added a sandbox file and extracted the functions that will be sandboxed

This commit is contained in:
Andrei Medar 2020-09-10 15:22:22 +00:00
parent de27b90ae4
commit 56481b1c9f
3 changed files with 110 additions and 15 deletions

View File

@ -27,24 +27,51 @@ add_subdirectory("${SAPI_ROOT}"
EXCLUDE_FROM_ALL
)
file(STRINGS functions_to_sandbox.txt FUNCTIONS_LIST)
add_sapi_library(
libarchive_sapi
#FUNCTIONS ${FUNCTIONS_LIST}
#FUNCTIONS archive_read_new
FUNCTIONS
archive_read_new
archive_write_disk_new
archive_write_disk_set_options
archive_read_support_filter_bzip2
archive_read_support_filter_gzip
archive_read_support_filter_compress
archive_read_support_format_tar
archive_read_support_format_cpio
archive_write_disk_set_standard_lookup
archive_read_open_filename
archive_error_string
archive_read_next_header
archive_entry_pathname
archive_entry_free
archive_entry_new
archive_entry_pathname
archive_entry_sourcepath
archive_error_string
archive_read_close
archive_read_data_block
archive_read_disk_descend
archive_read_disk_new
archive_read_disk_open
archive_read_disk_set_standard_lookup
archive_read_free
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open_filename
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_gzip
archive_read_support_format_cpio
archive_read_support_format_tar
archive_write_add_filter_bzip2
archive_write_add_filter_compress
archive_write_add_filter_gzip
archive_write_add_filter_none
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_new
archive_write_disk_set_options
archive_write_disk_set_standard_lookup
archive_write_free
archive_write_header
archive_write_new
archive_write_open_filename
archive_write_set_format_ustar
INPUTS libarchive/libarchive/archive.h
LIBRARY archive
LIBRARY_NAME Libarchive

View File

@ -0,0 +1,32 @@
#ifndef SAPI_LIBARCHIVE_SANDBOX_H
#define SAPI_LIBARCHIVE_SANDBOX_H
#include <syscall.h>
#include "libarchive_sapi.sapi.h"
class SapiLibarchiveSandboxCreate : public LibarchiveSandbox {
public:
// TODO
explicit SapiLibarchiveSandboxCreate() {}
private:
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
sandbox2::PolicyBuilder*) override {
return sandbox2::PolicyBuilder()
.BuildOrDie();
}
}
class SapiLibarchiveSandboxExtract : public LibarchiveSandbox {
public:
// TODO
explicit SapiLibarchiveSandboxExtract() {}
private:
virtual void ModifyExecutor(sandbox2::Executor* executor) override {
// TODO create /output/ + chdir here if do_execute
}
}
#endif // SAPI_LIBARCHIVE_SANDBOX_H

View File

@ -0,0 +1,36 @@
archive_entry_free
archive_entry_new
archive_entry_pathname
archive_entry_sourcepath
archive_error_string
archive_read_close
archive_read_data_block
archive_read_disk_descend
archive_read_disk_new
archive_read_disk_open
archive_read_disk_set_standard_lookup
archive_read_free
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open_filename
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_gzip
archive_read_support_format_cpio
archive_read_support_format_tar
archive_write_add_filter_bzip2
archive_write_add_filter_compress
archive_write_add_filter_gzip
archive_write_add_filter_none
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_new
archive_write_disk_set_options
archive_write_disk_set_standard_lookup
archive_write_free
archive_write_header
archive_write_new
archive_write_open_filename
archive_write_set_format_ustar