Rename, re-layer, add build setting

jansvoboda11 · jansvoboda11 · commit 0a1d47377697 · 2025-10-15T14:36:33.000-07:00
diff --git a/clang/lib/CodeGen/BackendUtil.cpp b/clang/lib/CodeGen/BackendUtil.cpp
@@ -1436,7 +1436,7 @@ void clang::emitBackendOutput(CompilerInstance &CI, CodeGenOptions &CGOpts,
   std::unique_ptr<llvm::Module> EmptyModule;
   if (!CGOpts.ThinLTOIndexFile.empty()) {
     // FIXME(sandboxing): Figure out how to support distributed indexing.
-    auto BypassSandbox = sys::sandbox_scoped_disable();
+    auto BypassSandbox = sys::sandbox::scopedDisable();
     // If we are performing a ThinLTO importing compile, load the function index
     // into memory and pass it into runThinLTOBackend, which will run the
     // function importer and invoke LTO passes.
diff --git a/clang/lib/Driver/Driver.cpp b/clang/lib/Driver/Driver.cpp
@@ -1872,7 +1872,7 @@ bool Driver::getCrashDiagnosticFile(StringRef ReproCrashFilename,
   assert(llvm::Triple(llvm::sys::getProcessTriple()).isOSDarwin() &&
          "Only knows about .crash files on Darwin");
   // This is not a formal output of the compiler, let's bypass the sandbox.
-  auto BypassSandbox = sandbox_scoped_disable();
+  auto BypassSandbox = sandbox::scopedDisable();
 
   // The .crash file can be found on at ~/Library/Logs/DiagnosticReports/
   // (or /Library/Logs/DiagnosticReports for root) and has the filename pattern
diff --git a/clang/lib/Driver/Job.cpp b/clang/lib/Driver/Job.cpp
@@ -429,7 +429,7 @@ int CC1Command::Execute(ArrayRef<std::optional<StringRef>> Redirects,
 
   // Enabling the sandbox here allows us to restore its previous state even when
   // this cc1 invocation crashes.
-  auto EnableSandbox = llvm::sys::sandbox_scoped_enable();
+  auto EnableSandbox = llvm::sys::sandbox::scopedEnable();
 
   llvm::CrashRecoveryContext CRC;
   CRC.DumpStackAndCleanupOnFailure = true;
diff --git a/clang/lib/Serialization/GlobalModuleIndex.cpp b/clang/lib/Serialization/GlobalModuleIndex.cpp
@@ -252,7 +252,7 @@ GlobalModuleIndex::~GlobalModuleIndex() {
 std::pair<GlobalModuleIndex *, llvm::Error>
 GlobalModuleIndex::readIndex(StringRef Path) {
   // This is a compiler-internal input/output, let's bypass the sandbox.
-  auto BypassSandbox = llvm::sys::sandbox_scoped_disable();
+  auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
 
   // Load the index file, if it's there.
   llvm::SmallString<128> IndexPath;
@@ -848,7 +848,7 @@ GlobalModuleIndex::writeIndex(FileManager &FileMgr,
                               const PCHContainerReader &PCHContainerRdr,
                               StringRef Path) {
   // This is a compiler-internal input/output, let's bypass the sandbox.
-  auto BypassSandbox = llvm::sys::sandbox_scoped_disable();
+  auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
 
   llvm::SmallString<128> IndexPath;
   IndexPath += Path;
diff --git a/clang/lib/Serialization/ModuleCache.cpp b/clang/lib/Serialization/ModuleCache.cpp
@@ -29,7 +29,7 @@ void clang::maybePruneImpl(StringRef Path, time_t PruneInterval,
     return;
 
   // This is a compiler-internal input/output, let's bypass the sandbox.
-  auto BypassSandbox = llvm::sys::sandbox_scoped_disable();
+  auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
 
   llvm::SmallString<128> TimestampFile(Path);
   llvm::sys::path::append(TimestampFile, "modules.timestamp");
@@ -120,7 +120,7 @@ class CrossProcessModuleCache : public ModuleCache {
 
   std::time_t getModuleTimestamp(StringRef ModuleFilename) override {
     // This is a compiler-internal input/output, let's bypass the sandbox.
-    auto SandboxBypass = llvm::sys::sandbox_scoped_disable();
+    auto SandboxBypass = llvm::sys::sandbox::scopedDisable();
     std::string TimestampFilename =
         serialization::ModuleFile::getTimestampFilename(ModuleFilename);
     llvm::sys::fs::file_status Status;
diff --git a/clang/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp b/clang/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp
@@ -259,7 +259,7 @@ void HTMLDiagnostics::FlushDiagnosticsImpl(
 void HTMLDiagnostics::ReportDiag(const PathDiagnostic& D,
                                  FilesMade *filesMade) {
   // FIXME(sandboxing): Remove this by adopting `llvm::vfs::OutputBackend`.
-  auto SandboxBypass = llvm::sys::sandbox_scoped_disable();
+  auto SandboxBypass = llvm::sys::sandbox::scopedDisable();
 
