Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto

PiperOrigin-RevId: 434435260
Change-Id: Ie4cfe04bf1a9357e63b6159c3d5a8b95388b5292

sandboxed_api/sandbox2/BUILD.bazel

@@ -472,7 +472,7 @@ cc_library(
     hdrs = ["mounts.h"],
     copts = sapi_platform_copts(),
     deps = [
-        ":mounttree_cc_proto",
+        ":mount_tree_cc_proto",
         "//sandboxed_api:config",
         "//sandboxed_api/sandbox2/util:minielf",
         "//sandboxed_api/util:file_base",
@@ -495,8 +495,8 @@ cc_test(
     copts = sapi_platform_copts(),
     data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"],
     deps = [
+        ":mount_tree_cc_proto",
         ":mounts",
-        ":mounttree_cc_proto",
         "//sandboxed_api:testing",
         "//sandboxed_api/util:file_base",
         "//sandboxed_api/util:file_helpers",
@@ -513,8 +513,8 @@ cc_library(
     hdrs = ["namespace.h"],
     copts = sapi_platform_copts(),
     deps = [
+        ":mount_tree_cc_proto",
         ":mounts",
-        ":mounttree_cc_proto",
         ":util",
         ":violation_cc_proto",
         "//sandboxed_api/util:file_base",
@@ -630,12 +630,12 @@ sapi_proto_library(
     name = "forkserver_proto",
     srcs = ["forkserver.proto"],
     copts = sapi_platform_copts(),
-    deps = [":mounttree_proto"],
+    deps = [":mount_tree_proto"],
 )
 
 sapi_proto_library(
-    name = "mounttree_proto",
+    name = "mount_tree_proto",
-    srcs = ["mounttree.proto"],
+    srcs = ["mount_tree.proto"],
 )
 
 cc_library(
@@ -886,7 +886,7 @@ cc_library(
 sapi_proto_library(
     name = "violation_proto",
     srcs = ["violation.proto"],
-    deps = [":mounttree_proto"],
+    deps = [":mount_tree_proto"],
 )
 
 cc_test(

sandboxed_api/sandbox2/CMakeLists.txt

@@ -336,7 +336,7 @@ target_link_libraries(sandbox2_sandbox2
           sandbox2::limits
           sandbox2::logsink
           sandbox2::mounts
-          sandbox2::mounttree_proto
+          sandbox2::mount_tree_proto
           sandbox2::namespace
           sandbox2::network_proxy_client
           sandbox2::network_proxy_server
@@ -461,7 +461,7 @@ target_link_libraries(sandbox2_mounts
          absl::status
          absl::statusor
          absl::strings
-         sandbox2::mounttree_proto
+         sandbox2::mount_tree_proto
 )
 
 # sandboxed_api/sandbox2:namespace
@@ -479,7 +479,7 @@ target_link_libraries(sandbox2_namespace PRIVATE
   sapi::file_base
   sapi::fileops
   sandbox2::mounts
-  sandbox2::mounttree_proto
+  sandbox2::mount_tree_proto
   sapi::strerror
   sandbox2::util
   sandbox2::violation_proto
@@ -560,20 +560,20 @@ add_library(sandbox2_forkserver_proto ${SAPI_LIB_TYPE}
 add_library(sandbox2::forkserver_proto ALIAS sandbox2_forkserver_proto)
 target_link_libraries(sandbox2_forkserver_proto PRIVATE
   protobuf::libprotobuf
-  sandbox2::mounttree_proto
+  sandbox2::mount_tree_proto
   sapi::base
 )
 
-# sandboxed_api/sandbox2:mounttree_proto
+# sandboxed_api/sandbox2:mount_tree_proto
-sapi_protobuf_generate_cpp(_sandbox2_mounttree_pb_h _sandbox2_mounttree_pb_cc
+sapi_protobuf_generate_cpp(_sandbox2_mount_tree_pb_h _sandbox2_mount_tree_pb_cc
-  mounttree.proto
+  mount_tree.proto
 )
-add_library(sandbox2_mounttree_proto ${SAPI_LIB_TYPE}
+add_library(sandbox2_mount_tree_proto ${SAPI_LIB_TYPE}
-  ${_sandbox2_mounttree_pb_cc}
+  ${_sandbox2_mount_tree_pb_cc}
-  ${_sandbox2_mounttree_pb_h}
+  ${_sandbox2_mount_tree_pb_h}
 )
-add_library(sandbox2::mounttree_proto ALIAS sandbox2_mounttree_proto)
+add_library(sandbox2::mount_tree_proto ALIAS sandbox2_mount_tree_proto)
-target_link_libraries(sandbox2_mounttree_proto PRIVATE
+target_link_libraries(sandbox2_mount_tree_proto PRIVATE
   protobuf::libprotobuf
   sapi::base
 )
@@ -613,7 +613,7 @@ add_library(sandbox2_violation_proto ${SAPI_LIB_TYPE}
 add_library(sandbox2::violation_proto ALIAS sandbox2_violation_proto)
 target_link_libraries(sandbox2_violation_proto PRIVATE
   protobuf::libprotobuf
-  sandbox2::mounttree_proto
+  sandbox2::mount_tree_proto
   sapi::base
 )
 
