PERFORCE change 164253 for review

Sat Jun 13 10:00:34 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=164253

Change 164253 by rwatson at rwatson_freebsd_capabilities on 2009/06/13 10:00:15

	Demonstrate nested sandboxes in libcapability_exec/sandbox_echo by
	having sandbox_echo launch a second sandbox that will actually
	implement echo, and the first will just proxy between the host and
	the second sandbox.
	
	Use err() to report sandbox errors on stderr, since we authorize
	this example sandboxed app to write to stderr, and it makes things
	significantly easier to debug.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/tools/cap/libcapability_exec/libcapability_exec.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/libcapability_exec/libcapability_exec.c#3 (text+ko) ====

@@ -48,7 +48,7 @@
 main(int argc, char *argv[])
 {
 	struct lc_sandbox *lcsp;
-	char *sandbox_argv[2] = { argv[1], NULL };
+	char *sandbox_argv[3] = { argv[1], "nested", NULL };
 	struct iovec iov;
 	size_t len;
 	char ch;

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#3 (text+ko) ====

@@ -38,30 +38,81 @@
 #include <sys/uio.h>
 
 #include <err.h>
+#include <errno.h>
 #include <libcapability.h>
+#include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
+#define	MYNAME	"sandbox_echo"
+
 int
 main(int argc, char *argv[])
 {
+	char *sandbox_argv[3] = { MYNAME, NULL };
+	struct lc_sandbox *lcsp;
 	struct lc_host *lchp;
 	u_int32_t opno, seqno;
 	struct iovec iov;
 	u_char *buffer;
 	size_t len;
+	int fd;
 
 	if (lcs_get(&lchp) < 0)
 		errx(-1, "libcapability sandbox binary");
 
-	while (1) {
-		if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) < 0)
-			return (-2);
-		if (len != 1)
-			return (-3);
-		iov.iov_base = buffer;
-		iov.iov_len = 1;
-		if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0)
-			return (-4);
-		free(buffer);
+	if (argc > 1 && strcmp(argv[1], "nested") == 0) {
+
+		fprintf(stderr, "%s\n", getenv("LD_CAPLIBINDEX"));
+		if (ld_caplibindex_lookup(MYNAME, &fd) < 0)
+			err(-10, "ld_caplibindex_lookup(%s)", MYNAME);
+
+		if (lch_startfd_flags(fd, MYNAME, sandbox_argv,
+		    LCH_PERMIT_STDERR, &lcsp) < 0)
+                	err(-1, "lch_start %s", argv[1]);
+		while (1) {
+			if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len)
+			    < 0) {
+				if (errno != EPIPE)
+					err(-2, "lcs_recvrpc");
+				else
+					exit(-1);
+			}
+			if (len != 1)
+				errx(-3, "lcs_recvrpc len");
+			iov.iov_base = buffer;
+			iov.iov_len = 1;
+			if (lch_rpc(lcsp, opno, &iov, 1, &iov, 1, &len) < 0)
+				err(-4, "lch_rpc");
+			if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) {
+				if (errno != EPIPE)
+					err(-5, "lcs_sendrpc");
+				else
+					exit(-5);
+			}
+			free(buffer);
+		}
+	} else {
+		while (1) {
+			if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len)
+			    < 0) {
+				if (errno != EPIPE)
+					err(-6, "lcs_recvrpc");
+				else
+					exit(-6);
+			}
+			if (len != 1)
+				errx(-7, "lcs_recvrpc len");
+			iov.iov_base = buffer;
+			iov.iov_len = 1;
+			if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) {
+				if (errno != EPIPE)
+					err(-8, "lcs_sendrpc");
+				else
+					exit(-8);
+			}
+			free(buffer);
+		}
 	}
 }
