Move utility code into `sandboxed_api/util`

This change should make it less confusing where utility code comes from.
Having it in two places made sense when we were debating whether to publish
Sandbox2 separately, but not any longer.

Follow-up changes will move `sandbox2/util.h` and rename the remaining
`sandbox2/util` folder.

PiperOrigin-RevId: 351601640
Change-Id: I6256845261f610e590c25e2c59851cc51da2d778

oss-internship-2020/gdal/raster.cc

@@ -20,7 +20,7 @@
 
 #include <glog/logging.h>
 #include "gdal_sapi.sapi.h"  // NOLINT(build/include)
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/util/fileops.h"
 
 class GdalSapiSandbox : public GDALSandbox {
  public:

oss-internship-2020/gdal/raster_to_gtiff/CMakeLists.txt

@@ -92,10 +92,10 @@ add_library(utils STATIC
 
 target_link_libraries(utils PUBLIC
   sapi::sapi
-  sandbox2::temp_file
-  sandbox2::fileops
+  sapi::temp_file
+  sapi::fileops
   sandbox2::util
-  sandbox2::file_base
+  sapi::file_base
 )
 
 add_library(gtiff_converter STATIC
@@ -129,8 +129,8 @@ if (ENABLE_TESTS)
     utils
     gtest
     gtest_main
-    sandbox2::testing
-    sandbox2::file_base
+    sapi::testing
+    sapi::file_base
   )
 
   gtest_discover_tests(tests PROPERTIES

oss-internship-2020/gdal/raster_to_gtiff/gtiff_converter.cc

@@ -14,7 +14,7 @@
 
 #include "gtiff_converter.h"  // NOLINT(build/include)
 
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/util/fileops.h"
 
 namespace gdal::sandbox {
 

oss-internship-2020/gdal/raster_to_gtiff/raster_to_gtiff.cc

@@ -19,8 +19,8 @@
 
 #include "get_raster_data.h"  // NOLINT(build/include)
 #include "gtiff_converter.h"  // NOLINT(build/include)
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 #include "utils.h"  // NOLINT(build/include)
 
 namespace {

oss-internship-2020/gdal/raster_to_gtiff/tests.cc

@@ -19,9 +19,9 @@
 #include "get_raster_data.h"  // NOLINT(build/include)
 #include "gtiff_converter.h"  // NOLINT(build/include)
 #include "gtest/gtest.h"
-#include "sandboxed_api/sandbox2/testing.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/testing.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 #include "utils.h"  // NOLINT(build/include)
 
 namespace {

oss-internship-2020/gdal/raster_to_gtiff/utils.cc

@@ -16,9 +16,9 @@
 
 #include <unistd.h>
 
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
-#include "sandboxed_api/sandbox2/util/temp_file.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
+#include "sandboxed_api/util/temp_file.h"
 
 namespace gdal::sandbox::utils {
 

oss-internship-2020/guetzli/guetzli_entry_points.cc

@@ -26,7 +26,7 @@
 #include "guetzli/quality.h"
 #include "png.h"  // NOLINT(build/include)
 #include "absl/status/statusor.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/util/fileops.h"
 
 namespace {
 

oss-internship-2020/guetzli/guetzli_sandboxed.cc

@@ -16,7 +16,7 @@
 #include <iostream>
 
 #include "guetzli_transaction.h"  // NOLINT(build/include)
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/util/fileops.h"
 
 namespace {
 

oss-internship-2020/guetzli/guetzli_sapi_test.cc

@@ -25,7 +25,6 @@
 #include "guetzli_sandbox.h"  // NOLINT(build/include)
 #include "gtest/gtest.h"
 #include "absl/status/statusor.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
 #include "sandboxed_api/vars.h"
 
 namespace guetzli::sandbox::tests {

oss-internship-2020/guetzli/guetzli_transaction_test.cc

@@ -24,7 +24,6 @@
 #include <sstream>
 
 #include "gtest/gtest.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
 
 namespace guetzli::sandbox::tests {
 

oss-internship-2020/jsonnet/examples/CMakeLists.txt

@@ -53,8 +53,8 @@ foreach(exe base multiple_files yaml_stream formatter)
     libjsonnet
     jsonnet_helper
     jsonnet_sapi
-    sandbox2::file_base
-    sandbox2::fileops
+    sapi::file_base
+    sapi::fileops
     sapi::sapi
   )
 

oss-internship-2020/jsonnet/examples/jsonnet_base_example.cc

@@ -16,12 +16,12 @@
 #include <iostream>
 
 #include "jsonnet_base_sandbox.h"  // NOLINT(build/include)
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 
 absl::Status JsonnetMain(std::string in_file, std::string out_file) {
-  using sandbox2::file::JoinPath;
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file::JoinPath;
+  using sapi::file_util::fileops::Basename;
 
   // Initialize sandbox.
   JsonnetBaseSandbox sandbox(in_file, out_file);
@@ -70,7 +70,7 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
 }
 
 int main(int argc, char* argv[]) {
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file_util::fileops::Basename;
 
   google::InitGoogleLogging(argv[0]);
   gflags::ParseCommandLineFlags(&argc, &argv, true);

oss-internship-2020/jsonnet/examples/jsonnet_base_transaction.cc

@@ -14,12 +14,12 @@
 
 #include "jsonnet_base_transaction.h"  // NOLINT(build/include)
 
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 
 absl::Status JsonnetTransaction::Main() {
-  using sandbox2::file::JoinPath;
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file::JoinPath;
+  using sapi::file_util::fileops::Basename;
 
   JsonnetApi api(sandbox());
 
@@ -62,7 +62,7 @@ absl::Status JsonnetTransaction::Main() {
 }
 
 int main(int argc, char* argv[]) {
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file_util::fileops::Basename;
 
   google::InitGoogleLogging(argv[0]);
   gflags::ParseCommandLineFlags(&argc, &argv, true);

oss-internship-2020/jsonnet/examples/jsonnet_formatter_example.cc

@@ -20,8 +20,8 @@
 
 #include "jsonnet_sapi.sapi.h"  // NOLINT(build/include)
 #include "sandboxed_api/util/flag.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 
 class JsonnetSapiSandbox : public JsonnetSandbox {
  public:
@@ -54,8 +54,8 @@ class JsonnetSapiSandbox : public JsonnetSandbox {
 };
 
 absl::Status JsonnetMain(std::string in_file, std::string out_file) {
-  using sandbox2::file::JoinPath;
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file::JoinPath;
+  using sapi::file_util::fileops::Basename;
 
   // Initialize sandbox.
   JsonnetSapiSandbox sandbox(in_file, out_file);
@@ -103,7 +103,7 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
 }
 
 int main(int argc, char* argv[]) {
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file_util::fileops::Basename;
 
   google::InitGoogleLogging(argv[0]);
   gflags::ParseCommandLineFlags(&argc, &argv, true);

oss-internship-2020/jsonnet/examples/jsonnet_multiple_files_example.cc

@@ -20,8 +20,8 @@
 
 #include "jsonnet_sapi.sapi.h"  // NOLINT(build/include)
 #include "sandboxed_api/util/flag.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 
 class JsonnetSapiSandbox : public JsonnetSandbox {
  public:
@@ -57,8 +57,8 @@ class JsonnetSapiSandbox : public JsonnetSandbox {
 };
 
 absl::Status JsonnetMain(std::string in_file, std::string out_file) {
-  using sandbox2::file::JoinPath;
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file::JoinPath;
+  using sapi::file_util::fileops::Basename;
 
   // Initialize sandbox.
   JsonnetSapiSandbox sandbox(in_file, out_file);
@@ -107,7 +107,7 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
 }
 
 int main(int argc, char* argv[]) {
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file_util::fileops::Basename;
 
   google::InitGoogleLogging(argv[0]);
   gflags::ParseCommandLineFlags(&argc, &argv, true);

oss-internship-2020/jsonnet/examples/jsonnet_yaml_stream_example.cc

@@ -16,12 +16,12 @@
 #include <iostream>
 
 #include "jsonnet_base_sandbox.h"  // NOLINT(build/include)
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 
 absl::Status JsonnetMain(std::string in_file, std::string out_file) {
-  using sandbox2::file::JoinPath;
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file::JoinPath;
+  using sapi::file_util::fileops::Basename;
 
   // Initialize sandbox.
   JsonnetBaseSandbox sandbox(in_file, out_file);
@@ -70,7 +70,7 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
 }
 
 int main(int argc, char* argv[]) {
-  using sandbox2::file_util::fileops::Basename;
+  using sapi::file_util::fileops::Basename;
 
   google::InitGoogleLogging(argv[0]);
   gflags::ParseCommandLineFlags(&argc, &argv, true);

oss-internship-2020/jsonnet/headers/jsonnet_tests.h

@@ -28,7 +28,7 @@
 #include "jsonnet_sapi.sapi.h"     // NOLINT(build/include)
 #include "gtest/gtest.h"
 #include "sandboxed_api/util/flag.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/status_matchers.h"
 
 class JsonnetTestHelper {

oss-internship-2020/libarchive/examples/CMakeLists.txt

@@ -22,10 +22,10 @@ target_link_libraries(sapi_minitar_lib PUBLIC
   glog::glog
   libarchive_sapi
   sandbox2::executor
-  sandbox2::fileops
-  sandbox2::file_base
+  sapi::fileops
+  sapi::file_base
   sandbox2::util
-  sandbox2::temp_file
+  sapi::temp_file
   sapi::sapi
 )
 

oss-internship-2020/libarchive/examples/sandbox.h

@@ -20,7 +20,7 @@
 
 #include "libarchive_sapi.sapi.h"  // NOLINT(build/include)
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/util/fileops.h"
 
 // When creating an archive, we need read permissions on each of the
 // file/directory added in the archive. Also, in order to create the archive, we

oss-internship-2020/libarchive/examples/sapi_minitar.cc

@@ -15,7 +15,7 @@
 #include "sapi_minitar.h"  // NOLINT(build/include)
 
 #include "absl/status/status.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/status_macros.h"
 
 absl::Status CreateArchive(const char* initial_filename, int compress,

oss-internship-2020/libarchive/examples/sapi_minitar.h

@@ -22,8 +22,8 @@
 #include "libarchive_sapi.sapi.h"  // NOLINT(build/include)
 #include "sandbox.h"               // NOLINT(build/include)
 #include "sandboxed_api/sandbox2/util.h"
-#include "sandboxed_api/sandbox2/util/path.h"
-#include "sandboxed_api/sandbox2/util/temp_file.h"
+#include "sandboxed_api/util/path.h"
+#include "sandboxed_api/util/temp_file.h"
 
 // Creates an archive file at the given filename.
 absl::Status CreateArchive(const char* filename, int compress,

oss-internship-2020/libarchive/ld_preload_example/CMakeLists.txt

@@ -39,10 +39,10 @@ target_link_libraries(sapi_minitar_lib_shared PUBLIC
   glog::glog
   libarchive_sapi
   sandbox2::executor
-  sandbox2::fileops
-  sandbox2::file_base
+  sapi::fileops
+  sapi::file_base
   sandbox2::util
-  sandbox2::temp_file
+  sapi::temp_file
   sapi::sapi
 )
 

oss-internship-2020/libarchive/test/minitar_test.cc

@@ -16,20 +16,21 @@
 
 #include "sapi_minitar.h"  // NOLINT(build/include)
 #include "gtest/gtest.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/sandbox2/util.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/status_matchers.h"
 
-using ::sandbox2::file::JoinPath;
+namespace {
+
+using ::sandbox2::util::VecStringToCharPtrArr;
 using ::sapi::IsOk;
+using ::sapi::file::JoinPath;
+using ::sapi::file_util::fileops::Exists;
 using ::testing::Eq;
 using ::testing::IsTrue;
 using ::testing::StrEq;
 
-using ::sandbox2::file_util::fileops::Exists;
-using ::sandbox2::util::VecStringToCharPtrArr;
-
-namespace {
-
 // We will use a fixture class for testing which allows us to override the
 // SetUp and TearDown functions. Also, data that needs to be initialized
 // or destroyed only once (the test files and directories) will be handled

oss-internship-2020/libpng/examples/CMakeLists.txt

@@ -22,7 +22,7 @@ find_package(PNG REQUIRED)
 
 target_link_libraries(pngtopng PRIVATE
   sapi::sapi
-  sandbox2::temp_file
+  sapi::temp_file
   libpng_sapi
   "${PNG_LIBRARY}"
 )
@@ -40,7 +40,7 @@ add_executable(rgbtobgr
 
 target_link_libraries(rgbtobgr PRIVATE
   sapi::sapi
-  sandbox2::temp_file
+  sapi::temp_file
   libpng_sapi
   "${PNG_LIBRARY}"
 )

oss-internship-2020/libpng/tests/CMakeLists.txt

@@ -28,7 +28,7 @@ target_link_libraries(tests PRIVATE
   gtest
   gtest_main
   libpng_sapi
-  sandbox2::temp_file
+  sapi::temp_file
   sapi::sapi
 )
 

oss-internship-2020/libpng/tests/basic_test.cc

@@ -16,10 +16,10 @@
 #include "helper.h"        // NOLINT(build/include)
 #include "libpng.h"        // NOLINT(build/include)
 #include "gtest/gtest.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
-#include "sandboxed_api/sandbox2/util/temp_file.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/status_matchers.h"
+#include "sandboxed_api/util/temp_file.h"
 
 namespace {
 
@@ -31,11 +31,11 @@ TEST(SandboxTest, ReadWrite) {
   std::string infile = GetFilePath("pngtest.png");
 
   absl::StatusOr<std::string> status_or_path =
-      sandbox2::CreateNamedTempFileAndClose("output.png");
+      sapi::CreateNamedTempFileAndClose("output.png");
   ASSERT_THAT(status_or_path, IsOk()) << "Could not create temp output file";
 
