diff --git a/sandboxed_api/sandbox.h b/sandboxed_api/sandbox.h index f0503f6..91f932d 100644 --- a/sandboxed_api/sandbox.h +++ b/sandboxed_api/sandbox.h @@ -131,7 +131,7 @@ class Sandbox { sandbox2::PolicyBuilder* builder); // Path of the sandboxee: - // - relative to runfiles directory: ::sandbox2::GetDataDependencyFilePath() + // - relative to runfiles directory: ::sapi::GetDataDependencyFilePath() // will be applied to it, // - absolute: will be used as is. virtual std::string GetLibPath() const { return ""; } diff --git a/sandboxed_api/sandbox2/examples/crc4/crc4sandbox.cc b/sandboxed_api/sandbox2/examples/crc4/crc4sandbox.cc index 04926a2..c7b2548 100644 --- a/sandboxed_api/sandbox2/examples/crc4/crc4sandbox.cc +++ b/sandboxed_api/sandbox2/examples/crc4/crc4sandbox.cc @@ -91,8 +91,9 @@ int main(int argc, char** argv) { return 1; } - const std::string path = - sapi::GetInternalDataDependencyFilePath("sandbox2/examples/crc4/crc4bin"); + // Note: In your own code, use sapi::GetDataDependencyFilePath() instead. + const std::string path = sapi::internal::GetSapiDataDependencyFilePath( + "sandbox2/examples/crc4/crc4bin"); std::vector args = {path}; if (absl::GetFlag(FLAGS_call_syscall_not_allowed)) { args.push_back("-call_syscall_not_allowed"); diff --git a/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox.cc b/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox.cc index 94f825a..3719c8f 100644 --- a/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox.cc +++ b/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox.cc @@ -117,7 +117,8 @@ int main(int argc, char** argv) { #endif // Start a custom fork-server (via sandbox2::Executor). - const std::string path = sapi::GetInternalDataDependencyFilePath( + // Note: In your own code, use sapi::GetDataDependencyFilePath() instead. + const std::string path = sapi::internal::GetSapiDataDependencyFilePath( "sandbox2/examples/custom_fork/custom_fork_bin"); std::vector args = {path}; std::vector envs = {}; diff --git a/sandboxed_api/sandbox2/examples/network/network_sandbox.cc b/sandboxed_api/sandbox2/examples/network/network_sandbox.cc index c1f3aa0..a1d4c8d 100644 --- a/sandboxed_api/sandbox2/examples/network/network_sandbox.cc +++ b/sandboxed_api/sandbox2/examples/network/network_sandbox.cc @@ -179,7 +179,8 @@ int main(int argc, char** argv) { std::thread server_thread{Server,port}; server_thread.detach(); - const std::string path = sapi::GetInternalDataDependencyFilePath( + // Note: In your own code, use sapi::GetDataDependencyFilePath() instead. + const std::string path = sapi::internal::GetSapiDataDependencyFilePath( "sandbox2/examples/network/network_bin"); std::vector args = {path}; std::vector envs = {}; diff --git a/sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox.cc b/sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox.cc index a45723d..23d1533 100644 --- a/sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox.cc +++ b/sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox.cc @@ -129,8 +129,9 @@ int main(int argc, char** argv) { std::thread server_thread{Server,port}; server_thread.detach(); + // Note: In your own code, use sapi::GetDataDependencyFilePath() instead. const std::string path = - sapi::GetInternalDataDependencyFilePath(kSandboxeePath); + sapi::internal::GetSapiDataDependencyFilePath(kSandboxeePath); std::vector args = {path}; if (!absl::GetFlag(FLAGS_connect_with_handler)) { args.push_back("--noconnect_with_handler"); diff --git a/sandboxed_api/sandbox2/examples/static/static_sandbox.cc b/sandboxed_api/sandbox2/examples/static/static_sandbox.cc index 2ef1bcc..a56ebc6 100644 --- a/sandboxed_api/sandbox2/examples/static/static_sandbox.cc +++ b/sandboxed_api/sandbox2/examples/static/static_sandbox.cc @@ -108,7 +108,8 @@ int main(int argc, char** argv) { gflags::ParseCommandLineFlags(&argc, &argv, true); google::InitGoogleLogging(argv[0]); - const std::string path = sapi::GetInternalDataDependencyFilePath( + // Note: In your own code, use sapi::GetDataDependencyFilePath() instead. + const