   // Create the HTML directory if it is missing.
   if (!createdDir) {
diff --git a/clang/tools/driver/cc1_main.cpp b/clang/tools/driver/cc1_main.cpp
@@ -274,7 +274,7 @@ int cc1_main(ArrayRef<const char *> Argv, const char *Argv0, void *MainAddr) {
 
   /// Create the actual file system.
   auto VFS = [] {
-    auto BypassSandbox = llvm::sys::sandbox_scoped_disable();
+    auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
     return llvm::vfs::getRealFileSystem();
   }();
   Clang->createVirtualFileSystem(std::move(VFS), DiagsBuffer);
@@ -309,7 +309,7 @@ int cc1_main(ArrayRef<const char *> Argv, const char *Argv0, void *MainAddr) {
   // results now.  This happens in -disable-free mode.
   {
     // This isn't a formal input or output of the compiler.
-    auto BypassSandbox = llvm::sys::sandbox_scoped_disable();
+    auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
     std::unique_ptr<raw_ostream> IOFile = llvm::CreateInfoOutputFile();
     if (Clang->getCodeGenOpts().TimePassesJson) {
       *IOFile << "{\n";
diff --git a/clang/tools/driver/cc1as_main.cpp b/clang/tools/driver/cc1as_main.cpp
@@ -428,7 +428,7 @@ static bool ExecuteAssemblerImpl(AssemblerInvocation &Opts,
 
   ErrorOr<std::unique_ptr<MemoryBuffer>> Buffer = [=] {
     // FIXME(sandboxing): Make this a proper input file.
-    auto BypassSandbox = sys::sandbox_scoped_disable();
+    auto BypassSandbox = sys::sandbox::scopedDisable();
     return MemoryBuffer::getFileOrSTDIN(Opts.InputFile, /*IsText=*/true);
   }();
 
@@ -677,7 +677,7 @@ int cc1as_main(ArrayRef<const char *> Argv, const char *Argv0, void *MainAddr) {
   DiagnosticsEngine Diags(DiagnosticIDs::create(), DiagOpts, DiagClient);
 
   auto VFS = [] {
-    auto BypassSandbox = sys::sandbox_scoped_disable();
+    auto BypassSandbox = sys::sandbox::scopedDisable();
     return vfs::getRealFileSystem();
   }();
 
diff --git a/llvm/CMakeLists.txt b/llvm/CMakeLists.txt
@@ -697,6 +697,7 @@ option(LLVM_ENABLE_WERROR "Fail and stop if a warning is triggered." OFF)
 
 option(LLVM_ENABLE_DUMP "Enable dump functions even when assertions are disabled" OFF)
 option(LLVM_UNREACHABLE_OPTIMIZE "Optimize llvm_unreachable() as undefined behavior (default), guaranteed trap when OFF" ON)
+option(LLVM_ENABLE_IO_SANDBOX "Enable IO sandboxing in supported tools" OFF)
 
 if( NOT uppercase_CMAKE_BUILD_TYPE STREQUAL "DEBUG" )
   option(LLVM_ENABLE_ASSERTIONS "Enable assertions" OFF)
diff --git a/llvm/include/llvm/Support/IOSandbox.h b/llvm/include/llvm/Support/IOSandbox.h
@@ -9,12 +9,74 @@
 #ifndef LLVM_SUPPORT_IOSANDBOX_H
 #define LLVM_SUPPORT_IOSANDBOX_H
 
+// Always enable IO sandboxing in debug/assert builds for development,
+// but allow enablement even for release/no-assert builds for production.
+#if !defined(NDEBUG) || defined(LLVM_ENABLE_IO_SANDBOX)
+
+#include "llvm/Support/ErrorHandling.h"
 #include "llvm/Support/SaveAndRestore.h"
 