-  std::string outfile = sandbox2::file::JoinPath(
-      sandbox2::file_util::fileops::GetCWD(), status_or_path.value());
+  std::string outfile = sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(),
+                                             status_or_path.value());
 
   LibPNGSapiSandbox sandbox;
   sandbox.AddFile(infile);

oss-internship-2020/libpng/tests/helper.cc

@@ -15,7 +15,7 @@
 #include "helper.h"  // NOLINT(build/include)
 
 #include "../sandboxed.h"  // NOLINT(build/include)
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/path.h"
 
 std::string GetSourcePath() { return getenv("TEST_SRCDIR"); }
 

oss-internship-2020/libpng/wrapper/CMakeLists.txt

@@ -23,6 +23,6 @@ set_target_properties(wrapper
 
 target_link_libraries(wrapper
   PNG::PNG
-  sandbox2::temp_file
+  sapi::temp_file
   sapi::sapi
 )

oss-internship-2020/libtiff/example/CMakeLists.txt

@@ -20,5 +20,5 @@ add_executable(sandboxed
 target_link_libraries(sandboxed PRIVATE
   tiff_sapi
   sapi::sapi
-  sandbox2::temp_file
+  sapi::temp_file
 )

oss-internship-2020/libtiff/example/main_sandboxed.cc

@@ -19,8 +19,8 @@
 #include <vector>
 
 #include "../sandboxed.h"  // NOLINT(build/include)
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 #include "tiffio.h"  // NOLINT(build/include)
 
 // sapi functions:
@@ -104,7 +104,7 @@ int CheckRgbaPixel(int pixel, int min_red, int max_red, int min_green,
   return 1;
 }
 std::string GetFilePath(const std::string& dir, const std::string& filename) {
-  return sandbox2::file::JoinPath(dir, "test", "images", filename);
+  return sapi::file::JoinPath(dir, "test", "images", filename);
 }
 
 std::string GetCWD() {
@@ -127,7 +127,7 @@ std::string GetFilePath(const std::string filename) {
     project_path = cwd.substr(0, find);
   }
 
-  return sandbox2::file::JoinPath(project_path, "test", "images", filename);
+  return sapi::file::JoinPath(project_path, "test", "images", filename);
 }
 
 }  // namespace

oss-internship-2020/libtiff/test/CMakeLists.txt

@@ -28,7 +28,7 @@ add_executable(tests
 target_link_libraries(tests PRIVATE
   tiff_sapi
   sapi::sapi
-  sandbox2::temp_file
+  sapi::temp_file
   gtest
   gmock
   gtest_main

oss-internship-2020/libtiff/test/helper.h

@@ -19,10 +19,10 @@
 
 #include "../sandboxed.h"  // NOLINT(build/include)
 #include "gtest/gtest.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
-#include "sandboxed_api/sandbox2/util/temp_file.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/status_matchers.h"
+#include "sandboxed_api/util/temp_file.h"
 
 std::string GetFilePath(const std::string& filename);
 

oss-internship-2020/libtiff/wrapper/CMakeLists.txt

@@ -23,7 +23,7 @@ set_target_properties(wrapped_tiff
 add_subdirectory(libtiff)
 
 target_link_libraries(wrapped_tiff
-  sandbox2::temp_file
+  sapi::temp_file
   sapi::sapi
   tiff
 )

oss-internship-2020/lodepng/examples/CMakeLists.txt

@@ -21,9 +21,9 @@ add_executable(lodepng_unsandboxed
 target_link_libraries(lodepng_unsandboxed PRIVATE
   lodepng
   sapi::sapi
-  sandbox2::temp_file
-  sandbox2::file_base
-  sandbox2::fileops
+  sapi::temp_file
+  sapi::file_base
+  sapi::fileops
   glog::glog
 )
 
@@ -37,8 +37,8 @@ add_executable(lodepng_sandboxed
 target_link_libraries(lodepng_sandboxed PRIVATE
   lodepng_sapi
   sapi::sapi
-  sandbox2::temp_file
-  sandbox2::fileops
+  sapi::temp_file
+  sapi::fileops
   sapi::vars
   sapi::status
   glog::glog
@@ -61,8 +61,8 @@ target_link_libraries(main_unit_test PRIVATE
   glog::glog
   sapi::flags
   sapi::sapi
-  sandbox2::temp_file
-  sandbox2::fileops
+  sapi::temp_file
+  sapi::fileops
   sapi::status
   sapi::test_main
   sapi::vars

oss-internship-2020/lodepng/examples/helpers.cc

@@ -15,7 +15,7 @@
 #include "helpers.h"  // NOLINT(build/include)
 
 #include "absl/status/statusor.h"
-#include "sandboxed_api/sandbox2/util/temp_file.h"
+#include "sandboxed_api/util/temp_file.h"
 
 std::vector<uint8_t> GenerateValues() {
   std::vector<uint8_t> image;

oss-internship-2020/lodepng/examples/helpers.h

@@ -19,8 +19,8 @@
 #include <cstdint>
 
 #include <glog/logging.h>
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/temp_file.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/temp_file.h"
 
 inline constexpr size_t kWidth = 512;
 inline constexpr size_t kHeight = 512;

oss-internship-2020/lodepng/examples/main_unsandboxed.cc

@@ -17,8 +17,8 @@
 #include <glog/logging.h>
 #include "helpers.h"  // NOLINT(build/include)
 #include "lodepng.h"  // NOLINT(build/include)
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 
 void EncodeDecodeOneStep(const std::string& images_path) {
   // Generate the values.

sandboxed_api/BUILD.bazel

@@ -15,10 +15,19 @@
 load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
 load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library")
 
+package(default_visibility = ["//sandboxed_api:__subpackages__"])
+
 licenses(["notice"])
 
 exports_files(["LICENSE"])
 
+cc_library(
+    name = "config",
+    hdrs = ["config.h"],
+    copts = sapi_platform_copts(),
+    deps = ["@com_google_absl//absl/base:config"],
+)
+
 sapi_proto_library(
     name = "proto_arg",
     srcs = ["proto_arg.proto"],
@@ -36,9 +45,9 @@ cc_library(
     visibility = ["//visibility:public"],
     deps = [
         "//sandboxed_api/sandbox2:util",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/container:flat_hash_map",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/strings",
@@ -71,11 +80,11 @@ cc_library(
         "//sandboxed_api/sandbox2:comms",
         "//sandboxed_api/sandbox2:util",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:file_base",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:runfiles",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api/util:file_base",
+        "//sandboxed_api/util:fileops",
+        "//sandboxed_api/util:runfiles",
         "//sandboxed_api/util:status",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/container:flat_hash_map",
@@ -200,3 +209,17 @@ cc_test(
         "@com_google_googletest//:gtest_main",
     ],
 )
+
+# Utility library for writing tests
+cc_library(
+    name = "testing",
+    testonly = 1,
+    srcs = ["testing.cc"],
+    hdrs = ["testing.h"],
+    copts = sapi_platform_copts(),
+    visibility = ["//visibility:public"],
+    deps = [
+        "//sandboxed_api/util:file_base",
+        "@com_google_absl//absl/strings",
+    ],
+)

sandboxed_api/CMakeLists.txt

@@ -20,6 +20,16 @@ if(SAPI_ENABLE_GENERATOR)
 endif()
 add_subdirectory(examples)
 
+# sandboxed_api:config
+add_library(sapi_config ${SAPI_LIB_TYPE}
+  config.h
+)
+add_library(sapi::config ALIAS sapi_config)
+target_link_libraries(sapi_config PRIVATE
+  absl::config
+  sapi::base
+)
+
 # sandboxed_api:proto_arg
 sapi_protobuf_generate_cpp(_sapi_proto_arg_pb_cc _sapi_proto_arg_pb_h
   proto_arg.proto
@@ -47,8 +57,8 @@ target_link_libraries(sapi_embed_file
           absl::statusor
           absl::strings
           absl::synchronization
-          sandbox2::fileops
-          sandbox2::strerror
+          sapi::fileops
+          sapi::strerror
           sandbox2::util
           sapi::base
           sapi::raw_logging
@@ -73,10 +83,10 @@ target_link_libraries(sapi_sapi
           absl::strings
           absl::synchronization
           sandbox2::bpf_helper
-          sandbox2::file_base
-          sandbox2::fileops
-          sandbox2::runfiles
-          sandbox2::strerror
+          sapi::file_base
+          sapi::fileops
+          sapi::runfiles
+          sapi::strerror
           sandbox2::util
           sapi::embed_file
           sapi::vars
@@ -198,6 +208,19 @@ if(SAPI_ENABLE_TESTS AND NOT CMAKE_CROSSCOMPILING)
     sapi::test_main
   )
   gtest_discover_tests_xcompile(sapi_test)
+
+  # sandboxed_api:testing
+  add_library(sapi_testing ${SAPI_LIB_TYPE}
+    testing.cc
+    testing.h
+  )
+  add_library(sapi::testing ALIAS sapi_testing)
+  target_link_libraries(sapi_testing PRIVATE
+    absl::strings
+    sapi::file_base
+    sapi::base
+  )
+
 endif()
 
 # Install headers and libraries, excluding tools, tests and examples
@@ -205,7 +228,8 @@ foreach(_dir IN ITEMS . sandbox2 sandbox2/network_proxy sandbox2/util util)
   get_property(_sapi_targets DIRECTORY ${_dir} PROPERTY BUILDSYSTEM_TARGETS)
   list(FILTER _sapi_targets INCLUDE REGEX ^\(sapi|sandbox2\).*)
   list(FILTER _sapi_targets EXCLUDE REGEX _test)
-  install(TARGETS ${_sapi_targets} DESTINATION ${CMAKE_INSTALL_LIBDIR})
+  install(TARGETS ${_sapi_targets}
+          DESTINATION ${CMAKE_INSTALL_LIBDIR})
   set_property(TARGET ${_sapi_targets} PROPERTY SOVERSION 1)
 endforeach()
 
@@ -214,7 +238,8 @@ list(FILTER _sapi_headers EXCLUDE REGEX /\(tools|examples\)/)
 foreach(_file ${_sapi_headers})
   get_filename_component(_dir ${_file} DIRECTORY)
   string(REPLACE ${CMAKE_CURRENT_LIST_DIR} "" _dir ${_dir})
-  install(FILES ${_file} DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/sandboxed_api/${_dir})
+  install(FILES ${_file}
+          DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/sandboxed_api/${_dir})
 endforeach()
 
 configure_file(
@@ -223,4 +248,5 @@ configure_file(
   @ONLY
 )
 
-install(FILES "${PROJECT_BINARY_DIR}/sapi.pc" DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
+install(FILES "${PROJECT_BINARY_DIR}/sapi.pc"
+        DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")

sandboxed_api/config.h

@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#ifndef SANDBOXED_API_SANDBOX2_CONFIG_H_
-#define SANDBOXED_API_SANDBOX2_CONFIG_H_
+#ifndef SANDBOXED_API_CONFIG_H_
+#define SANDBOXED_API_CONFIG_H_
 
 #include <cstdint>
 
@@ -39,7 +39,7 @@
 
 #endif
 
-namespace sandbox2 {
+namespace sapi {
 
 namespace cpu {
 
@@ -92,6 +92,6 @@ static_assert(host_cpu::Architecture() != cpu::kUnknown,
               "Host CPU architecture is not supported: One of x86-64, POWER64 "
               "(little endian), Arm or AArch64 is required.");
 
-}  // namespace sandbox2
+}  // namespace sapi
 
-#endif  // SANDBOXED_API_SANDBOX2_CONFIG_H_
+#endif  // SANDBOXED_API_CONFIG_H_

sandboxed_api/embed_file.cc

@@ -25,11 +25,9 @@
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
 #include "sandboxed_api/sandbox2/util.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/fileops.h"
 #include "sandboxed_api/util/raw_logging.h"
-
-namespace file_util = ::sandbox2::file_util;
+#include "sandboxed_api/util/strerror.h"
 
 namespace sapi {
 

sandboxed_api/sandbox.cc

@@ -38,13 +38,11 @@
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
-#include "sandboxed_api/sandbox2/util/runfiles.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
+#include "sandboxed_api/util/runfiles.h"
 #include "sandboxed_api/util/status_macros.h"
 
