMP_H) && defined(__linux__)
     32 #define USE_LIBSECCOMP
     33 #endif
     34 
     35 struct sandbox_cfg_elem_t;
     36 
     37 /** Typedef to structure used to manage a sandbox configuration. */
     38 typedef struct sandbox_cfg_elem_t sandbox_cfg_t;
     39 
     40 /**
     41 * Linux definitions
     42 */
     43 #ifdef USE_LIBSECCOMP
     44 
     45 #include <sys/ucontext.h>
     46 #include <seccomp.h>
     47 #include <netdb.h>
     48 
     49 #define PARAM_PTR 0
     50 #define PARAM_NUM 1
     51 
     52 /**
     53 * Enum used to manage the type of the implementation for general purpose.
     54 */
     55 typedef enum {
     56  /** Libseccomp implementation based on seccomp2*/
     57  LIBSECCOMP2 = 0
     58 } SB_IMPL;
     59 
     60 /**
     61 *  Configuration parameter structure associated with the LIBSECCOMP2
     62 *  implementation.
     63 */
     64 typedef struct smp_param_t {
     65  /** syscall associated with parameter. */
     66  int syscall;
     67 
     68  /** parameter value. */
     69  char *value;
     70  /** parameter value, second argument. */
     71  char *value2;
     72 
     73  /**  parameter flag (0 = not protected, 1 = protected). */
     74  int prot;
     75 } smp_param_t;
     76 
     77 /**
     78 * Structure used to manage a sandbox configuration.
     79 *
     80 * It is implemented as a linked list of parameters. Currently only controls
     81 * parameters for open, openat, execve, stat64.
     82 */
     83 struct sandbox_cfg_elem_t {
     84  /** Sandbox implementation which dictates the parameter type. */
     85  SB_IMPL implem;
     86 
     87  /** Configuration parameter. */
     88  smp_param_t *param;
     89 
     90  /** Next element of the configuration*/
     91  struct sandbox_cfg_elem_t *next;
     92 };
     93 
     94 /** Function pointer defining the prototype of a filter function.*/
     95 typedef int (*sandbox_filter_func_t)(scmp_filter_ctx ctx,
     96    sandbox_cfg_t *filter);
     97 
     98 /** Type that will be used in step 3 in order to manage multiple sandboxes.*/
     99 typedef struct {
    100  /** function pointers associated with the filter */
    101  sandbox_filter_func_t *filter_func;
    102 
    103  /** filter function pointer parameters */
    104  sandbox_cfg_t *filter_dynamic;
    105 } sandbox_t;
    106 
    107 #endif /* defined(USE_LIBSECCOMP) */
    108 
    109 #ifdef USE_LIBSECCOMP
    110 const char* sandbox_intern_string(const char *param);
    111 bool sandbox_interned_string_is_missing(const char *s);
    112 #else /* !defined(USE_LIBSECCOMP) */
    113 #define sandbox_intern_string(s) (s)
    114 #define sandbox_interned_string_is_missing(s) (false)
    115 #endif /* defined(USE_LIBSECCOMP) */
    116 
    117 /** Creates an empty sandbox configuration file.*/
    118 sandbox_cfg_t * sandbox_cfg_new(void);
    119 
    120 /**
    121 * Function used to add a open allowed filename to a supplied configuration.
    122 * The (char*) specifies the path to the allowed file; we take ownership
    123 * of the pointer.
    124 */
    125 int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
    126 
    127 int sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file);
    128 int sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file);
    129 
    130 /* DOCDOC */
    131 int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
    132 
    133 /**
    134 * Function used to add a openat allowed filename to a supplied configuration.
    135 * The (char*) specifies the path to the allowed file; we steal the pointer to
    136 * that file.
    137 */
    138 int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file);
    139 
    140 /**
    141 * Function used to add a opendir allowed filename to a supplied configuration.
    142 * The (char*) specifies the path to the allowed dir; we steal the pointer to
    143 * that dir.
    144 */
    145 int sandbox_cfg_allow_opendir_dirname(sandbox_cfg_t **cfg, char *dir);
    146 
    147 /**
    148 * Function used to add a stat/stat64 allowed filename to a configuration.
    149 * The (char*) specifies the path to the allowed file; that pointer is stolen.
    150 */
    151 int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file);
    152 
    153 /** Function used to initialise a sandbox configuration.*/
    154 int sandbox_init(sandbox_cfg_t* cfg);
    155 
    156 /** Return true iff the sandbox is turned on. */
    157 int sandbox_is_active(void);
    158 
    159 #endif /* !defined(SANDBOX_H_) */