-namespace llvm::sys {
-SaveAndRestore<bool> sandbox_scoped_enable();
-SaveAndRestore<bool> sandbox_scoped_disable();
-void sandbox_violation_if_enabled();
-} // namespace llvm::sys
+namespace llvm::sys::sandbox {
+inline thread_local bool Enabled = false;
+inline SaveAndRestore<bool> scopedEnable() { return {Enabled, true}; }
+inline SaveAndRestore<bool> scopedDisable() { return {Enabled, false}; }
+inline void violationIfEnabled() {
+  if (Enabled)
+    reportFatalInternalError("IO sandbox violation");
+}
+} // namespace llvm::sys::sandbox
+
+#else
+
+namespace llvm::sys::sandbox {
+inline int scopedEnable() {}
+inline int scopedDisable() {}
+inline void violationIfEnabled() {}
+} // namespace llvm::sys::sandbox
+
+#endif
+
+namespace llvm::sys::sandbox {
+/// Facility for seamlessly interposing function calls and sandbox enforcement.
+/// This is intended for creating static functors like so:
+///
+///   // before
+///   #include <unistd.h>
+///   namespace x {
+///     void perform_read() { read(); } // not sandboxed
+///   }
+///
+///   // after
+///   #include <unistd.h>
+///   namespace x {
+///     static constexpr auto read = llvm::sys::sandbox::interpose(::read);
+///     void perform_read() { read(); } // sandboxed
+///   }
+template <class FnTy> struct Interposed;
+
+template <class RetTy, class... ArgTy> struct Interposed<RetTy (*)(ArgTy...)> {
+  RetTy (*Fn)(ArgTy...);
+
+  RetTy operator()(ArgTy... Arg) const {
+    violationIfEnabled();
+    return Fn(std::forward<ArgTy>(Arg)...);
+  }
+};
+
+template <class RetTy, class... ArgTy>
+struct Interposed<RetTy (*)(ArgTy..., ...)> {
+  RetTy (*Fn)(ArgTy..., ...);
+
+  template <class... CVarArgTy>
+  RetTy operator()(ArgTy... Arg, CVarArgTy... CVarArg) const {
+    violationIfEnabled();
+    return Fn(std::forward<ArgTy>(Arg)..., std::forward<CVarArgTy>(CVarArg)...);
+  }
+};
+
+template <class FnTy> constexpr auto interpose(FnTy Fn) {
+  return Interposed<FnTy>{Fn};
+}
+} // namespace llvm::sys::sandbox
 
 #endif
diff --git a/llvm/lib/Support/IOSandbox.cpp b/llvm/lib/Support/IOSandbox.cpp
diff --git a/llvm/lib/Support/IOSandboxInternal.h b/llvm/lib/Support/IOSandboxInternal.h
diff --git a/llvm/lib/Support/LockFileManager.cpp b/llvm/lib/Support/LockFileManager.cpp
@@ -52,7 +52,7 @@ using namespace llvm;
 /// \returns The process ID of the process that owns this lock file
 std::optional<LockFileManager::OwnedByAnother>
 LockFileManager::readLockFile(StringRef LockFileName) {
-  auto SandboxBypass = sys::sandbox_scoped_disable();
+  auto SandboxBypass = sys::sandbox::scopedDisable();
 
   // Read the owning host and PID out of the lock file. If it appears that the
   // owning process is dead, the lock file is invalid.
@@ -249,7 +249,7 @@ Expected<bool> LockFileManager::tryLock() {
 }
 
 LockFileManager::~LockFileManager() {
-  auto SandboxBypass = sys::sandbox_scoped_disable();
+  auto SandboxBypass = sys::sandbox::scopedDisable();
 
   if (!std::holds_alternative<OwnedByUs>(Owner))
     return;
diff --git a/llvm/lib/Support/Signals.cpp b/llvm/lib/Support/Signals.cpp
@@ -97,7 +97,7 @@ CallBacksToRun() {
 // Signal-safe.
 void sys::RunSignalHandlers() {
   // Let's not interfere with stack trace symbolication and friends.
-  auto BypassSandbox = sandbox_scoped_disable();
+  auto BypassSandbox = sandbox::scopedDisable();
 
   for (CallbackAndCookie &RunMe : CallBacksToRun()) {
     auto Expected = CallbackAndCookie::Status::Initialized;
diff --git a/llvm/lib/Support/Unix/Path.inc b/llvm/lib/Support/Unix/Path.inc
@@ -114,7 +114,31 @@ typedef uint_t uint;
 #define STATVFS_F_FLAG(vfs) (vfs).f_flags
 #endif
 
-#include "IOSandboxInternal.h"
+#include <stdio.h>
+#include <sys/stat.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+#include <dirent.h>
+
+#include "llvm/Support/IOSandbox.h"
+
+namespace llvm {
+static constexpr auto read = sys::sandbox::interpose(::read);
+static constexpr auto pread = sys::sandbox::interpose(::pread);
+static constexpr auto mmap = sys::sandbox::interpose(::mmap);
+static constexpr auto readdir = sys::sandbox::interpose(::readdir);
+static constexpr auto access = sys::sandbox::interpose(::access);
+static constexpr auto stat = sys::sandbox::interpose(::stat);
+static constexpr auto lstat = sys::sandbox::interpose(::lstat);
+static constexpr auto fstat = sys::sandbox::interpose(::fstat);
+static constexpr auto getcwd = sys::sandbox::interpose(::getcwd);
+static constexpr auto realpath = sys::sandbox::interpose(::realpath);
+static constexpr auto readlink = sys::sandbox::interpose(::readlink);
+} // namespace llvm
 
 using namespace llvm;
 
diff --git a/llvm/lib/Support/VirtualFileSystem.cpp b/llvm/lib/Support/VirtualFileSystem.cpp
diff --git a/llvm/lib/Support/VirtualOutputBackends.cpp b/llvm/lib/Support/VirtualOutputBackends.cpp
diff --git a/llvm/lib/Support/raw_ostream.cpp b/llvm/lib/Support/raw_ostream.cpp