-namespace file = ::sandbox2::file;
-
 namespace sapi {
 
 Sandbox::~Sandbox() {
@@ -125,9 +123,8 @@ void Sandbox::Terminate(bool attempt_graceful_exit) {
 }
 
 static std::string PathToSAPILib(const std::string& lib_path) {
-  return file::IsAbsolutePath(lib_path)
-             ? lib_path
-             : sandbox2::GetDataDependencyFilePath(lib_path);
+  return file::IsAbsolutePath(lib_path) ? lib_path
+                                        : GetDataDependencyFilePath(lib_path);
 }
 
 absl::Status Sandbox::Init() {

sandboxed_api/sandbox2/BUILD.bazel

@@ -18,21 +18,12 @@ load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
 load("//sandboxed_api/bazel:embed_data.bzl", "sapi_cc_embed_data")
 load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library")
 
-package(default_visibility = [
-    "//sandboxed_api:__subpackages__",
-])
+package(default_visibility = ["//sandboxed_api:__subpackages__"])
 
 licenses(["notice"])  # Apache 2.0
 
 exports_files(["testdata/hostname"])
 
-cc_library(
-    name = "config",
-    hdrs = ["config.h"],
-    copts = sapi_platform_copts(),
-    deps = ["@com_google_absl//absl/base:config"],
-)
-
 cc_library(
     name = "bpfdisassembler",
     srcs = ["bpfdisassembler.cc"],
@@ -47,10 +38,10 @@ cc_library(
     hdrs = ["regs.h"],
     copts = sapi_platform_copts(),
     deps = [
-        ":config",
         ":syscall",
         ":violation_cc_proto",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api:config",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/strings",
@@ -68,8 +59,8 @@ cc_library(
     copts = sapi_platform_copts(),
     visibility = ["//visibility:public"],
     deps = [
-        ":config",
         ":util",
+        "//sandboxed_api:config",
         "@com_google_absl//absl/algorithm:container",
         "@com_google_absl//absl/strings",
         "@com_google_absl//absl/strings:str_format",
@@ -83,8 +74,8 @@ cc_test(
     srcs = ["syscall_test.cc"],
     copts = sapi_platform_copts(),
     deps = [
-        ":config",
         ":syscall",
+        "//sandboxed_api:config",
         "@com_google_absl//absl/strings",
         "@com_google_googletest//:gtest_main",
     ],
@@ -96,10 +87,10 @@ cc_library(
     hdrs = ["result.h"],
     copts = sapi_platform_copts(),
     deps = [
-        ":config",
         ":regs",
         ":syscall",
         ":util",
+        "//sandboxed_api:config",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/status:statusor",
@@ -204,8 +195,8 @@ cc_binary(
         ":comms",
         ":forkserver",
         ":sanitizer",
-        "//sandboxed_api/sandbox2/util:strerror",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/strings",
     ],
@@ -229,10 +220,10 @@ cc_library(
         ":forkserver_cc_proto",
         ":util",
         "//sandboxed_api:embed_file",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:flags",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",
@@ -268,7 +259,7 @@ cc_library(
         ":limits",
         ":namespace",
         ":util",
-        "//sandboxed_api/sandbox2/util:fileops",
+        "//sandboxed_api/util:fileops",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",
@@ -305,7 +296,6 @@ cc_library(
     deps = [
         ":client",
         ":comms",
-        ":config",
         ":executor",
         ":fork_client",
         ":forkserver_cc_proto",
@@ -323,14 +313,15 @@ cc_library(
         ":syscall",
         ":util",
         ":violation_cc_proto",
+        "//sandboxed_api:config",
         "//sandboxed_api/sandbox2/network_proxy:client",
         "//sandboxed_api/sandbox2/network_proxy:filtering",
         "//sandboxed_api/sandbox2/network_proxy:server",
         "//sandboxed_api/sandbox2/unwind",
         "//sandboxed_api/sandbox2/unwind:unwind_cc_proto",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:file_base",
-        "//sandboxed_api/sandbox2/util:fileops",
+        "//sandboxed_api/util:file_base",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:flags",
         "//sandboxed_api/util:raw_logging",
         "//sandboxed_api/util:status",
@@ -362,8 +353,8 @@ cc_library(
         ":logsink",
         ":sanitizer",
         "//sandboxed_api/sandbox2/network_proxy:client",
-        "//sandboxed_api/sandbox2/util:strerror",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/container:flat_hash_map",
         "@com_google_absl//absl/memory",
@@ -378,10 +369,10 @@ cc_library(
     copts = sapi_platform_copts(),
     visibility = ["//visibility:public"],
     deps = [
-        "//sandboxed_api/sandbox2/util:file_helpers",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api/util:file_helpers",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/strings",
         "@com_google_glog//:glog",
@@ -406,9 +397,9 @@ cc_library(
         ":util",
         "//sandboxed_api/sandbox2/unwind",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/status:statusor",
@@ -439,14 +430,14 @@ cc_library(
     hdrs = ["mounts.h"],
     copts = sapi_platform_copts(),
     deps = [
-        ":config",
         ":mounttree_cc_proto",
-        "//sandboxed_api/sandbox2/util:file_base",
-        "//sandboxed_api/sandbox2/util:fileops",
+        "//sandboxed_api:config",
         "//sandboxed_api/sandbox2/util:minielf",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api/util:file_base",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:raw_logging",
         "//sandboxed_api/util:status",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/container:flat_hash_set",
         "@com_google_absl//absl/status",
@@ -463,11 +454,11 @@ cc_test(
     data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"],
     deps = [
         ":mounts",
-        ":testing",
-        "//sandboxed_api/sandbox2/util:file_base",
-        "//sandboxed_api/sandbox2/util:file_helpers",
-        "//sandboxed_api/sandbox2/util:temp_file",
+        "//sandboxed_api:testing",
+        "//sandboxed_api/util:file_base",
+        "//sandboxed_api/util:file_helpers",
         "//sandboxed_api/util:status_matchers",
+        "//sandboxed_api/util:temp_file",
         "@com_google_absl//absl/strings",
         "@com_google_googletest//:gtest_main",
     ],
@@ -483,10 +474,10 @@ cc_library(
         ":mounttree_cc_proto",
         ":util",
         ":violation_cc_proto",
-        "//sandboxed_api/sandbox2/util:file_base",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api/util:file_base",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",
@@ -504,13 +495,13 @@ cc_test(
     ],
     deps = [
         ":comms",
-        ":config",
         ":namespace",
         ":sandbox2",
-        ":testing",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:temp_file",
+        "//sandboxed_api:config",
+        "//sandboxed_api:testing",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:status_matchers",
+        "//sandboxed_api/util:temp_file",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",
         "@com_google_googletest//:gtest_main",
@@ -542,11 +533,11 @@ cc_library(
     copts = sapi_platform_copts(),
     visibility = ["//visibility:public"],
     deps = [
-        ":config",
-        "//sandboxed_api/sandbox2/util:file_base",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api:config",
+        "//sandboxed_api/util:file_base",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/status:statusor",
         "@com_google_absl//absl/strings",
@@ -562,8 +553,8 @@ cc_library(
     visibility = ["//visibility:public"],
     deps = [
         ":util",
-        "//sandboxed_api/sandbox2/util:strerror",
         "//sandboxed_api/util:status",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/status:statusor",
@@ -579,9 +570,9 @@ cc_test(
     deps = [
         ":buffer",
         ":comms",
-        ":config",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:config",
+        "//sandboxed_api:testing",
         "//sandboxed_api/util:status_matchers",
         "@com_google_absl//absl/memory",
         "@com_google_googletest//:gtest_main",
@@ -608,10 +599,10 @@ cc_library(
     visibility = ["//visibility:public"],
     deps = [
         ":util",
-        "//sandboxed_api/sandbox2/util:strerror",
         "//sandboxed_api/util:raw_logging",
         "//sandboxed_api/util:status",
         "//sandboxed_api/util:status_proto",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/status",
@@ -655,7 +646,7 @@ cc_test(
         ":forkserver_cc_proto",
         ":global_forkserver",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:testing",
         "@com_google_absl//absl/strings",
         "@com_google_glog//:glog",
         "@com_google_googletest//:gtest_main",
@@ -668,10 +659,10 @@ cc_test(
     copts = sapi_platform_copts(),
     data = ["//sandboxed_api/sandbox2/testcases:limits"],
     deps = [
-        ":config",
         ":limits",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:config",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2/util:bpf_helper",
         "//sandboxed_api/util:status_matchers",
         "@com_google_absl//absl/memory",
@@ -691,7 +682,7 @@ cc_test(
         ":comms",
         ":regs",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2/util:bpf_helper",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",
@@ -711,11 +702,11 @@ cc_test(
         "//sandboxed_api/sandbox2/testcases:policy",
     ],
     deps = [
-        ":config",
         ":limits",
         ":regs",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:config",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2/util:bpf_helper",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",
@@ -736,9 +727,9 @@ cc_test(
     ],
     tags = ["local"],
     deps = [
-        ":config",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:config",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2/util:bpf_helper",
         "//sandboxed_api/util:status_matchers",
         "@com_google_absl//absl/memory",
@@ -756,8 +747,8 @@ cc_test(
         ":comms",
         ":sandbox2",
         ":sanitizer",
-        ":testing",
         ":util",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2/util:bpf_helper",
         "//sandboxed_api/util:status_matchers",
         "@com_google_absl//absl/memory",
@@ -771,9 +762,9 @@ cc_test(
     srcs = ["util_test.cc"],
     copts = sapi_platform_copts(),
     deps = [
-        ":testing",
         ":util",
-        "//sandboxed_api/sandbox2/util:file_base",
+        "//sandboxed_api:testing",
+        "//sandboxed_api/util:file_base",
         "@com_google_googletest//:gtest_main",
     ],
 )
@@ -786,12 +777,12 @@ cc_test(
     deps = [
         ":global_forkserver",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:temp_file",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:flags",
         "//sandboxed_api/util:status_matchers",
+        "//sandboxed_api/util:temp_file",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",
         "@com_google_googletest//:gtest_main",
@@ -806,7 +797,7 @@ cc_test(
     deps = [
         ":comms",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2/util:bpf_helper",
         "//sandboxed_api/util:status_matchers",
         "@com_google_absl//absl/memory",
@@ -814,18 +805,13 @@ cc_test(
     ],
 )
 
-# Utility library for writing tests
 cc_library(
     name = "testing",
     testonly = 1,
-    srcs = ["testing.cc"],
     hdrs = ["testing.h"],
     copts = sapi_platform_copts(),
     visibility = ["//visibility:public"],
-    deps = [
-        "//sandboxed_api/sandbox2/util:file_base",
-        "@com_google_absl//absl/strings",
-    ],
+    deps = ["//sandboxed_api:testing"],
 )
 
 sapi_proto_library(
@@ -842,7 +828,7 @@ cc_test(
     deps = [
         ":comms",
         ":sandbox2",
-        ":testing",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2/util:bpf_helper",
         "//sandboxed_api/util:status_matchers",
         "@com_google_absl//absl/memory",

sandboxed_api/sandbox2/CMakeLists.txt

@@ -17,16 +17,6 @@ add_subdirectory(unwind)
 add_subdirectory(util)
 add_subdirectory(network_proxy)
 
