StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Minor cleanups, no functional change.

Browse Source 
PiperOrigin-RevId: 594091580
Change-Id: Id870592374069840fedf51cd228c9ed2f84b7542
This commit is contained in:
Sandboxed API Team 2023-12-27 13:39:18 -08:00 committed by Copybara-Service
parent 36e4b80f9a
commit e5370e93ca
2 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sandboxed_api/sandbox2/mounts.cc
View File

@ -163,7 +163,7 @@ bool HasSameTarget(const MountTree::Node& n1, const MountTree::Node& n2) {
if (n1.node_case() != n2.node_case()) { if (n1.node_case() != n2.node_case()) {
return false; return false;
} }
// Compare proto fileds // Compare proto fields
switch (n1.node_case()) { switch (n1.node_case()) {
case MountTree::Node::kFileNode: case MountTree::Node::kFileNode:
// Check whether files are the same (e.g. symlinks / hardlinks) // Check whether files are the same (e.g. symlinks / hardlinks)
@ -185,7 +185,7 @@ bool IsEquivalentNode(const MountTree::Node& n1, const MountTree::Node& n2) {
return false; return false;
} }
// Compare proto fileds // Compare proto fields
switch (n1.node_case()) { switch (n1.node_case()) {
case MountTree::Node::kFileNode: case MountTree::Node::kFileNode:
return n1.file_node().writable() == n2.file_node().writable(); return n1.file_node().writable() == n2.file_node().writable();
@ -309,7 +309,7 @@ absl::Status Mounts::Insert(absl::string_view path,
if (!internal::IsWritable(curtree->node()) && if (!internal::IsWritable(curtree->node()) &&
internal::IsWritable(new_node)) { internal::IsWritable(new_node)) {
SAPI_RAW_LOG(INFO, SAPI_RAW_LOG(INFO,
"Chaning %s to writable, was insterted read-only before", "Changing %s to writable, was inserted read-only before",
std::string(path).c_str()); std::string(path).c_str());
*curtree->mutable_node() = new_node; *curtree->mutable_node() = new_node;
return absl::OkStatus(); return absl::OkStatus();
@ -317,7 +317,7 @@ absl::Status Mounts::Insert(absl::string_view path,
if (internal::IsWritable(curtree->node()) && if (internal::IsWritable(curtree->node()) &&
!internal::IsWritable(new_node)) { !internal::IsWritable(new_node)) {
SAPI_RAW_LOG(INFO, SAPI_RAW_LOG(INFO,
"Inserting %s read-only is a nop, as it was insterted " "Inserting %s read-only is a nop, as it was inserted "
"writable before", "writable before",
std::string(path).c_str()); std::string(path).c_str());
return absl::OkStatus(); return absl::OkStatus();
@ -349,7 +349,7 @@ absl::Status Mounts::AddFileAt(absl::string_view outside,
absl::Status Mounts::AddDirectoryAt(absl::string_view outside, absl::Status Mounts::AddDirectoryAt(absl::string_view outside,
absl::string_view inside, bool is_ro) { absl::string_view inside, bool is_ro) {
MountTree::Node node; MountTree::Node node;
auto dir_node = node.mutable_dir_node(); auto* dir_node = node.mutable_dir_node();
dir_node->set_outside(std::string(outside)); dir_node->set_outside(std::string(outside));
dir_node->set_writable(!is_ro); dir_node->set_writable(!is_ro);
return Insert(inside, node); return Insert(inside, node);