std::string path = sapi::internal::GetSapiDataDependencyFilePath( "sandbox2/examples/static/static_bin"); std::vector args = {path}; auto executor = absl::make_unique(path, args); diff --git a/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc b/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc index 3f30876..24a7495 100644 --- a/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc +++ b/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc @@ -78,8 +78,9 @@ int main(int argc, char** argv) { return 1; } - const std::string path = - sapi::GetInternalDataDependencyFilePath("sandbox2/examples/zlib/zpipe"); + // Note: In your own code, use sapi::GetDataDependencyFilePath() instead. + const std::string path = sapi::internal::GetSapiDataDependencyFilePath( + "sandbox2/examples/zlib/zpipe"); std::vector args = {path}; if (absl::GetFlag(FLAGS_decompress)) { args.push_back("-d"); diff --git a/sandboxed_api/util/BUILD.bazel b/sandboxed_api/util/BUILD.bazel index 8fb5b62..761bcbe 100644 --- a/sandboxed_api/util/BUILD.bazel +++ b/sandboxed_api/util/BUILD.bazel @@ -127,6 +127,7 @@ cc_library( srcs = ["runfiles.cc"], hdrs = ["runfiles.h"], copts = sapi_platform_copts(), + visibility = ["//visibility:public"], deps = [ ":file_base", ":flags", diff --git a/sandboxed_api/util/runfiles.cc b/sandboxed_api/util/runfiles.cc index 25e3b31..77ab97f 100644 --- a/sandboxed_api/util/runfiles.cc +++ b/sandboxed_api/util/runfiles.cc @@ -21,11 +21,11 @@ #include "sandboxed_api/util/runfiles.h" #include "tools/cpp/runfiles/runfiles.h" -using bazel::tools::cpp::runfiles::Runfiles; - namespace sapi { std::string GetDataDependencyFilePath(absl::string_view relative_path) { + using bazel::tools::cpp::runfiles::Runfiles; + static Runfiles* runfiles = []() { std::string error; auto* runfiles = Runfiles::Create(gflags::GetArgv0(), &error); @@ -40,9 +40,12 @@ std::string GetDataDependencyFilePath(absl::string_view relative_path) { return runfiles->Rlocation(std::string(relative_path)); } -std::string GetInternalDataDependencyFilePath(absl::string_view relative_path) { - return GetDataDependencyFilePath( - file::JoinPath("com_google_sandboxed_api/sandboxed_api", relative_path)); +namespace internal { + +std::string GetSapiDataDependencyFilePath(absl::string_view relative_path) { + return GetDataDependencyFilePath(file::JoinPath( + "com_google_sandboxed_api", "sandboxed_api", relative_path)); } +} // namespace internal } // namespace sapi diff --git a/sandboxed_api/util/runfiles.h b/sandboxed_api/util/runfiles.h index 647b97f..b3f641a 100644 --- a/sandboxed_api/util/runfiles.h +++ b/sandboxed_api/util/runfiles.h @@ -25,10 +25,13 @@ namespace sapi { // should be relative to the runfiles directory. std::string GetDataDependencyFilePath(absl::string_view relative_path); -// Like GetDataDependencyFilePath(), but prepends the location of the Sandboxed -// API root runfiles path. -std::string GetInternalDataDependencyFilePath(absl::string_view relative_path); +namespace internal { +// Like ::sapi::GetDataDependencyFilePath(), but prepends the location of the +// Sandboxed API root runfiles path. +std::string GetSapiDataDependencyFilePath(absl::string_view relative_path); + +} // namespace internal } // namespace sapi #endif // SANDBOXED_API_UTIL_RUNFILES_H_ diff --git a/sandboxed_api/util/runfiles_nobazel.cc b/sandboxed_api/util/runfiles_nobazel.cc index 2d59c87..f8a6f17 100644 --- a/sandboxed_api/util/runfiles_nobazel.cc +++ b/sandboxed_api/util/runfiles_nobazel.cc @@ -37,11 +37,14 @@ std::string GetDataDependencyFilePath(absl::string_view relative_path) { return file::JoinPath(resolved, relative_path); } -std::string GetInternalDataDependencyFilePath(absl::string_view relative_path) { +namespace internal { + +std::string GetSapiDataDependencyFilePath(absl::string_view relative_path) { // The Bazel version has an additional "com_google_sandboxed_api" path // component. return GetDataDependencyFilePath( file::JoinPath("sandboxed_api", relative_path)); } +} // namespace internal } // namespace sapi