-# sandboxed_api/sandbox2:config
-add_library(sandbox2_config ${SAPI_LIB_TYPE}
-  config.h
-)
-add_library(sandbox2::config ALIAS sandbox2_config)
-target_link_libraries(sandbox2_config PRIVATE
-  absl::config
-  sapi::base
-)
-
 # sandboxed_api/sandbox2:bpfdisassembler
 add_library(sandbox2_bpfdisassembler ${SAPI_LIB_TYPE}
   bpfdisassembler.cc
@@ -47,8 +37,8 @@ add_library(sandbox2::regs ALIAS sandbox2_regs)
 target_link_libraries(sandbox2_regs PRIVATE
   absl::core_headers
   absl::strings
-  sandbox2::config
-  sandbox2::strerror
+  sapi::config
+  sapi::strerror
   sandbox2::syscall
   sandbox2::violation_proto
   sapi::base
@@ -83,7 +73,7 @@ target_link_libraries(sandbox2_result PRIVATE
   absl::base
   absl::memory
   absl::strings
-  sandbox2::config
+  sapi::config
   sandbox2::regs
   sandbox2::syscall
   sandbox2::util
@@ -209,7 +199,7 @@ target_link_libraries(sandbox2_forkserver_bin PRIVATE
   sandbox2::comms
   sandbox2::forkserver
   sandbox2::sanitizer
-  sandbox2::strerror
+  sapi::strerror
   sapi::base
   sapi::raw_logging
   PUBLIC glog::glog
@@ -234,9 +224,9 @@ target_link_libraries(sandbox2_global_forkserver
           absl::strings
           glog::glog
           sandbox2::client
-          sandbox2::fileops
+          sapi::fileops
           sandbox2::forkserver_bin_embed
-          sandbox2::strerror
+          sapi::strerror
           sandbox2::util
           sapi::base
           sapi::embed_file
@@ -274,7 +264,7 @@ target_link_libraries(sandbox2_executor
   PRIVATE absl::core_headers
           absl::memory
           absl::strings
-          sandbox2::fileops
+          sapi::fileops
           sandbox2::forkserver_proto
           sandbox2::ipc
           sandbox2::limits
@@ -316,11 +306,11 @@ target_link_libraries(sandbox2_sandbox2
           sapi::status
           sandbox2::bpf_helper
           sandbox2::client
-          sandbox2::config
+          sapi::config
           sandbox2::comms
           sandbox2::executor
-          sandbox2::file_base
-          sandbox2::fileops
+          sapi::file_base
+          sapi::fileops
           sandbox2::fork_client
           sandbox2::forkserver_proto
           sandbox2::global_forkserver
@@ -355,7 +345,7 @@ target_link_libraries(sandbox2_client
           absl::memory
           absl::strings
           sandbox2::sanitizer
-          sandbox2::strerror
+          sapi::strerror
           sapi::base
           sapi::raw_logging
   PUBLIC absl::flat_hash_map
@@ -373,11 +363,11 @@ add_library(sandbox2::sanitizer ALIAS sandbox2_sanitizer)
 target_link_libraries(sandbox2_sanitizer
   PRIVATE absl::core_headers
           absl::strings
-          sandbox2::file_helpers
-          sandbox2::fileops
-          sandbox2::strerror
-          sapi::base
+          sapi::file_helpers
+          sapi::fileops
+          sapi::strerror
           sapi::raw_logging
+          sapi::base
 )
 
 # sandboxed_api/sandbox2:forkserver
@@ -396,12 +386,12 @@ target_link_libraries(sandbox2_forkserver PRIVATE
   sandbox2::bpf_helper
   sandbox2::client
   sandbox2::comms
-  sandbox2::fileops
+  sapi::fileops
   sandbox2::fork_client
   sandbox2::forkserver_proto
   sandbox2::namespace
   sandbox2::policy
-  sandbox2::strerror
+  sapi::strerror
   sandbox2::sanitizer
   sandbox2::syscall
   sandbox2::unwind
@@ -439,11 +429,11 @@ target_link_libraries(sandbox2_mounts
           absl::str_format
           absl::strings
           protobuf::libprotobuf
-          sandbox2::config
-          sandbox2::file_base
-          sandbox2::fileops
+          sapi::config
+          sapi::file_base
+          sapi::fileops
           sandbox2::minielf
-          sandbox2::strerror
+          sapi::strerror
           sapi::base
           sapi::raw_logging
           sapi::status
@@ -462,11 +452,11 @@ target_link_libraries(sandbox2_namespace PRIVATE
   absl::str_format
   absl::strings
   protobuf::libprotobuf
-  sandbox2::file_base
-  sandbox2::fileops
+  sapi::file_base
+  sapi::fileops
   sandbox2::mounts
   sandbox2::mounttree_proto
-  sandbox2::strerror
+  sapi::strerror
   sandbox2::util
   sandbox2::violation_proto
   sapi::base
@@ -499,10 +489,10 @@ target_link_libraries(sandbox2_util
   PRIVATE absl::core_headers
           absl::str_format
           absl::strings
-          sandbox2::config
-          sandbox2::file_base
-          sandbox2::fileops
-          sandbox2::strerror
+          sapi::config
+          sapi::file_base
+          sapi::fileops
+          sapi::strerror
           sapi::base
           sapi::raw_logging
   PUBLIC absl::status
@@ -526,7 +516,7 @@ target_link_libraries(sandbox2_buffer
           absl::memory
           absl::status
           absl::strings
-          sandbox2::strerror
+          sapi::strerror
           sandbox2::util
           sapi::base
           sapi::status
@@ -574,7 +564,7 @@ target_link_libraries(sandbox2_comms
           absl::statusor
           absl::str_format
           absl::strings
-          sandbox2::strerror
+          sapi::strerror
           sandbox2::util
           sapi::base
           sapi::raw_logging
@@ -613,7 +603,7 @@ if(SAPI_ENABLE_TESTS)
   )
   target_link_libraries(sandbox2_syscall_test PRIVATE
     absl::strings
-    sandbox2::config
+    sapi::config
     sandbox2::syscall
     sapi::test_main
   )
@@ -631,10 +621,10 @@ if(SAPI_ENABLE_TESTS)
   )
   target_link_libraries(sandbox2_mounts_test PRIVATE
     absl::strings
-    sandbox2::file_base
+    sapi::file_base
     sandbox2::mounts
-    sandbox2::temp_file
-    sandbox2::testing
+    sapi::temp_file
+    sapi::testing
     sapi::status_matchers
     sapi::test_main
   )
@@ -658,12 +648,12 @@ if(SAPI_ENABLE_TESTS)
     absl::memory
     absl::strings
     sandbox2::comms
-    sandbox2::config
-    sandbox2::fileops
+    sapi::config
+    sapi::fileops
     sandbox2::namespace
     sandbox2::sandbox2
-    sandbox2::testing
-    sandbox2::temp_file
+    sapi::testing
+    sapi::temp_file
     sapi::status_matchers
     sapi::test_main
   )
@@ -686,10 +676,10 @@ if(SAPI_ENABLE_TESTS)
     absl::memory
     sandbox2::buffer
     sandbox2::comms
-    sandbox2::config
+    sapi::config
     sandbox2::ipc
     sandbox2::sandbox2
-    sandbox2::testing
+    sapi::testing
     sapi::status_matchers
     sapi::test_main
   )
@@ -744,7 +734,7 @@ if(SAPI_ENABLE_TESTS)
     sandbox2::forkserver
     sandbox2::forkserver_proto
     sandbox2::sandbox2
-    sandbox2::testing
+    sapi::testing
     sapi::test_main
   )
   gtest_discover_tests_xcompile(sandbox2_forkserver_test PROPERTIES
@@ -766,10 +756,10 @@ if(SAPI_ENABLE_TESTS)
   target_link_libraries(sandbox2_limits_test PRIVATE
     absl::memory
     sandbox2::bpf_helper
-    sandbox2::config
+    sapi::config
     sandbox2::limits
     sandbox2::sandbox2
-    sandbox2::testing
+    sapi::testing
     sapi::status_matchers
     sapi::test_main
   )
@@ -796,7 +786,7 @@ if(SAPI_ENABLE_TESTS)
     sandbox2::comms
     sandbox2::regs
     sandbox2::sandbox2
-    sandbox2::testing
+    sapi::testing
     sapi::test_main
   )
   gtest_discover_tests_xcompile(sandbox2_notify_test PROPERTIES
@@ -822,11 +812,11 @@ if(SAPI_ENABLE_TESTS)
     absl::memory
     absl::strings
     sandbox2::bpf_helper
-    sandbox2::config
+    sapi::config
     sandbox2::limits
     sandbox2::regs
     sandbox2::sandbox2
-    sandbox2::testing
+    sapi::testing
     sapi::test_main
   )
   gtest_discover_tests_xcompile(sandbox2_policy_test PROPERTIES
@@ -851,9 +841,9 @@ if(SAPI_ENABLE_TESTS)
     absl::memory
     absl::strings
     sandbox2::bpf_helper
-    sandbox2::config
+    sapi::config
     sandbox2::sandbox2
-    sandbox2::testing
+    sapi::testing
     sapi::status_matchers
     sapi::test_main
   )
@@ -880,7 +870,7 @@ if(SAPI_ENABLE_TESTS)
     sandbox2::comms
     sandbox2::sandbox2
     sandbox2::sanitizer
-    sandbox2::testing
+    sapi::testing
     sandbox2::util
     sapi::status_matchers
     sapi::test_main
@@ -898,8 +888,8 @@ if(SAPI_ENABLE_TESTS)
     OUTPUT_NAME util_test
   )
   target_link_libraries(sandbox2_util_test PRIVATE
-    sandbox2::file_base
-    sandbox2::testing
+    sapi::file_base
+    sapi::testing
     sandbox2::util
     sapi::test_main
   )
@@ -920,11 +910,11 @@ if(SAPI_ENABLE_TESTS)
     absl::status
     absl::strings
     sandbox2::bpf_helper
-    sandbox2::fileops
+    sapi::fileops
     sandbox2::global_forkserver
     sandbox2::sandbox2
-    sandbox2::temp_file
-    sandbox2::testing
+    sapi::temp_file
+    sapi::testing
     sandbox2::util
     sapi::flags
     sapi::status_matchers
@@ -951,7 +941,7 @@ if(SAPI_ENABLE_TESTS)
     sandbox2::comms
     sandbox2::ipc
     sandbox2::sandbox2
-    sandbox2::testing
+    sapi::testing
     sapi::flags
     sapi::status_matchers
     sapi::test_main
@@ -961,18 +951,6 @@ if(SAPI_ENABLE_TESTS)
     ENVIRONMENT "TEST_SRCDIR=${PROJECT_BINARY_DIR}"
   )
 
-  # sandboxed_api/sandbox2:testing
-  add_library(sandbox2_testing ${SAPI_LIB_TYPE}
-    testing.cc
-    testing.h
-  )
-  add_library(sandbox2::testing ALIAS sandbox2_testing)
-  target_link_libraries(sandbox2_testing PRIVATE
-    absl::strings
-    sandbox2::file_base
-    sapi::base
-  )
-
   # sandboxed_api/sandbox2:policybuilder_test
   add_executable(sandbox2_policybuilder_test
     policybuilder_test.cc
@@ -988,7 +966,7 @@ if(SAPI_ENABLE_TESTS)
             absl::strings
             sandbox2::bpf_helper
             sandbox2::comms
-            sandbox2::testing
+            sapi::testing
             sapi::flags
             sapi::status_matchers
             sapi::test_main
@@ -1006,4 +984,5 @@ configure_file(
   @ONLY
 )
 
-install(FILES "${PROJECT_BINARY_DIR}/sandbox2.pc" DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
+install(FILES "${PROJECT_BINARY_DIR}/sandbox2.pc"
+        DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")

sandboxed_api/sandbox2/buffer.cc

@@ -24,10 +24,12 @@
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
 #include "sandboxed_api/sandbox2/util.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/strerror.h"
 
 namespace sandbox2 {
 
+using ::sapi::StrError;
+
 // Creates a new Buffer that is backed by the specified file descriptor.
 absl::StatusOr<std::unique_ptr<Buffer>> Buffer::CreateFromFd(int fd) {
   auto buffer = absl::WrapUnique(new Buffer{});

sandboxed_api/sandbox2/buffer_test.cc

@@ -28,24 +28,25 @@
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "absl/memory/memory.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/comms.h"
-#include "sandboxed_api/sandbox2/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/ipc.h"
 #include "sandboxed_api/sandbox2/policy.h"
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
-#include "sandboxed_api/sandbox2/testing.h"
+#include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"
 
-using ::testing::Eq;
-using ::testing::IsTrue;
-using ::testing::Ne;
-
 namespace sandbox2 {
 namespace {
 
+using ::sapi::GetTestSourcePath;
+using ::testing::Eq;
+using ::testing::IsTrue;
+using ::testing::Ne;
+
 // Test all public methods of sandbox2::Buffer.
 TEST(BufferTest, TestImplementation) {
   constexpr int kSize = 1024;

sandboxed_api/sandbox2/client.cc

@@ -41,11 +41,13 @@
 #include "absl/strings/str_split.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/sanitizer.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
 #include "sandboxed_api/util/raw_logging.h"
+#include "sandboxed_api/util/strerror.h"
 
 namespace sandbox2 {
 
+using ::sapi::StrError;
+
 Client::Client(Comms* comms) : comms_(comms) {
   char* fdmap_envvar = getenv(kFDMapEnvVar);
   if (!fdmap_envvar) {

sandboxed_api/sandbox2/comms.cc

@@ -41,9 +41,9 @@
 #include "absl/strings/str_format.h"
 #include "absl/synchronization/mutex.h"
 #include "sandboxed_api/sandbox2/util.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
 #include "sandboxed_api/util/raw_logging.h"
 #include "sandboxed_api/util/status.h"
+#include "sandboxed_api/util/strerror.h"
 #include "sandboxed_api/util/status_macros.h"
 