40
sandboxed_api/sandbox2/policybuilder.h
View File

@ -256,14 +256,14 @@ class PolicyBuilder final {
PolicyBuilder& AllowFutexOp(int op); PolicyBuilder& AllowFutexOp(int op);
// Appends code to allow opening and possibly creating files or directories. // Appends code to allow opening and possibly creating files or directories.
// Allows these sycalls: // Allows these syscalls:
// - creat // - creat
// - open // - open
// - openat // - openat
PolicyBuilder& AllowOpen(); PolicyBuilder& AllowOpen();
// Appends code to allow calling stat, fstat and lstat. // Appends code to allow calling stat, fstat and lstat.
// Allows these sycalls: // Allows these syscalls:
// - fstat // - fstat
// - fstat64 // - fstat64
// - fstatat // - fstatat
@ -318,7 +318,7 @@ class PolicyBuilder final {
PolicyBuilder& AllowChown(); PolicyBuilder& AllowChown();
// Appends code to the policy to allow reading from file descriptors. // Appends code to the policy to allow reading from file descriptors.
// Allows these sycalls: // Allows these syscalls:
// - read // - read
// - readv // - readv
// - preadv // - preadv
@ -326,7 +326,7 @@ class PolicyBuilder final {
PolicyBuilder& AllowRead(); PolicyBuilder& AllowRead();
// Appends code to the policy to allow writing to file descriptors. // Appends code to the policy to allow writing to file descriptors.
// Allows these sycalls: // Allows these syscalls:
// - write // - write
// - writev // - writev
// - pwritev // - pwritev
@ -334,37 +334,37 @@ class PolicyBuilder final {
PolicyBuilder& AllowWrite(); PolicyBuilder& AllowWrite();
// Appends code to allow reading directories. // Appends code to allow reading directories.
// Allows these sycalls: // Allows these syscalls:
// - getdents // - getdents
// - getdents64 // - getdents64
PolicyBuilder& AllowReaddir(); PolicyBuilder& AllowReaddir();
// Appends code to allow reading symbolic links. // Appends code to allow reading symbolic links.
// Allows these sycalls: // Allows these syscalls:
// - readlink // - readlink
// - readlinkat // - readlinkat
PolicyBuilder& AllowReadlink(); PolicyBuilder& AllowReadlink();
// Appends code to allow creating links. // Appends code to allow creating links.
// Allows these sycalls: // Allows these syscalls:
// - link // - link
// - linkat // - linkat
PolicyBuilder& AllowLink(); PolicyBuilder& AllowLink();
// Appends code to allow creating symbolic links. // Appends code to allow creating symbolic links.
// Allows these sycalls: // Allows these syscalls:
// - symlink // - symlink
// - symlinkat // - symlinkat
PolicyBuilder& AllowSymlink(); PolicyBuilder& AllowSymlink();
// Appends code to allow creating directories. // Appends code to allow creating directories.
// Allows these sycalls: // Allows these syscalls:
// - mkdir // - mkdir
// - mkdirat // - mkdirat
PolicyBuilder& AllowMkdir(); PolicyBuilder& AllowMkdir();
// Appends code to allow changing file timestamps. // Appends code to allow changing file timestamps.
// Allows these sycalls: // Allows these syscalls:
// - futimens // - futimens
// - utime // - utime
// - utimensat // - utimensat
@ -372,7 +372,7 @@ class PolicyBuilder final {
PolicyBuilder& AllowUtime(); PolicyBuilder& AllowUtime();
// Appends code to allow safe calls to fcntl. // Appends code to allow safe calls to fcntl.
// Allows these sycalls: // Allows these syscalls:
// - fcntl // - fcntl
// - fcntl64 (on architectures where it exists) // - fcntl64 (on architectures where it exists)
// //
@ -382,7 +382,7 @@ class PolicyBuilder final {
PolicyBuilder& AllowSafeFcntl(); PolicyBuilder& AllowSafeFcntl();
// Appends code to allow creating new processes. // Appends code to allow creating new processes.
// Allows these sycalls: // Allows these syscalls:
// - fork // - fork
// - vfork // - vfork
// - clone // - clone
@ -393,19 +393,19 @@ class PolicyBuilder final {
PolicyBuilder& AllowFork(); PolicyBuilder& AllowFork();
// Appends code to allow waiting for processes. // Appends code to allow waiting for processes.
// Allows these sycalls: // Allows these syscalls:
// - waitpid (on architectures where it exists) // - waitpid (on architectures where it exists)
// - wait4 // - wait4
PolicyBuilder& AllowWait(); PolicyBuilder& AllowWait();
// Appends code to allow setting alarms / interval timers. // Appends code to allow setting alarms / interval timers.
// Allows these sycalls: // Allows these syscalls:
// - alarm (on architectures where it exists) // - alarm (on architectures where it exists)
// - setitimer // - setitimer
PolicyBuilder& AllowAlarm(); PolicyBuilder& AllowAlarm();
// Appends code to allow setting up signal handlers, returning from them, etc. // Appends code to allow setting up signal handlers, returning from them, etc.
// Allows these sycalls: // Allows these syscalls:
// - rt_sigaction // - rt_sigaction
// - rt_sigreturn // - rt_sigreturn
// - rt_procmask // - rt_procmask
@ -416,12 +416,12 @@ class PolicyBuilder final {
PolicyBuilder& AllowHandleSignals(); PolicyBuilder& AllowHandleSignals();
// Appends code to allow doing the TCGETS ioctl. // Appends code to allow doing the TCGETS ioctl.
// Allows these sycalls: // Allows these syscalls:
// - ioctl (when the first argument is TCGETS) // - ioctl (when the first argument is TCGETS)
PolicyBuilder& AllowTCGETS(); PolicyBuilder& AllowTCGETS();
// Appends code to allow to getting the current time. // Appends code to allow to getting the current time.
// Allows these sycalls: // Allows these syscalls:
// - time // - time
// - gettimeofday // - gettimeofday
// - clock_gettime // - clock_gettime
@ -455,19 +455,19 @@ class PolicyBuilder final {
PolicyBuilder& AllowGetPGIDs(); PolicyBuilder& AllowGetPGIDs();
// Appends code to allow getting the rlimits. // Appends code to allow getting the rlimits.
// Allows these sycalls: // Allows these syscalls:
// - getrlimit // - getrlimit
// - ugetrlimit (on architectures where it exist) // - ugetrlimit (on architectures where it exist)
PolicyBuilder& AllowGetRlimit(); PolicyBuilder& AllowGetRlimit();
// Appends code to allow setting the rlimits. // Appends code to allow setting the rlimits.
// Allows these sycalls: // Allows these syscalls:
// - setrlimit // - setrlimit
// - usetrlimit (on architectures where it exist) // - usetrlimit (on architectures where it exist)
PolicyBuilder& AllowSetRlimit(); PolicyBuilder& AllowSetRlimit();
// Appends code to allow reading random bytes. // Appends code to allow reading random bytes.
// Allows these sycalls: // Allows these syscalls:
// - getrandom (with no flags or GRND_NONBLOCK) // - getrandom (with no flags or GRND_NONBLOCK)
// //
PolicyBuilder& AllowGetRandom(); PolicyBuilder& AllowGetRandom();