src/lib/sandbox/sandbox.h

   1 /* Copyright (c) 2001 Matej Pfajfar.
   2  * Copyright (c) 2001-2004, Roger Dingledine.
   3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
   4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
   5 /* See LICENSE for licensing information */
   6
   7 /**
   8  * \file sandbox.h
   9  * \brief Header file for sandbox.c.
  10  **/
  11
  12 #ifndef SANDBOX_H_
  13 #define SANDBOX_H_
  14
  15 #include "orconfig.h"
  16 #include "lib/cc/torint.h"
  17
  18 #ifndef SYS_SECCOMP
  19
  20 /**
  21  * Used by SIGSYS signal handler to check if the signal was issued due to a
  22  * seccomp2 filter violation.
  23  */
  24 #define SYS_SECCOMP 1
  25
  26 #endif /* !defined(SYS_SECCOMP) */
  27
  28 #if defined(HAVE_SECCOMP_H) && defined(__linux__)
  29 #define USE_LIBSECCOMP
  30 #endif
  31
  32 struct sandbox_cfg_elem_t;
  33
  34 /** Typedef to structure used to manage a sandbox configuration. */
  35 typedef struct sandbox_cfg_elem_t sandbox_cfg_t;
  36
  37 /**
  38  * Linux definitions
  39  */
  40 #ifdef USE_LIBSECCOMP
  41
  42 #include <sys/ucontext.h>
  43 #include <seccomp.h>
  44 #include <netdb.h>
  45
  46 #define PARAM_PTR 0
  47 #define PARAM_NUM 1
  48
  49 /**
  50  * Enum used to manage the type of the implementation for general purpose.
  51  */
  52 typedef enum {
  53   /** Libseccomp implementation based on seccomp2*/
  54   LIBSECCOMP2 = 0
  55 } SB_IMPL;
  56
  57 /**
  58  *  Configuration parameter structure associated with the LIBSECCOMP2
  59  *  implementation.
  60  */
  61 typedef struct smp_param_t {
  62   /** syscall associated with parameter. */
  63   int syscall;
  64
  65   /** parameter value. */
  66   char *value;
  67   /** parameter value, second argument. */
  68   char *value2;
  69
  70   /**  parameter flag (0 = not protected, 1 = protected). */
  71   int prot;
  72 } smp_param_t;
  73
  74 /**
  75  * Structure used to manage a sandbox configuration.
  76  *
  77  * It is implemented as a linked list of parameters. Currently only controls
  78  * parameters for open, openat, execve, stat64.
  79  */
  80 struct sandbox_cfg_elem_t {
  81   /** Sandbox implementation which dictates the parameter type. */
  82   SB_IMPL implem;
  83
  84   /** Configuration parameter. */
  85   smp_param_t *param;
  86
  87   /** Next element of the configuration*/
  88   struct sandbox_cfg_elem_t *next;
  89 };
  90
  91 /** Function pointer defining the prototype of a filter function.*/
  92 typedef int (*sandbox_filter_func_t)(scmp_filter_ctx ctx,
  93     sandbox_cfg_t *filter);
  94
  95 /** Type that will be used in step 3 in order to manage multiple sandboxes.*/
  96 typedef struct {
  97   /** function pointers associated with the filter */
  98   sandbox_filter_func_t *filter_func;
  99
 100   /** filter function pointer parameters */
 101   sandbox_cfg_t *filter_dynamic;
 102 } sandbox_t;
 103
 104 #endif /* defined(USE_LIBSECCOMP) */
 105
 106 #ifdef USE_LIBSECCOMP
 107 const char* sandbox_intern_string(const char *param);
 108 bool sandbox_interned_string_is_missing(const char *s);
 109 #else /* !defined(USE_LIBSECCOMP) */
 110 #define sandbox_intern_string(s) (s)
 111 #define sandbox_interned_string_is_missing(s) (false)
 112 #endif /* defined(USE_LIBSECCOMP) */
 113
 114 /** Creates an empty sandbox configuration file.*/
 115 sandbox_cfg_t * sandbox_cfg_new(void);
 116
 117 /**
 118  * Function used to add a open allowed filename to a supplied configuration.
 119  * The (char*) specifies the path to the allowed file; we take ownership
 120  * of the pointer.
 121  */
 122 int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
 123
 124 int sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file);
 125 int sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file);
 126
 127 /* DOCDOC */
 128 int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
 129
 130 /**
 131  * Function used to add a openat allowed filename to a supplied configuration.
 132  * The (char*) specifies the path to the allowed file; we steal the pointer to
 133  * that file.
 134  */
 135 int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file);
 136
 137 /**
 138  * Function used to add a opendir allowed filename to a supplied configuration.
 139  * The (char*) specifies the path to the allowed dir; we steal the pointer to
 140  * that dir.
 141  */
 142 int sandbox_cfg_allow_opendir_dirname(sandbox_cfg_t **cfg, char *dir);
 143
 144 /**
 145  * Function used to add a stat/stat64 allowed filename to a configuration.
 146  * The (char*) specifies the path to the allowed file; that pointer is stolen.
 147  */
 148 int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file);
 149
 150 /** Function used to initialise a sandbox configuration.*/
 151 int sandbox_init(sandbox_cfg_t* cfg);
 152
 153 /** Return true iff the sandbox is turned on. */
 154 int sandbox_is_active(void);
 155
 156 #endif /* !defined(SANDBOX_H_) */