@@ -668,7 +668,7 @@ if(SAPI_ENABLE_TESTS)
     absl::strings
     sapi::file_base
     sandbox2::mounts
-    sandbox2::mounttree_proto
+    sandbox2::mount_tree_proto
     sapi::temp_file
     sapi::testing
     sapi::status_matchers

sandboxed_api/sandbox2/forkserver.proto

@@ -18,7 +18,7 @@ syntax = "proto2";
 
 package sandbox2;
 
-import "sandboxed_api/sandbox2/mounttree.proto";
+import "sandboxed_api/sandbox2/mount_tree.proto";
 
 enum Mode {
   // Fork, execve and sandbox

sandboxed_api/sandbox2/mount_tree.proto

@@ -14,7 +14,7 @@
 
 // A proto for serializing the sandbox2::MountTree class
 
-syntax = "proto2";
+syntax = "proto3";
 
 package sandbox2;
 
@@ -26,24 +26,24 @@ message MountTree {
   // FileNode represents a bind mount for a regular file using "outside" as the
   // source.
   message FileNode {
-    required string outside = 2;
+    optional string outside = 2;
-    required bool is_ro = 3;
+    optional bool writable = 3;
   }
 
   // DirNode is like FileNode but for directories.
   message DirNode {
-    required string outside = 2;
+    optional string outside = 2;
-    required bool is_ro = 3;
+    optional bool writable = 3;
   }
 
   // TmpfsNode mounts a tmpfs with given options.
   message TmpfsNode {
-    required string tmpfs_options = 1;
+    optional string tmpfs_options = 1;
   }
 
   // RootNode is as special node for root of the MountTree
   message RootNode {
-    required bool is_ro = 3;
+    optional bool writable = 3;
   }
 
   message Node {

sandboxed_api/sandbox2/mounts.cc

@@ -37,7 +37,7 @@
 #include "absl/strings/string_view.h"
 #include "absl/strings/strip.h"
 #include "sandboxed_api/config.h"
-#include "sandboxed_api/sandbox2/mounttree.pb.h"
+#include "sandboxed_api/sandbox2/mount_tree.pb.h"
 #include "sandboxed_api/sandbox2/util/minielf.h"
 #include "sandboxed_api/util/fileops.h"
 #include "sandboxed_api/util/path.h"
@@ -155,16 +155,16 @@ bool IsEquivalentNode(const MountTree::Node& n1, const MountTree::Node& n2) {
   switch (n1.node_case()) {
     case MountTree::Node::kFileNode:
       // Check whether files are the same (e.g. symlinks / hardlinks)
-      return n1.file_node().is_ro() == n2.file_node().is_ro() &&
+      return n1.file_node().writable() == n2.file_node().writable() &&
              IsSameFile(n1.file_node().outside(), n2.file_node().outside());
     case MountTree::Node::kDirNode:
       // Check whether dirs are the same (e.g. symlinks / hardlinks)
-      return n1.dir_node().is_ro() == n2.dir_node().is_ro() &&
+      return n1.dir_node().writable() == n2.dir_node().writable() &&
              IsSameFile(n1.dir_node().outside(), n2.dir_node().outside());
     case MountTree::Node::kTmpfsNode:
       return n1.tmpfs_node().tmpfs_options() == n2.tmpfs_node().tmpfs_options();
     case MountTree::Node::kRootNode:
-      return n1.root_node().is_ro() == n2.root_node().is_ro();
+      return n1.root_node().writable() == n2.root_node().writable();
     default:
       return false;
   }
@@ -263,7 +263,7 @@ absl::Status Mounts::AddFileAt(absl::string_view outside,
   MountTree::Node node;
   auto* file_node = node.mutable_file_node();
   file_node->set_outside(std::string(outside));
-  file_node->set_is_ro(is_ro);
+  file_node->set_writable(!is_ro);
   return Insert(inside, node);
 }
 
@@ -272,7 +272,7 @@ absl::Status Mounts::AddDirectoryAt(absl::string_view outside,
   MountTree::Node node;
   auto dir_node = node.mutable_dir_node();
   dir_node->set_outside(std::string(outside));
-  dir_node->set_is_ro(is_ro);
+  dir_node->set_writable(!is_ro);
   return Insert(inside, node);
 }
 
