Formatting fixes.

PiperOrigin-RevId: 239159980
Change-Id: Ic6185368392622bf3f4c661e37f6b9fcca0d60a6

sandboxed_api/client.cc

@@ -36,6 +36,7 @@
 #ifdef MEMORY_SANITIZER
 #include <sanitizer/allocator_interface.h>
 #endif
+
 #include <ffi.h>
 #include <ffitarget.h>
 

sandboxed_api/sandbox.cc

@@ -170,6 +170,7 @@ static std::string PathToSAPILib(const std::string& lib_path) {
       return ::sapi::UnavailableError("Could not start the forkserver");
     }
   }
+
     sandbox2::PolicyBuilder policy_builder;
     InitDefaultPolicyBuilder(&policy_builder);
   auto s2p = ModifyPolicy(&policy_builder);

sandboxed_api/sandbox2/comms.cc

@@ -48,6 +48,7 @@
 #ifdef MEMORY_SANITIZER
 #include "base/dynamic_annotations.h"
 #endif
+
 // Future extension point used to mark code sections that invoke syscalls that
 // potentially block.
 // Internally at Google, there is an implementation that supports light-weight

sandboxed_api/sandbox2/executor.h

@@ -79,11 +79,14 @@ class Executor final {
 
   // Accessors
   IPC* ipc() { return &ipc_; }
+
   Limits* limits() { return &limits_; }
+
   Executor& set_enable_sandbox_before_exec(bool value) {
     enable_sandboxing_pre_execve_ = value;
     return *this;
   }
+
   Executor& set_cwd(std::string value) {
     cwd_ = std::move(value);
     return *this;

sandboxed_api/sandbox2/ipc.cc

@@ -110,6 +110,7 @@ void IPC::EnableNetworkProxyServer() {
     NetworkProxyServer network_proxy_server(fd);
     network_proxy_server.Run();
   };
+
   std::thread proxy_thread{proxy_server};
   proxy_thread.detach();
 }

sandboxed_api/sandbox2/ipc.h

@@ -37,6 +37,7 @@ class IPC final {
   IPC& operator=(const IPC&) = delete;
 
   ~IPC() { InternalCleanupFdMap(); }
+
   Comms* comms() const { return comms_.get(); }
 
   // Marks local_fd so that it should be sent to the remote process (sandboxee),

sandboxed_api/sandbox2/limits.h

@@ -55,6 +55,7 @@ class Limits final {
     rlimit_as_.rlim_max = value;
     return *this;
   }
+
   const rlimit64& rlimit_cpu() const { return rlimit_cpu_; }
   Limits& set_rlimit_cpu(const rlimit64& value) {
     rlimit_cpu_ = value;
@@ -65,6 +66,7 @@ class Limits final {
     rlimit_cpu_.rlim_max = value;
     return *this;
   }
+
   const rlimit64& rlimit_fsize() const { return rlimit_fsize_; }
   Limits& set_rlimit_fsize(const rlimit64& value) {
     rlimit_fsize_ = value;
@@ -75,6 +77,7 @@ class Limits final {
     rlimit_fsize_.rlim_max = value;
     return *this;
   }
+
   const rlimit64& rlimit_nofile() const { return rlimit_nofile_; }
   Limits& set_rlimit_nofile(const rlimit64& value) {
     rlimit_nofile_ = value;
@@ -85,6 +88,7 @@ class Limits final {
     rlimit_nofile_.rlim_max = value;
     return *this;
   }
+
   const rlimit64& rlimit_core() const { return rlimit_core_; }
   Limits& set_rlimit_core(const rlimit64& value) {
     rlimit_core_ = value;

sandboxed_api/sandbox2/monitor.cc

@@ -1012,6 +1012,7 @@ void Monitor::StateProcessStopped(pid_t pid, int status) {
     }
     should_dump_stack_ = false;
   }
+
 #if !defined(PTRACE_EVENT_STOP)
 #define PTRACE_EVENT_STOP 128
 #endif

sandboxed_api/sandbox2/policy_test.cc

@@ -67,6 +67,7 @@ TEST(PolicyTest, AMD64Syscall32PolicyAllowed) {
 
   Sandbox2 s2(std::move(executor), std::move(policy));
   auto result = s2.Run();
+
     ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
     EXPECT_THAT(result.reason_code(), Eq(1));  // __NR_exit in 32-bit
     EXPECT_THAT(result.GetSyscallArch(), Eq(Syscall::kX86_32));
@@ -83,6 +84,7 @@ TEST(PolicyTest, AMD64Syscall32FsAllowed) {
 
   Sandbox2 s2(std::move(executor), std::move(policy));
   auto result = s2.Run();
+
     ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
     EXPECT_THAT(result.reason_code(),
                 Eq(33));  // __NR_access in 32-bit

sandboxed_api/sandbox2/sandbox2.cc

@@ -83,6 +83,7 @@ void Sandbox2::Kill() {
   if (monitor_thread_ == nullptr) {
     return;
   }
+
   pthread_kill(monitor_thread_->native_handle(), Monitor::kExternalKillSignal);
 }
 
@@ -92,6 +93,7 @@ void Sandbox2::DumpStackTrace() {
   if (monitor_thread_ == nullptr) {
     return;
   }
+
   pthread_kill(monitor_thread_->native_handle(), Monitor::kDumpStackSignal);
 }
 
@@ -110,6 +112,7 @@ void Sandbox2::SetWallTimeLimit(time_t limit) const {
 
   union sigval v;
   v.sival_int = static_cast<int>(limit);
+
   pthread_sigqueue(monitor_thread_->native_handle(), Monitor::kTimerSetSignal,
                    v);
 }

sandboxed_api/sandbox2/util/bpf_helper.c

@@ -22,7 +22,6 @@
 // and can serve as a starting point for developing
 // applications using prctl(PR_ATTACH_SECCOMP_FILTER).
 
-
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
 
 #include <stdio.h>
@@ -107,4 +106,3 @@ void seccomp_bpf_print(struct sock_filter *filter, size_t count)
 		printf("{ code=%u,jt=%u,jf=%u,k=%u },\n",
 			filter->code, filter->jt, filter->jf, filter->k);
 }
-

sandboxed_api/sandbox2/util/bpf_helper.h

@@ -295,5 +295,4 @@ union arg64 {
 }
 #endif
 
-
 #endif  // SANDBOXED_API_SANDBOX2_UTIL_BPF_HELPER_H_

sandboxed_api/sandbox2/util/fileops.h

@@ -22,6 +22,7 @@
 
 namespace sandbox2 {
 namespace file_util {
+
 namespace fileops {
 
 // RAII helper class to automatically close file descriptors.

sandboxed_api/sandbox2/util/path.h

@@ -20,6 +20,7 @@
 #include <utility>
 
 #include "absl/strings/string_view.h"
+
 namespace sandbox2 {
 namespace file {
 

sandboxed_api/tools/generator2/sapi_generator.py

@@ -19,7 +19,6 @@ interface wrapper.
 """
 import sys
 
-
 from absl import app
 from absl import flags
 from absl import logging

sandboxed_api/util/flag.h

@@ -14,6 +14,7 @@
 
 #ifndef SANDBOXED_API_UTIL_FLAG_H_
 #define SANDBOXED_API_UTIL_FLAG_H_
+
 #include <gflags/gflags.h>
 
 #define ABSL_FLAG(type, name, default_value, help) \