[tor-commits] [tor/master] Configure sandbox using consdiffmgr; free cdm on exit.

[nickm at torproject.org]

commit 24f7059704433834a7335286e552eda7f030666f
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Apr 25 19:52:34 2017 -0400

    Configure sandbox using consdiffmgr; free cdm on exit.
---
 src/or/conscache.c   | 11 +++++++++++
 src/or/conscache.h   |  3 +++
 src/or/consdiffmgr.c | 10 ++++++++++
 src/or/consdiffmgr.h |  2 ++
 src/or/main.c        |  4 ++++
 5 files changed, 30 insertions(+)

diff --git a/src/or/conscache.c b/src/or/conscache.c
index 9dedb43..2544f56 100644
--- a/src/or/conscache.c
+++ b/src/or/conscache.c
@@ -78,6 +78,17 @@ consensus_cache_open(const char *subdir, int max_entries)
 }
 
 /**
+ * Tell the sandbox (if any) configured by <b>cfg</b> to allow the
+ * operations that <b>cache</b> will need.
+ */
+int
+consensus_cache_register_with_sandbox(consensus_cache_t *cache,
+                                      struct sandbox_cfg_elem **cfg)
+{
+  return storage_dir_register_with_sandbox(cache->dir, cfg);
+}
+
+/**
  * Helper: clear all entries from <b>cache</b> (but do not delete
  * any that aren't marked for removal
  */
diff --git a/src/or/conscache.h b/src/or/conscache.h
index c8cda60..f3110e2 100644
--- a/src/or/conscache.h
+++ b/src/or/conscache.h
@@ -13,6 +13,9 @@ HANDLE_DECL(consensus_cache_entry, consensus_cache_entry_t, )
 
 consensus_cache_t *consensus_cache_open(const char *subdir, int max_entries);
 void consensus_cache_free(consensus_cache_t *cache);
+struct sandbox_cfg_elem;
+int consensus_cache_register_with_sandbox(consensus_cache_t *cache,
+                                          struct sandbox_cfg_elem **cfg);
 void consensus_cache_unmap_lazy(consensus_cache_t *cache, time_t cutoff);
 void consensus_cache_delete_pending(consensus_cache_t *cache);
 consensus_cache_entry_t *consensus_cache_add(consensus_cache_t *cache,
diff --git a/src/or/consdiffmgr.c b/src/or/consdiffmgr.c
index 59d0f28..41e37ac 100644
--- a/src/or/consdiffmgr.c
+++ b/src/or/consdiffmgr.c
@@ -628,6 +628,16 @@ consdiffmgr_configure(const consdiff_cfg_t *cfg)
 }
 
 /**
+ * Tell the sandbox (if any) configured by <b>cfg</b> to allow the
+ * operations that the consensus diff manager will need.
+ */
+int
+consdiffmgr_register_with_sandbox(struct sandbox_cfg_elem **cfg)
+{
+  return consensus_cache_register_with_sandbox(cdm_cache_get(), cfg);
+}
+
+/**
  * Scan the consensus diff manager's cache for any grossly malformed entries,
  * and mark them as deletable.  Return 0 if no problems were found; 1
  * if problems were found and fixed.
diff --git a/src/or/consdiffmgr.h b/src/or/consdiffmgr.h
index 6932b2f..55ce1c8 100644
--- a/src/or/consdiffmgr.h
+++ b/src/or/consdiffmgr.h
@@ -32,6 +32,8 @@ consdiff_status_t consdiffmgr_find_diff_from(
 void consdiffmgr_rescan(void);
 int consdiffmgr_cleanup(void);
 void consdiffmgr_configure(const consdiff_cfg_t *cfg);
+struct sandbox_cfg_elem;
+int consdiffmgr_register_with_sandbox(struct sandbox_cfg_elem **cfg);
 void consdiffmgr_free_all(void);
 int consdiffmgr_validate(void);
 
diff --git a/src/or/main.c b/src/or/main.c
index 5fec7e4..452c350 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -64,6 +64,7 @@
 #include "connection.h"
 #include "connection_edge.h"
 #include "connection_or.h"
+#include "consdiffmgr.h"
 #include "control.h"
 #include "cpuworker.h"
 #include "crypto_s2k.h"
@@ -3162,6 +3163,7 @@ tor_free_all(int postfork)
   sandbox_free_getaddrinfo_cache();
   protover_free_all();
   bridges_free_all();
+  consdiffmgr_free_all();
   if (!postfork) {
     config_free_all();
     or_state_free_all();
@@ -3584,6 +3586,8 @@ sandbox_init_filter(void)
     OPEN_DATADIR("stats");
     STAT_DATADIR("stats");
     STAT_DATADIR2("stats", "dirreq-stats");
+
+    consdiffmgr_register_with_sandbox(&cfg);
   }
 
   init_addrinfo();