@@ -628,7 +628,7 @@ void CreateMounts(const MountTree& tree, const std::string& path,
 
       auto node = tree.node().dir_node();
       MountWithDefaults(node.outside(), path, "", MS_BIND, nullptr,
-                        node.is_ro());
+                        !node.writable());
       break;
     }
     case MountTree::Node::kTmpfsNode: {
@@ -643,7 +643,7 @@ void CreateMounts(const MountTree& tree, const std::string& path,
     case MountTree::Node::kFileNode: {
       auto node = tree.node().file_node();
       MountWithDefaults(node.outside(), path, "", MS_BIND, nullptr,
-                        node.is_ro());
+                        !node.writable());
 
       // A file node has to be a leaf so we can skip traversing here.
       return;
@@ -676,11 +676,11 @@ void RecursivelyListMountsImpl(const MountTree& tree,
                                std::vector<std::string>* inside_entries) {
   const MountTree::Node& node = tree.node();
   if (node.has_dir_node()) {
-    const char* rw_str = node.dir_node().is_ro() ? "R " : "W ";
+    const char* rw_str = node.dir_node().writable() ? "W " : "R ";
     inside_entries->emplace_back(absl::StrCat(rw_str, tree_path, "/"));
     outside_entries->emplace_back(absl::StrCat(node.dir_node().outside(), "/"));
   } else if (node.has_file_node()) {
-    const char* rw_str = node.file_node().is_ro() ? "R " : "W ";
+    const char* rw_str = node.file_node().writable() ? "W " : "R ";
     inside_entries->emplace_back(absl::StrCat(rw_str, tree_path));
     outside_entries->emplace_back(absl::StrCat(node.file_node().outside()));
   } else if (node.has_tmpfs_node()) {

sandboxed_api/sandbox2/mounts.h

@@ -22,7 +22,7 @@
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
-#include "sandboxed_api/sandbox2/mounttree.pb.h"
+#include "sandboxed_api/sandbox2/mount_tree.pb.h"
 
 namespace sandbox2 {
 
@@ -36,7 +36,7 @@ class Mounts {
  public:
   Mounts() {
     MountTree::Node root;
-    root.mutable_root_node()->set_is_ro(true);
+    root.mutable_root_node()->set_writable(false);
     *mount_tree_.mutable_node() = root;
   }
 
@@ -65,12 +65,12 @@ class Mounts {
   MountTree GetMountTree() const { return mount_tree_; }
 
   void SetRootWritable() {
-    mount_tree_.mutable_node()->mutable_root_node()->set_is_ro(false);
+    mount_tree_.mutable_node()->mutable_root_node()->set_writable(true);
   }
 
   bool IsRootReadOnly() const {
     return mount_tree_.has_node() && mount_tree_.node().has_root_node() &&
-           mount_tree_.node().root_node().is_ro();
+           !mount_tree_.node().root_node().writable();
   }
 
   // Lists the outside and inside entries of the input tree in the output

sandboxed_api/sandbox2/mounts_test.cc

@@ -247,25 +247,25 @@ TEST(MountTreeTest, TestList) {
 TEST(MountTreeTest, TestNodeEquivalence) {
   MountTree::Node nodes[8];
   MountTree::FileNode* fn0 = nodes[0].mutable_file_node();
-  fn0->set_is_ro(true);
+  fn0->set_writable(false);
   fn0->set_outside("foo");
   MountTree::FileNode* fn1 = nodes[1].mutable_file_node();
-  fn1->set_is_ro(true);
+  fn1->set_writable(false);
   fn1->set_outside("bar");
   MountTree::DirNode* dn0 = nodes[2].mutable_dir_node();
-  dn0->set_is_ro(true);
+  dn0->set_writable(false);
   dn0->set_outside("foo");
   MountTree::DirNode* dn1 = nodes[3].mutable_dir_node();
-  dn1->set_is_ro(true);
+  dn1->set_writable(false);
   dn1->set_outside("bar");
   MountTree::TmpfsNode* tn0 = nodes[4].mutable_tmpfs_node();
   tn0->set_tmpfs_options("option1");
   MountTree::TmpfsNode* tn1 = nodes[5].mutable_tmpfs_node();
   tn1->set_tmpfs_options("option2");
   MountTree::RootNode* rn0 = nodes[6].mutable_root_node();
-  rn0->set_is_ro(true);
+  rn0->set_writable(false);
   MountTree::RootNode* rn1 = nodes[7].mutable_root_node();
-  rn1->set_is_ro(false);
+  rn1->set_writable(true);
 
   for (const MountTree::Node n : nodes) {
     ASSERT_TRUE(n.IsInitialized());

sandboxed_api/sandbox2/violation.proto

@@ -16,7 +16,7 @@ syntax = "proto3";
 
 package sandbox2;
 
-import "sandboxed_api/sandbox2/mounttree.proto";
+import "sandboxed_api/sandbox2/mount_tree.proto";
 
 enum PBViolationType {
   VIOLATION_TYPE_UNSPECIFIED = 0;