 #ifdef MEMORY_SANITIZER

sandboxed_api/sandbox2/examples/crc4/BUILD.bazel

@@ -19,10 +19,10 @@
 # - Using sandbox2::Comms for data exchange (IPC)
 # - Test to ensure sandbox executor runs sandboxee without issue
 
-licenses(["notice"])
-
 load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
 
+licenses(["notice"])
+
 # Executor
 cc_binary(
     name = "crc4sandbox",
@@ -33,8 +33,8 @@ cc_binary(
         "//sandboxed_api/sandbox2",
         "//sandboxed_api/sandbox2:comms",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:runfiles",
         "//sandboxed_api/util:flags",
+        "//sandboxed_api/util:runfiles",
         "@com_google_absl//absl/memory",
     ],
 )
@@ -60,7 +60,7 @@ cc_test(
     data = [":crc4sandbox"],
     tags = ["local"],
     deps = [
-        "//sandboxed_api/sandbox2:testing",
+        "//sandboxed_api:testing",
         "//sandboxed_api/sandbox2:util",
         "//sandboxed_api/util:status_matchers",
         "@com_google_glog//:glog",

sandboxed_api/sandbox2/examples/crc4/CMakeLists.txt

@@ -24,7 +24,7 @@ target_link_libraries(sandbox2_crc4sandbox PRIVATE
   absl::memory
   sandbox2::bpf_helper
   sandbox2::comms
-  sandbox2::runfiles
+  sapi::runfiles
   sandbox2::sandbox2
   sapi::base
   sapi::flags

sandboxed_api/sandbox2/examples/crc4/crc4sandbox.cc

@@ -38,7 +38,7 @@
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/runfiles.h"
+#include "sandboxed_api/util/runfiles.h"
 
 using std::string;
 
@@ -91,8 +91,8 @@ int main(int argc, char** argv) {
     return 1;
   }
 
-  std::string path = sandbox2::GetInternalDataDependencyFilePath(
-      "sandbox2/examples/crc4/crc4bin");
+  const std::string path =
+      sapi::GetInternalDataDependencyFilePath("sandbox2/examples/crc4/crc4bin");
   std::vector<std::string> args = {path};
   if (absl::GetFlag(FLAGS_call_syscall_not_allowed)) {
     args.push_back("-call_syscall_not_allowed");

sandboxed_api/sandbox2/examples/crc4/crc4sandbox_test.cc

@@ -21,16 +21,17 @@
 #include <glog/logging.h>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
-#include "sandboxed_api/sandbox2/testing.h"
 #include "sandboxed_api/sandbox2/util.h"
+#include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"
 
-using ::testing::Eq;
-using ::testing::StrEq;
-
 namespace sandbox2 {
 namespace {
 
+using ::sapi::GetTestSourcePath;
+using ::testing::Eq;
+using ::testing::StrEq;
+
 class CRC4Test : public ::testing::Test {
  protected:
   void SetUp() override {

sandboxed_api/sandbox2/examples/custom_fork/BUILD.bazel

@@ -16,10 +16,10 @@
 # - create a custom fork-server, which will prepare and fork a sandboxee
 #   from the current process
 
-licenses(["notice"])
-
 load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
 
+licenses(["notice"])
+
 # Executor
 cc_binary(
     name = "custom_fork_sandbox",
@@ -30,9 +30,9 @@ cc_binary(
         "//sandboxed_api/sandbox2",
         "//sandboxed_api/sandbox2:comms",
         "//sandboxed_api/sandbox2:forkserver",
-        "//sandboxed_api/sandbox2/util:runfiles",
         "//sandboxed_api/util:flags",
         "//sandboxed_api/util:raw_logging",
+        "//sandboxed_api/util:runfiles",
         "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/memory",
     ],

sandboxed_api/sandbox2/examples/custom_fork/CMakeLists.txt

@@ -25,7 +25,7 @@ target_link_libraries(sandbox2_custom_fork_sandbox PRIVATE
   absl::memory
   sandbox2::comms
   sandbox2::forkserver
-  sandbox2::runfiles
+  sapi::runfiles
   sandbox2::sandbox2
   sapi::base
   sapi::flags

sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox.cc

@@ -34,7 +34,7 @@
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
-#include "sandboxed_api/sandbox2/util/runfiles.h"
+#include "sandboxed_api/util/runfiles.h"
 
 std::unique_ptr<sandbox2::Policy> GetPolicy() {
   return sandbox2::PolicyBuilder()
@@ -117,7 +117,7 @@ int main(int argc, char** argv) {
 #endif
 
   // Start a custom fork-server (via sandbox2::Executor).
-  const std::string path = sandbox2::GetInternalDataDependencyFilePath(
+  const std::string path = sapi::GetInternalDataDependencyFilePath(
       "sandbox2/examples/custom_fork/custom_fork_bin");
   std::vector<std::string> args = {path};
   std::vector<std::string> envs = {};
@@ -137,7 +137,7 @@ int main(int argc, char** argv) {
 
   // Test new sandboxees: send them integers over Comms, and expect they will
   // exit with these specific exit codes.
-  for (int i = 0; i < 10; i++) {
+  for (int i = 0; i < 10; ++i) {
     CHECK_EQ(SandboxIteration(fork_client.get(), i), i);
   }
 

sandboxed_api/sandbox2/examples/network/BUILD.bazel

@@ -18,10 +18,10 @@
 # - strict syscall policy
 # - sandbox2::Comms for data exchange (IPC)
 
-licenses(["notice"])
-
 load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
 
+licenses(["notice"])
+
 # Executor
 cc_binary(
     name = "network_sandbox",
@@ -32,9 +32,9 @@ cc_binary(
         "//sandboxed_api/sandbox2",
         "//sandboxed_api/sandbox2:comms",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:runfiles",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:flags",
+        "//sandboxed_api/util:runfiles",
         "@com_google_absl//absl/base:core_headers",
     ],
 )

sandboxed_api/sandbox2/examples/network/CMakeLists.txt

@@ -23,8 +23,8 @@ add_dependencies(sandbox2_network_sandbox
 target_link_libraries(sandbox2_network_sandbox PRIVATE
   sandbox2::bpf_helper
   sandbox2::comms
-  sandbox2::fileops
-  sandbox2::runfiles
+  sapi::fileops
+  sapi::runfiles
   sandbox2::sandbox2
   sapi::base
   sapi::flags
@@ -40,6 +40,6 @@ target_link_libraries(sandbox2_network_bin PRIVATE
   absl::str_format
   sandbox2::client
   sandbox2::comms
-  sandbox2::fileops
+  sapi::fileops
   sapi::base
 )

sandboxed_api/sandbox2/examples/network/network_sandbox.cc

@@ -36,8 +36,8 @@
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/runfiles.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/runfiles.h"
 
 namespace {
 
@@ -56,8 +56,8 @@ std::unique_ptr<sandbox2::Policy> GetPolicy(absl::string_view sandboxee_path) {
 }
 
 void Server(int port) {
-  sandbox2::file_util::fileops::FDCloser s{
-      socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0)};
+  sapi::file_util::fileops::FDCloser s(
+      socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0));
   if (s.get() < 0) {
     PLOG(ERROR) << "socket() failed";
     return;
@@ -95,7 +95,7 @@ void Server(int port) {
     return;
   }
 
-  sandbox2::file_util::fileops::FDCloser client{accept(s.get(), 0, 0)};
+  sapi::file_util::fileops::FDCloser client(accept(s.get(), 0, 0));
   if (client.get() < 0) {
     PLOG(ERROR) << "accept() failed";
     return;
@@ -179,7 +179,7 @@ int main(int argc, char** argv) {
   std::thread server_thread{Server,port};
   server_thread.detach();
 
-  std::string path = sandbox2::GetInternalDataDependencyFilePath(
+  const std::string path = sapi::GetInternalDataDependencyFilePath(
       "sandbox2/examples/network/network_bin");
   std::vector<std::string> args = {path};
   std::vector<std::string> envs = {};

sandboxed_api/sandbox2/examples/network_proxy/BUILD.bazel

@@ -28,9 +28,9 @@ cc_binary(
         "//sandboxed_api/sandbox2",
         "//sandboxed_api/sandbox2:comms",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:runfiles",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:flags",
+        "//sandboxed_api/util:runfiles",
         "@com_google_absl//absl/base:core_headers",
     ],
 )
@@ -44,10 +44,10 @@ cc_binary(
         "//sandboxed_api/sandbox2:client",
         "//sandboxed_api/sandbox2:comms",
         "//sandboxed_api/sandbox2/network_proxy:client",
-        "//sandboxed_api/sandbox2/util:fileops",
-        "//sandboxed_api/sandbox2/util:strerror",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:flags",
         "//sandboxed_api/util:status",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/status:statusor",
         "@com_google_absl//absl/strings",

sandboxed_api/sandbox2/examples/network_proxy/CMakeLists.txt

@@ -23,8 +23,8 @@ add_dependencies(sandbox2_networkproxy_sandbox
 target_link_libraries(sandbox2_networkproxy_sandbox PRIVATE
   sandbox2::bpf_helper
   sandbox2::comms
-  sandbox2::fileops
-  sandbox2::runfiles
+  sapi::fileops
+  sapi::runfiles
   sandbox2::sandbox2
   sapi::base
   sapi::flags
@@ -43,10 +43,10 @@ target_link_libraries(sandbox2_networkproxy_bin PRIVATE absl::status
   absl::str_format
   sandbox2::client
   sandbox2::comms
-  sandbox2::fileops
+  sapi::fileops
   sandbox2::network_proxy_client
   sapi::base
   sapi::flags
   sapi::status
-  sandbox2::strerror
+  sapi::strerror
 )

sandboxed_api/sandbox2/examples/network_proxy/networkproxy_bin.cc

@@ -19,8 +19,8 @@
 #include "sandboxed_api/sandbox2/client.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/network_proxy/client.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/strerror.h"
 #include "sandboxed_api/util/status_macros.h"
 
 ABSL_FLAG(bool, connect_with_handler, true, "Connect using automatic mode.");
@@ -67,7 +67,7 @@ absl::StatusOr<struct sockaddr_in6> CreateAddres(int port) {
   int err = inet_pton(AF_INET6, "::1", &saddr.sin6_addr);
   if (err <= 0) {
     return absl::InternalError(
-        absl::StrCat("socket() failed: ", sandbox2::StrError(errno)));
+        absl::StrCat("socket() failed: ", sapi::StrError(errno)));
   }
   return saddr;
 }
@@ -90,10 +90,10 @@ absl::Status ConnectWithHandler(int s, const struct sockaddr_in6& saddr) {
 absl::StatusOr<int> ConnectToServer(int port) {
   SAPI_ASSIGN_OR_RETURN(struct sockaddr_in6 saddr, CreateAddres(port));
 
-  sandbox2::file_util::fileops::FDCloser s(socket(AF_INET6, SOCK_STREAM, 0));
+  sapi::file_util::fileops::FDCloser s(socket(AF_INET6, SOCK_STREAM, 0));
   if (s.get() < 0) {
     return absl::InternalError(
-        absl::StrCat("socket() failed: ", sandbox2::StrError(errno)));
+        absl::StrCat("socket() failed: ", sapi::StrError(errno)));
   }
 
   if (absl::GetFlag(FLAGS_connect_with_handler)) {
@@ -140,7 +140,7 @@ int main(int argc, char** argv) {
     LOG(ERROR) << sock_s.status().message();
     return 3;
   }
-  sandbox2::file_util::fileops::FDCloser client(sock_s.value());
+  sapi::file_util::fileops::FDCloser client(sock_s.value());
 
   if (auto status = CommunicationTest(client.get()); !status.ok()) {
     LOG(ERROR) << status.message();

sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox.cc

@@ -24,8 +24,8 @@
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/runfiles.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/runfiles.h"
 
 ABSL_FLAG(bool, connect_with_handler, true, "Connect using automatic mode.");
 
@@ -57,7 +57,7 @@ std::unique_ptr<sandbox2::Policy> GetPolicy(absl::string_view sandboxee_path) {
 }
 
 void Server(int port) {
-  sandbox2::file_util::fileops::FDCloser s{
+  sapi::file_util::fileops::FDCloser s{
       socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0)};
   if (s.get() < 0) {
     PLOG(ERROR) << "socket() failed";
@@ -97,7 +97,7 @@ void Server(int port) {
     return;
   }
 
-  sandbox2::file_util::fileops::FDCloser client{accept(s.get(), 0, 0)};
+  sapi::file_util::fileops::FDCloser client{accept(s.get(), 0, 0)};
   if (client.get() < 0) {
     PLOG(ERROR) << "accept() failed";
     return;
@@ -129,8 +129,8 @@ int main(int argc, char** argv) {
   std::thread server_thread{Server,port};
   server_thread.detach();
 
-  std::string path =
-      sandbox2::GetInternalDataDependencyFilePath(kSandboxeePath);
+  const std::string path =
+      sapi::GetInternalDataDependencyFilePath(kSandboxeePath);
   std::vector<std::string> args = {path};
   if (!absl::GetFlag(FLAGS_connect_with_handler)) {
     args.push_back("--noconnect_with_handler");

sandboxed_api/sandbox2/examples/static/BUILD.bazel

@@ -19,10 +19,10 @@
 # - communication with file descriptors and MapFd
 # - test to ensure sandbox executor runs sandboxee without issue
 
-licenses(["notice"])
-
 load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
 
+licenses(["notice"])
+
 # Executor
 cc_binary(
     name = "static_sandbox",
@@ -32,8 +32,8 @@ cc_binary(
     deps = [
         "//sandboxed_api/sandbox2",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:runfiles",
         "//sandboxed_api/util:flags",
+        "//sandboxed_api/util:runfiles",
         "@com_google_absl//absl/memory",
     ],
 )

sandboxed_api/sandbox2/examples/static/CMakeLists.txt

@@ -23,7 +23,7 @@ add_dependencies(sandbox2_static_sandbox
 target_link_libraries(sandbox2_static_sandbox PRIVATE
   absl::memory
   sandbox2::bpf_helper
-  sandbox2::runfiles
+  sapi::runfiles
   sandbox2::sandbox2
   sapi::base
   sapi::flags

sandboxed_api/sandbox2/examples/static/static_sandbox.cc

@@ -37,7 +37,7 @@
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/runfiles.h"
+#include "sandboxed_api/util/runfiles.h"
 
 std::unique_ptr<sandbox2::Policy> GetPolicy() {
   return sandbox2::PolicyBuilder()
@@ -108,7 +108,7 @@ int main(int argc, char** argv) {
   gflags::ParseCommandLineFlags(&argc, &argv, true);
   google::InitGoogleLogging(argv[0]);
 
-  const std::string path = sandbox2::GetInternalDataDependencyFilePath(
+  const std::string path = sapi::GetInternalDataDependencyFilePath(
       "sandbox2/examples/static/static_bin");
   std::vector<std::string> args = {path};
   auto executor = absl::make_unique<sandbox2::Executor>(path, args);

sandboxed_api/sandbox2/examples/tool/BUILD.bazel

@@ -20,10 +20,10 @@
 # - set limits, wall time, filesystem checks, asynchronous run
 # - test to ensure sandbox executor runs sandboxee without issue
 
-licenses(["notice"])
-
 load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
 
+licenses(["notice"])
+
 # Executor
 cc_binary(
     name = "sandbox2tool",
@@ -33,7 +33,7 @@ cc_binary(
         "//sandboxed_api/sandbox2",
         "//sandboxed_api/sandbox2:util",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:fileops",
+        "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:flags",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",

sandboxed_api/sandbox2/examples/tool/sandbox2tool.cc

@@ -43,7 +43,7 @@
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/util.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/util/fileops.h"
 
 using std::string;
 
@@ -118,10 +118,10 @@ int main(int argc, char** argv) {
   }
   auto executor = absl::make_unique<sandbox2::Executor>(argv[1], args, envp);
 
-  sandbox2::file_util::fileops::FDCloser recv_fd1;
+  sapi::file_util::fileops::FDCloser recv_fd1;
   if (absl::GetFlag(FLAGS_sandbox2tool_redirect_fd1)) {
     // Make the sandboxed process' fd be available as fd in the current process.
-    recv_fd1 = sandbox2::file_util::fileops::FDCloser(
+    recv_fd1 = sapi::file_util::fileops::FDCloser(
         executor->ipc()->ReceiveFd(STDOUT_FILENO));
   }
 

sandboxed_api/sandbox2/examples/zlib/BUILD.bazel

@@ -12,10 +12,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-licenses(["notice"])
-
 load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
 
+licenses(["notice"])
+
 # Executor
 cc_binary(
     name = "zpipe_sandbox",
@@ -26,8 +26,8 @@ cc_binary(
         "//sandboxed_api/sandbox2",
         "//sandboxed_api/sandbox2:comms",
         "//sandboxed_api/sandbox2/util:bpf_helper",
-        "//sandboxed_api/sandbox2/util:runfiles",
         "//sandboxed_api/util:flags",
+        "//sandboxed_api/util:runfiles",
         "@com_google_absl//absl/memory",
     ],
 )

sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt

@@ -25,7 +25,7 @@ target_link_libraries(sandbox2_zpipe_sandbox PRIVATE
   sandbox2::bpf_helper
   sandbox2::comms
   # sandbox2::ipc
-  sandbox2::runfiles
+  sapi::runfiles
   sandbox2::sandbox2
   sapi::base
   sapi::flags

sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc

@@ -37,7 +37,7 @@
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/runfiles.h"
+#include "sandboxed_api/util/runfiles.h"
 
 using std::string;
 
@@ -78,8 +78,8 @@ int main(int argc, char** argv) {
     return 1;
   }
 
-  std::string path = sandbox2::GetInternalDataDependencyFilePath(
-      "sandbox2/examples/zlib/zpipe");
+  const std::string path =
+      sapi::GetInternalDataDependencyFilePath("sandbox2/examples/zlib/zpipe");
   std::vector<std::string> args = {path};
   if (absl::GetFlag(FLAGS_decompress)) {
     args.push_back("-d");

sandboxed_api/sandbox2/executor.cc

@@ -31,7 +31,9 @@
 #include "sandboxed_api/sandbox2/global_forkclient.h"
 #include "sandboxed_api/sandbox2/ipc.h"
 #include "sandboxed_api/sandbox2/util.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/util/fileops.h"
+
+namespace file_util = ::sapi::file_util;
 
 namespace sandbox2 {
 

sandboxed_api/sandbox2/forkserver.cc

@@ -53,11 +53,14 @@
 #include "sandboxed_api/sandbox2/unwind/unwind.h"
 #include "sandboxed_api/sandbox2/util.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/fileops.h"
 #include "sandboxed_api/util/raw_logging.h"
+#include "sandboxed_api/util/strerror.h"
 
 namespace {
+
+using ::sapi::StrError;
+
 // "Moves" the old FD to the new FD number.
 // The old FD will be closed, the new one is marked as CLOEXEC.
 void MoveToFdNumber(int* old_fd, int new_fd) {
@@ -137,7 +140,7 @@ absl::Status SendPid(int signaling_fd) {
   char dummy = ' ';
   if (TEMP_FAILURE_RETRY(send(signaling_fd, &dummy, 1, 0)) != 1) {
     return absl::InternalError(
-        absl::StrCat("Sending PID: send: ", sandbox2::StrError(errno)));
+        absl::StrCat("Sending PID: send: ", StrError(errno)));
   }
   return absl::OkStatus();
 }
@@ -161,8 +164,8 @@ absl::StatusOr<pid_t> ReceivePid(int signaling_fd) {
   iov.iov_len = sizeof(char);
 
   if (TEMP_FAILURE_RETRY(recvmsg(signaling_fd, &msgh, MSG_WAITALL)) != 1) {
-    return absl::InternalError(absl::StrCat("Receiving pid failed: recvmsg: ",
-                                            sandbox2::StrError(errno)));
+    return absl::InternalError(
+        absl::StrCat("Receiving pid failed: recvmsg: ", StrError(errno)));
   }
   struct cmsghdr* cmsgp = CMSG_FIRSTHDR(&msgh);
   if (cmsgp->cmsg_len != CMSG_LEN(sizeof(struct ucred)) ||
@@ -176,6 +179,8 @@ absl::StatusOr<pid_t> ReceivePid(int signaling_fd) {
 
 namespace sandbox2 {
 
+namespace file_util = ::sapi::file_util;
+
 void ForkServer::PrepareExecveArgs(const ForkRequest& request,
                                    std::vector<std::string>* args,
                                    std::vector<std::string>* envp) {

sandboxed_api/sandbox2/forkserver_bin.cc

@@ -24,8 +24,8 @@
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/forkserver.h"
 #include "sandboxed_api/sandbox2/sanitizer.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
 #include "sandboxed_api/util/raw_logging.h"
+#include "sandboxed_api/util/strerror.h"
 
 int main() {
   // Make sure the logs go stderr.

sandboxed_api/sandbox2/forkserver_test.cc

@@ -18,6 +18,7 @@
 #include <sys/socket.h>
 #include <syscall.h>
 #include <unistd.h>
+
 #include <utility>
 
 #include <glog/logging.h>
@@ -27,10 +28,12 @@
 #include "sandboxed_api/sandbox2/forkserver.pb.h"
 #include "sandboxed_api/sandbox2/global_forkclient.h"
 #include "sandboxed_api/sandbox2/ipc.h"
-#include "sandboxed_api/sandbox2/testing.h"
+#include "sandboxed_api/testing.h"
 
 namespace sandbox2 {
 
+using ::sapi::GetTestSourcePath;
+
 class IpcPeer {
  public:
   explicit IpcPeer(IPC* ipc) : ipc_{ipc} {}

sandboxed_api/sandbox2/global_forkclient.cc

@@ -41,12 +41,14 @@
 #include "sandboxed_api/sandbox2/fork_client.h"
 #include "sandboxed_api/sandbox2/forkserver_bin_embed.h"
 #include "sandboxed_api/sandbox2/util.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/fileops.h"
 #include "sandboxed_api/util/raw_logging.h"
+#include "sandboxed_api/util/strerror.h"
 
 namespace sandbox2 {
 
+namespace file_util = ::sapi::file_util;
+
 bool AbslParseFlag(absl::string_view text, GlobalForkserverStartModeSet* out,
                    std::string* error) {
   *out = {};

sandboxed_api/sandbox2/ipc_test.cc

@@ -25,13 +25,15 @@
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
-#include "sandboxed_api/sandbox2/testing.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
+#include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"
 
 namespace sandbox2 {
 namespace {
 
+using ::sapi::GetTestSourcePath;
+
 constexpr int kPreferredIpcFd = 812;
 
 // This test verifies that mapping fds by name works if the sandbox is enabled

sandboxed_api/sandbox2/limits_test.cc

@@ -23,19 +23,21 @@
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "absl/memory/memory.h"
-#include "sandboxed_api/sandbox2/config.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/policy.h"
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
-#include "sandboxed_api/sandbox2/testing.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
+#include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"
 
 namespace sandbox2 {
 namespace {
 
+using ::sapi::GetTestSourcePath;
+
 TEST(LimitsTest, RLimitASMmapUnderLimit) {
   const std::string path = GetTestSourcePath("sandbox2/testcases/limits");
   std::vector<std::string> args = {path, "1"};  // mmap(1 MiB)

sandboxed_api/sandbox2/monitor.cc

@@ -47,9 +47,9 @@
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_format.h"
 #include "absl/time/time.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/client.h"
 #include "sandboxed_api/sandbox2/comms.h"
-#include "sandboxed_api/sandbox2/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/limits.h"
 #include "sandboxed_api/sandbox2/mounts.h"
@@ -762,7 +762,7 @@ void Monitor::LogSyscallViolation(const Syscall& syscall) const {
 void Monitor::EventPtraceSeccomp(pid_t pid, int event_msg) {
   // If the seccomp-policy is using RET_TRACE, we request that it returns the
   // syscall architecture identifier in the SECCOMP_RET_DATA.
-  const auto syscall_arch = static_cast<cpu::Architecture>(event_msg);
+  const auto syscall_arch = static_cast<sapi::cpu::Architecture>(event_msg);
   Regs regs(pid);
   auto status = regs.Fetch();
   if (!status.ok()) {

sandboxed_api/sandbox2/mounts.cc

@@ -34,17 +34,22 @@
 #include "absl/strings/str_join.h"
 #include "absl/strings/str_split.h"
 #include "absl/strings/string_view.h"
-#include "sandboxed_api/sandbox2/config.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/util/minielf.h"
-#include "sandboxed_api/sandbox2/util/path.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/raw_logging.h"
+#include "sandboxed_api/util/strerror.h"
 #include "sandboxed_api/util/status_macros.h"
 
 namespace sandbox2 {
 namespace {
 
+namespace cpu = ::sapi::cpu;
+namespace file = ::sapi::file;
+namespace file_util = ::sapi::file_util;
+namespace host_cpu = ::sapi::host_cpu;
+
 bool PathContainsNullByte(absl::string_view path) {
   return path.find('\x00') != absl::string_view::npos;
 }

sandboxed_api/sandbox2/mounts_test.cc

@@ -22,20 +22,25 @@
 #include "gtest/gtest.h"
 #include "absl/strings/match.h"
 #include "absl/strings/str_cat.h"
-#include "sandboxed_api/sandbox2/testing.h"
-#include "sandboxed_api/sandbox2/util/file_helpers.h"
-#include "sandboxed_api/sandbox2/util/path.h"
-#include "sandboxed_api/sandbox2/util/temp_file.h"
+#include "sandboxed_api/testing.h"
+#include "sandboxed_api/util/file_helpers.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/status_matchers.h"
-
-using sapi::IsOk;
-using sapi::StatusIs;
-using ::testing::Eq;
-using ::testing::UnorderedElementsAreArray;
+#include "sandboxed_api/util/temp_file.h"
 
 namespace sandbox2 {
 namespace {
 
+namespace file = ::sapi::file;
+using ::sapi::CreateNamedTempFileAndClose;
+using ::sapi::CreateTempDir;
+using ::sapi::GetTestSourcePath;
+using ::sapi::GetTestTempPath;
+using ::sapi::IsOk;
+using ::sapi::StatusIs;
+using ::testing::Eq;
+using ::testing::UnorderedElementsAreArray;
+
 constexpr size_t kTmpfsSize = 1024;
 
 TEST(MountTreeTest, TestInvalidFilenames) {

sandboxed_api/sandbox2/namespace.cc

@@ -36,13 +36,16 @@
 #include "absl/strings/str_format.h"
 #include "absl/strings/string_view.h"
 #include "sandboxed_api/sandbox2/util.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/raw_logging.h"
+#include "sandboxed_api/util/strerror.h"
 
 namespace sandbox2 {
 
+namespace file = ::sapi::file;
+namespace file_util = ::sapi::file_util;
+
 static constexpr char kSandbox2ChrootPath[] = "/tmp/.sandbox2chroot";
 
 namespace {

sandboxed_api/sandbox2/namespace_test.cc

@@ -27,21 +27,26 @@
 #include "absl/memory/memory.h"
 #include "absl/strings/numbers.h"
 #include "absl/strings/str_cat.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/comms.h"
-#include "sandboxed_api/sandbox2/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/policy.h"
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
-#include "sandboxed_api/sandbox2/testing.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/temp_file.h"
+#include "sandboxed_api/testing.h"
+#include "sandboxed_api/util/fileops.h"
 #include "sandboxed_api/util/status_matchers.h"
+#include "sandboxed_api/util/temp_file.h"
 
 namespace sandbox2 {
 namespace {
 
+namespace file_util = ::sapi::file_util;
+using ::sapi::CreateNamedTempFile;
+using ::sapi::GetTestSourcePath;
+using ::sapi::GetTestTempPath;
+
 TEST(NamespaceTest, FileNamespaceWorks) {
   // Mount /binary_path RO and check that it exists and is readable.
   // /etc/passwd should not exist.

sandboxed_api/sandbox2/network_proxy/BUILD.bazel

@@ -28,7 +28,7 @@ cc_library(
     deps = [
         ":filtering",
         "//sandboxed_api/sandbox2:comms",
-        "//sandboxed_api/sandbox2/util:fileops",
+        "//sandboxed_api/util:fileops",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/status:statusor",
         "@com_google_absl//absl/strings",
@@ -43,10 +43,10 @@ cc_library(
     copts = sapi_platform_copts(),
     visibility = ["//visibility:public"],
     deps = [
+        "//sandboxed_api:config",
         "//sandboxed_api/sandbox2:comms",
-        "//sandboxed_api/sandbox2:config",
-        "//sandboxed_api/sandbox2/util:strerror",
         "//sandboxed_api/util:status",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/memory",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/strings",
@@ -62,8 +62,8 @@ cc_library(
     copts = sapi_platform_copts(),
     deps = [
         "//sandboxed_api/sandbox2:comms",
-        "//sandboxed_api/sandbox2/util:strerror",
         "//sandboxed_api/util:status",
+        "//sandboxed_api/util:strerror",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/status:statusor",
         "@com_google_absl//absl/strings",
@@ -77,7 +77,7 @@ cc_test(
     copts = sapi_platform_copts(),
     deps = [
         ":filtering",
-        "//sandboxed_api/sandbox2:testing",
+        "//sandboxed_api:testing",
         "//sandboxed_api/util:status_matchers",
         "@com_google_googletest//:gtest_main",
     ],

sandboxed_api/sandbox2/network_proxy/CMakeLists.txt

@@ -21,7 +21,7 @@ add_library(sandbox2::network_proxy_server ALIAS sandbox2_network_proxy_server)
 target_link_libraries(sandbox2_network_proxy_server PRIVATE
   absl::memory
   sandbox2::comms
-  sandbox2::fileops
+  sapi::fileops
   sandbox2::network_proxy_filtering
   sapi::base
 )
@@ -36,11 +36,11 @@ target_link_libraries(sandbox2_network_proxy_filtering
   PRIVATE absl::memory
           absl::status
           sandbox2::comms
-          sandbox2::fileops
+          sapi::fileops
           sapi::base
   PUBLIC absl::statusor
          glog::glog
-         sandbox2::strerror
+         sapi::strerror
          sapi::status
 )
 
@@ -55,8 +55,8 @@ target_link_libraries(sandbox2_network_proxy_client PRIVATE
   absl::synchronization
   glog::glog
   sandbox2::comms
-  sandbox2::config
-  sandbox2::strerror
+  sapi::config
+  sapi::strerror
   sapi::base
   sapi::status
 )
@@ -72,7 +72,7 @@ if(SAPI_ENABLE_TESTS)
   target_link_libraries(sandbox2_filtering_test PRIVATE
     absl::strings
     sandbox2::network_proxy_filtering
-    sandbox2::testing
+    sapi::testing
     sapi::base
     sapi::status_matchers
     sapi::test_main

sandboxed_api/sandbox2/network_proxy/client.cc

@@ -27,12 +27,14 @@
 #include "absl/memory/memory.h"
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"
-#include "sandboxed_api/sandbox2/config.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/config.h"
+#include "sandboxed_api/util/strerror.h"
 #include "sandboxed_api/util/status_macros.h"
 
 namespace sandbox2 {
 
+using ::sapi::StrError;
+
 #ifndef SYS_SECCOMP
 constexpr int SYS_SECCOMP = 1;
 #endif

sandboxed_api/sandbox2/network_proxy/filtering.cc

@@ -22,11 +22,13 @@
 #include "absl/strings/numbers.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_split.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/strerror.h"
 #include "sandboxed_api/util/status_macros.h"
 
 namespace sandbox2 {
 
+using ::sapi::StrError;
+
 static absl::StatusOr<std::string> Addr6ToString(
     const struct sockaddr_in6* saddr) {
   char addr[INET6_ADDRSTRLEN];

sandboxed_api/sandbox2/network_proxy/filtering_test.cc

@@ -21,16 +21,16 @@
 #include <glog/logging.h>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
-#include "sandboxed_api/sandbox2/testing.h"
+#include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"
 
+namespace sandbox2 {
+namespace {
+
 using ::sapi::IsOk;
 using ::testing::IsFalse;
 using ::testing::IsTrue;
 
-namespace sandbox2 {
-namespace {
-
 static struct sockaddr* PrepareIpv6(const std::string& ip, uint32_t port = 80) {
   static struct sockaddr_in6 saddr {};
   memset(&saddr, 0, sizeof(saddr));

sandboxed_api/sandbox2/network_proxy/server.cc

@@ -27,10 +27,12 @@
 #include <glog/logging.h>
 #include "absl/memory/memory.h"
 #include "absl/status/statusor.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
+#include "sandboxed_api/util/fileops.h"
 
 namespace sandbox2 {
 
+namespace file_util = ::sapi::file_util;
+
 NetworkProxyServer::NetworkProxyServer(int fd, AllowedHosts* allowed_hosts,
                                        pthread_t monitor_thread_id)
     : violation_occurred_(false),

sandboxed_api/sandbox2/notify_test.cc

@@ -32,12 +32,14 @@
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/syscall.h"
-#include "sandboxed_api/sandbox2/testing.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
+#include "sandboxed_api/testing.h"
 
 namespace sandbox2 {
 namespace {
 
+using ::sapi::GetTestSourcePath;
+
 // Allow typical syscalls and call SECCOMP_RET_TRACE for personality syscall,
 // chosen because unlikely to be called by a regular program.
 std::unique_ptr<Policy> NotifyTestcasePolicy() {

sandboxed_api/sandbox2/policy.cc

@@ -86,9 +86,9 @@ std::vector<sock_filter> Policy::GetDefaultPolicy() const {
     LOAD_ARCH,
     JEQ32(Syscall::GetHostAuditArch(), JUMP(&l, past_arch_check_l)),
 #if defined(SAPI_X86_64)
-    JEQ32(AUDIT_ARCH_I386, TRACE(cpu::kX86)),  // 32-bit sandboxee
+    JEQ32(AUDIT_ARCH_I386, TRACE(sapi::cpu::kX86)),  // 32-bit sandboxee
 #endif
-    TRACE(cpu::kUnknown),
+    TRACE(sapi::cpu::kUnknown),
     LABEL(&l, past_arch_check_l),
 
     // After the policy is uploaded, forkserver will execve the sandboxee. We
@@ -139,16 +139,16 @@ std::vector<sock_filter> Policy::GetTrackingPolicy() const {
   return {
     LOAD_ARCH,
 #if defined(SAPI_X86_64)
-        JEQ32(AUDIT_ARCH_X86_64, TRACE(cpu::kX8664)),
-        JEQ32(AUDIT_ARCH_I386, TRACE(cpu::kX86)),
+        JEQ32(AUDIT_ARCH_X86_64, TRACE(sapi::cpu::kX8664)),
+        JEQ32(AUDIT_ARCH_I386, TRACE(sapi::cpu::kX86)),
 #elif defined(SAPI_PPC64_LE)
-        JEQ32(AUDIT_ARCH_PPC64LE, TRACE(cpu::kPPC64LE)),
+        JEQ32(AUDIT_ARCH_PPC64LE, TRACE(sapi::cpu::kPPC64LE)),
 #elif defined(SAPI_ARM64)
-        JEQ32(AUDIT_ARCH_AARCH64, TRACE(cpu::kArm64)),
+        JEQ32(AUDIT_ARCH_AARCH64, TRACE(sapi::cpu::kArm64)),
 #elif defined(SAPI_ARM)
-        JEQ32(AUDIT_ARCH_ARM, TRACE(cpu::kArm)),
+        JEQ32(AUDIT_ARCH_ARM, TRACE(sapi::cpu::kArm)),
 #endif
-        TRACE(cpu::kUnknown),
+        TRACE(sapi::cpu::kUnknown),
   };
 }
 

sandboxed_api/sandbox2/policy_test.cc

@@ -25,21 +25,22 @@
 #include "gtest/gtest.h"
 #include "absl/memory/memory.h"
 #include "absl/strings/string_view.h"
-#include "sandboxed_api/sandbox2/config.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/limits.h"
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/syscall.h"
-#include "sandboxed_api/sandbox2/testing.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-
-using ::testing::Eq;
+#include "sandboxed_api/testing.h"
 
 namespace sandbox2 {
 namespace {
 
+using ::sapi::GetTestSourcePath;
+using ::testing::Eq;
+
 PolicyBuilder CreatePolicyTestPolicyBuilder() {
   return PolicyBuilder()
       .DisableNamespaces()
@@ -83,7 +84,7 @@ TEST(PolicyTest, AMD64Syscall32PolicyAllowed) {
 
     ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
     EXPECT_THAT(result.reason_code(), Eq(1));  // __NR_exit in 32-bit
-    EXPECT_THAT(result.GetSyscallArch(), Eq(cpu::kX86));
+    EXPECT_THAT(result.GetSyscallArch(), Eq(sapi::cpu::kX86));
 }
 
 // Test that 32-bit syscalls from 64-bit for FS checks are disallowed.
@@ -101,7 +102,7 @@ TEST(PolicyTest, AMD64Syscall32FsAllowed) {
     ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
     EXPECT_THAT(result.reason_code(),
                 Eq(33));  // __NR_access in 32-bit
-    EXPECT_THAT(result.GetSyscallArch(), Eq(cpu::kX86));
+    EXPECT_THAT(result.GetSyscallArch(), Eq(sapi::cpu::kX86));
 }
 #endif
 

sandboxed_api/sandbox2/policybuilder.cc

@@ -31,10 +31,10 @@
 #include "absl/status/statusor.h"
 #include "absl/strings/escaping.h"
 #include "absl/strings/match.h"
-#include "sandboxed_api/sandbox2/config.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/namespace.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/path.h"
 #include "sandboxed_api/util/status_macros.h"
 
 #if defined(SAPI_X86_64)
@@ -46,6 +46,8 @@
 namespace sandbox2 {
 namespace {
 
+namespace file = ::sapi::file;
+
 constexpr PolicyBuilder::SyscallInitializer kMmapSyscalls = {
 #ifdef __NR_mmap2
     __NR_mmap2,
@@ -544,14 +546,14 @@ PolicyBuilder& PolicyBuilder::AllowStaticStartup() {
                                       });
 #endif
 
-  if constexpr (host_cpu::IsArm64()) {
+  if constexpr (sapi::host_cpu::IsArm64()) {
     BlockSyscallWithErrno(__NR_readlinkat, ENOENT);
   }
 #ifdef __NR_readlink
   BlockSyscallWithErrno(__NR_readlink, ENOENT);
 #endif
 
-  if constexpr (host_cpu::IsArm()) {
+  if constexpr (sapi::host_cpu::IsArm()) {
     AddPolicyOnSyscall(__NR_mprotect, {
                                           ARG_32(2),
                                           JEQ32(PROT_READ, ALLOW),

sandboxed_api/sandbox2/policybuilder_test.cc

@@ -33,11 +33,12 @@
 #include "sandboxed_api/sandbox2/ipc.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
-#include "sandboxed_api/sandbox2/testing.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
+#include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"
 #include "absl/status/status.h"
 
+using ::sapi::GetTestSourcePath;
 using ::testing::AllOf;
 using ::testing::AnyOf;
 using ::testing::Eq;
@@ -47,7 +48,6 @@ using ::testing::Lt;
 using ::testing::NotNull;
 using ::testing::StartsWith;
 using ::testing::StrEq;
-using ::sapi::IsOk;
 using ::sapi::StatusIs;
 
 namespace sandbox2 {

sandboxed_api/sandbox2/regs.cc

@@ -26,11 +26,13 @@
 #include "absl/base/macros.h"
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"
-#include "sandboxed_api/sandbox2/config.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/config.h"
+#include "sandboxed_api/util/strerror.h"
 
 namespace sandbox2 {
 
+using ::sapi::StrError;
+
 #ifndef NT_ARM_SYSTEM_CALL
 #define NT_ARM_SYSTEM_CALL 0x404
 #endif
@@ -42,8 +44,8 @@ absl::Status Regs::Fetch() {
                                             ") failed: ", StrError(errno)));
   }
 #endif
-  if constexpr (host_cpu::IsPPC64LE() || host_cpu::IsArm64() ||
-                host_cpu::IsArm()) {
+  if constexpr (sapi::host_cpu::IsPPC64LE() || sapi::host_cpu::IsArm64() ||
+                sapi::host_cpu::IsArm()) {
     iovec pt_iov = {&user_regs_, sizeof(user_regs_)};
 
     if (ptrace(PTRACE_GETREGSET, pid_, NT_PRSTATUS, &pt_iov) == -1L) {
@@ -59,7 +61,7 @@ absl::Status Regs::Fetch() {
     }
 
     // On AArch64, we are not done yet. Read the syscall number.
-    if constexpr (host_cpu::IsArm64()) {
+    if constexpr (sapi::host_cpu::IsArm64()) {
       iovec sys_iov = {&syscall_number_, sizeof(syscall_number_)};
 
       if (ptrace(PTRACE_GETREGSET, pid_, NT_ARM_SYSTEM_CALL, &sys_iov) == -1L) {
@@ -86,8 +88,8 @@ absl::Status Regs::Store() {
                                             ") failed: ", StrError(errno)));
   }
 #endif
-  if constexpr (host_cpu::IsPPC64LE() || host_cpu::IsArm64() ||
-                host_cpu::IsArm()) {
+  if constexpr (sapi::host_cpu::IsPPC64LE() || sapi::host_cpu::IsArm64() ||
+                sapi::host_cpu::IsArm()) {
     iovec pt_iov = {&user_regs_, sizeof(user_regs_)};
 
     if (ptrace(PTRACE_SETREGSET, pid_, NT_PRSTATUS, &pt_iov) == -1L) {
@@ -97,7 +99,7 @@ absl::Status Regs::Store() {
     }
 
     // Store syscall number on AArch64.
-    if constexpr (host_cpu::IsArm64()) {
+    if constexpr (sapi::host_cpu::IsArm64()) {
       iovec sys_iov = {&syscall_number_, sizeof(syscall_number_)};
 
       if (ptrace(PTRACE_SETREGSET, pid_, NT_ARM_SYSTEM_CALL, &sys_iov) == -1L) {
@@ -127,9 +129,9 @@ absl::Status Regs::SkipSyscallReturnValue(uintptr_t value) {
   return Store();
 }
 
-Syscall Regs::ToSyscall(cpu::Architecture syscall_arch) const {
+Syscall Regs::ToSyscall(sapi::cpu::Architecture syscall_arch) const {
 #if defined(SAPI_X86_64)
-  if (ABSL_PREDICT_TRUE(syscall_arch == cpu::kX8664)) {
+  if (ABSL_PREDICT_TRUE(syscall_arch == sapi::cpu::kX8664)) {
     auto syscall = user_regs_.orig_rax;
     Syscall::Args args = {user_regs_.rdi, user_regs_.rsi, user_regs_.rdx,
                           user_regs_.r10, user_regs_.r8,  user_regs_.r9};
@@ -137,7 +139,7 @@ Syscall Regs::ToSyscall(cpu::Architecture syscall_arch) const {
     auto ip = user_regs_.rip;
     return Syscall(syscall_arch, syscall, args, pid_, sp, ip);
   }
-  if (syscall_arch == cpu::kX86) {
+  if (syscall_arch == sapi::cpu::kX86) {
     auto syscall = user_regs_.orig_rax & 0xFFFFFFFF;
     Syscall::Args args = {
         user_regs_.rbx & 0xFFFFFFFF, user_regs_.rcx & 0xFFFFFFFF,
@@ -148,7 +150,7 @@ Syscall Regs::ToSyscall(cpu::Architecture syscall_arch) const {
     return Syscall(syscall_arch, syscall, args, pid_, sp, ip);
   }
 #elif defined(SAPI_PPC64_LE)
-  if (ABSL_PREDICT_TRUE(syscall_arch == cpu::kPPC64LE)) {
+  if (ABSL_PREDICT_TRUE(syscall_arch == sapi::cpu::kPPC64LE)) {
     auto syscall = user_regs_.gpr[0];
     Syscall::Args args = {user_regs_.orig_gpr3, user_regs_.gpr[4],
                           user_regs_.gpr[5],    user_regs_.gpr[6],
@@ -158,7 +160,7 @@ Syscall Regs::ToSyscall(cpu::Architecture syscall_arch) const {
     return Syscall(syscall_arch, syscall, args, pid_, sp, ip);
   }
 #elif defined(SAPI_ARM64)
-  if (ABSL_PREDICT_TRUE(syscall_arch == cpu::kArm64)) {
+  if (ABSL_PREDICT_TRUE(syscall_arch == sapi::cpu::kArm64)) {
     Syscall::Args args = {
         // First argument should be orig_x0, which is not available to ptrace on
         // AArch64 (see
@@ -174,7 +176,7 @@ Syscall Regs::ToSyscall(cpu::Architecture syscall_arch) const {
     return Syscall(syscall_arch, syscall_number_, args, pid_, sp, ip);
   }
 #elif defined(SAPI_ARM)
-  if (ABSL_PREDICT_TRUE(syscall_arch == cpu::kArm)) {
+  if (ABSL_PREDICT_TRUE(syscall_arch == sapi::cpu::kArm)) {
     Syscall::Args args = {
         user_regs_.orig_x0, user_regs_.regs[1], user_regs_.regs[2],
         user_regs_.regs[3], user_regs_.regs[4], user_regs_.regs[5],

sandboxed_api/sandbox2/regs.h

@@ -24,7 +24,7 @@
 #include <string>
 
 #include "absl/status/status.h"
-#include "sandboxed_api/sandbox2/config.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/syscall.h"
 #include "sandboxed_api/sandbox2/violation.pb.h"
 
@@ -46,7 +46,7 @@ class Regs {
   absl::Status SkipSyscallReturnValue(uintptr_t value);
 
   // Converts raw register values obtained on syscall entry to syscall info
-  Syscall ToSyscall(cpu::Architecture syscall_arch) const;
+  Syscall ToSyscall(sapi::cpu::Architecture syscall_arch) const;
 
   pid_t pid() const { return pid_; }
 

sandboxed_api/sandbox2/result.h

@@ -28,7 +28,7 @@
 
 #include "absl/memory/memory.h"
 #include "absl/status/status.h"
-#include "sandboxed_api/sandbox2/config.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/regs.h"
 #include "sandboxed_api/sandbox2/syscall.h"
 
@@ -132,8 +132,8 @@ class Result {
   // Returns the current syscall architecture.
   // Client architecture when final_status_ == VIOLATION, might be different
   // from the host architecture (32-bit vs 64-bit syscalls).
-  cpu::Architecture GetSyscallArch() const {
-    return syscall_ ? syscall_->arch() : cpu::kUnknown;
+  sapi::cpu::Architecture GetSyscallArch() const {
+    return syscall_ ? syscall_->arch() : sapi::cpu::kUnknown;
   }
 
   const std::vector<std::string> stack_trace() { return stack_trace_; }

sandboxed_api/sandbox2/sandbox2_test.cc

@@ -26,24 +26,25 @@
 #include "gtest/gtest.h"
 #include "absl/memory/memory.h"
 #include "absl/strings/str_cat.h"
-#include "sandboxed_api/sandbox2/config.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/policy.h"
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/result.h"
-#include "sandboxed_api/sandbox2/testing.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
+#include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"
 
+namespace sandbox2 {
+namespace {
+
+using ::sapi::GetTestSourcePath;
 using ::testing::Eq;
 using ::testing::HasSubstr;
 using ::testing::IsEmpty;
 using ::testing::IsTrue;
 using ::testing::Lt;
 
-namespace sandbox2 {
-namespace {
-
 // Test that aborting inside a sandbox with all userspace core dumping
 // disabled reports the signal.
 TEST(SandboxCoreDumpTest, AbortWithoutCoreDumpReturnsSignaled) {

sandboxed_api/sandbox2/sanitizer.cc

@@ -38,15 +38,18 @@
 #include "absl/strings/numbers.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_split.h"
-#include "sandboxed_api/sandbox2/util/file_helpers.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/strerror.h"
+#include "sandboxed_api/util/file_helpers.h"
+#include "sandboxed_api/util/fileops.h"
 #include "sandboxed_api/util/raw_logging.h"
+#include "sandboxed_api/util/strerror.h"
 
-namespace sandbox2 {
-namespace sanitizer {
+namespace sandbox2::sanitizer {
 namespace {
 
+namespace file = ::sapi::file;
+namespace file_util = ::sapi::file_util;
+using ::sapi::StrError;
+
 constexpr char kProcSelfFd[] = "/proc/self/fd";
 
 // Reads filenames inside the directory and converts them to numerical values.
@@ -222,5 +225,4 @@ bool SanitizeCurrentProcess(const std::set<int>& fd_exceptions,
   return true;
 }
 
-}  // namespace sanitizer
-}  // namespace sandbox2
+}  // namespace sandbox2::sanitizer

sandboxed_api/sandbox2/sanitizer_test.cc

@@ -36,11 +36,12 @@
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
-#include "sandboxed_api/sandbox2/testing.h"
 #include "sandboxed_api/sandbox2/util.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
+#include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"
 
+using ::sapi::GetTestSourcePath;
 using ::testing::Eq;
 using ::testing::Gt;
 using ::testing::IsFalse;

sandboxed_api/sandbox2/stack_trace.cc

@@ -30,8 +30,8 @@
 #include "absl/strings/str_cat.h"
 #include "absl/strings/strip.h"
 #include "libcap/include/sys/capability.h"
+#include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/comms.h"
-#include "sandboxed_api/sandbox2/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/ipc.h"
 #include "sandboxed_api/sandbox2/limits.h"
@@ -43,8 +43,8 @@
 #include "sandboxed_api/sandbox2/unwind/unwind.h"
 #include "sandboxed_api/sandbox2/unwind/unwind.pb.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
-#include "sandboxed_api/sandbox2/util/fileops.h"
-#include "sandboxed_api/sandbox2/util/path.h"
+#include "sandboxed_api/util/fileops.h"
+#include "sandboxed_api/util/path.h"
 
 ABSL_FLAG(bool, sandbox_disable_all_stack_traces, false,
           "Completely disable stack trace collection for sandboxees");
@@ -54,6 +54,9 @@ ABSL_FLAG(bool, sandbox_libunwind_crash_handler, true,
 
 namespace sandbox2 {
 
+namespace file = ::sapi::file;
+namespace file_util = ::sapi::file_util;
+
 class StackTracePeer {
  public:
   static std::unique_ptr<Policy> GetPolicy(pid_t target_pid,
@@ -277,7 +280,7 @@ bool StackTracePeer::LaunchLibunwindSandbox(const Regs* regs,
 }
 
 std::vector<std::string> GetStackTrace(const Regs* regs, const Mounts& mounts) {
-  if constexpr (host_cpu::IsArm64()) {
+  if constexpr (sapi::host_cpu::IsArm64()) {
     return {"[Stack traces unavailable]"};
   }
   if (absl::GetFlag(FLAGS_sandbox_disable_all_stack_traces)) {