Add command-line options to configure environment sandbox

jsgf · jsgf · commit 13904d5a2e05 · 2018-04-25T17:37:20.000-07:00
The environment sandbox controls access to environment variables and
which path prefixes are available for opening from source (ie, with
the env!() and include!() class of macros).

By default, it does nothing. However, if you configure some sandbox options
then they will override the default-open mode of operation.

The options are:
--env-clear - clear entire environment, making all env!() operations fail
--env-allow VAR - allow a specific environment variable to be used
--env-define VAR=VAL - define the value of an environment variable for env!()
--clear-include-prefixes - clear all valid prefixes, making all include!() operations fail
--include-prefix PATH - define a path prefix that all include files must start with

These options are cumulative.

The environment sandboxing is different from controlling the environment that's
present when rustc is invoked, say with the "env" command. Sandboxing allows the
environment used by rustc - such as PATH or LD_LIBRARY_PATH (or equiv) -
versus the environment that's available to the compiled Rust source itself.

(This change just collects the options and sets up the EnvSandbox, but does not
implement any constraints.)
diff --git a/src/Cargo.lock b/src/Cargo.lock
diff --git a/src/librustc/Cargo.toml b/src/librustc/Cargo.toml
@@ -27,6 +27,7 @@ syntax = { path = "../libsyntax" }
 syntax_pos = { path = "../libsyntax_pos" }
 backtrace = "0.3.3"
 byteorder = { version = "1.1", features = ["i128"]}
+env_sandbox = { path = "../librustc_env_sandbox" }
 
 # Note that these dependencies are a lie, they're just here to get linkage to
 # work.
diff --git a/src/librustc/lib.rs b/src/librustc/lib.rs
@@ -91,6 +91,7 @@ extern crate rustc_errors as errors;
 extern crate syntax_pos;
 extern crate jobserver;
 extern crate proc_macro;
+extern crate env_sandbox;
 
 extern crate serialize as rustc_serialize; // used by deriving
 
diff --git a/src/librustc/session/config.rs b/src/librustc/session/config.rs
@@ -38,6 +38,8 @@ use syntax::feature_gate::UnstableFeatures;
 
 use errors::{ColorConfig, FatalError, Handler};
 
+use env_sandbox::{EnvSandboxBuilder, EnvSandbox};
+
 use getopts;
 use std::collections::{BTreeMap, BTreeSet};
 use std::collections::btree_map::Iter as BTreeMapIter;
@@ -413,6 +415,9 @@ top_level_options!(
         // Remap source path prefixes in all output (messages, object files, debug, etc)
         remap_path_prefix: Vec<(PathBuf, PathBuf)> [UNTRACKED],
         edition: Edition [TRACKED],
+
+        // Environment sandbox for process envvars and include path prefixes
+        env_sb: EnvSandbox [UNTRACKED],
     }
 );
 
@@ -593,6 +598,7 @@ pub fn basic_options() -> Options {
         cli_forced_thinlto_off: false,
         remap_path_prefix: Vec::new(),
         edition: DEFAULT_EDITION,
+        env_sb: EnvSandbox::default(),
     }
 }
 
@@ -1653,6 +1659,34 @@ pub fn rustc_optgroups() -> Vec<RustcOptGroup> {
             "Remap source names in all output (compiler messages and output files)",
             "FROM=TO",
         ),
+        opt::multi_s(
+            "",
+            "env-allow",
+            "Allow a specific environment variable to be accessed with an env!() macro",
+            "ENVVAR",
+        ),
+        opt::multi_s(
+            "",
+            "env-define",
+            "Define an environment variable for reading with an env!() macro",
+            "ENVVAR=VALUE",
+        ),
+        opt::flag_s(
+            "",
+            "env-clear",
+            "Clear all environment, and prevent access to process environment",
+        ),
+        opt::multi_s(
+            "",
+            "include-prefix",
+            "Define a valid prefix for include!() macros",
+            "PATH",
+        ),
+        opt::flag_s(
+            "",
+            "clear-include-prefixes",
+            "Clear all path prefixes, disallowing access to all files",
+        ),
     ]);
     opts
 }
@@ -2161,6 +2195,32 @@ pub fn build_session_options_and_crate_config(
         })
         .collect();
 
+    let mut env_sb = EnvSandboxBuilder::new();
+
+    if matches.opt_present("env-clear") {
+        env_sb.env_clear();
+    }
+    for env in matches.opt_strs("env-allow") {
+        env_sb.env_allow(env);
+    }
+    for envvar in matches.opt_strs("env-define") {
+        let envvar: Vec<_> = envvar.splitn(2, '=').collect();
+        if envvar.len() != 2 {
+            early_error(error_format, "--env-define must contain '=' between ENVVAR and VALUE");
+        }
+        env_sb.env_define(envvar[0], envvar[1]);
+    }
+
+    if matches.opt_present("clear-include-prefixes") {
+        env_sb.paths_clear();
+    }
+    for pathpfx in matches.opt_strs("include-prefix") {
+        if let Err(err) = env_sb.path_add(pathpfx) {
+            early_error(error_format, &format!("--include-prefix path error: {}", err));
+        }
+    }
+    let env_sb = env_sb.build();
+
     (
         Options {
             crate_types,
@@ -2191,6 +2251,7 @@ pub fn build_session_options_and_crate_config(
             cli_forced_thinlto_off: disable_thinlto,
             remap_path_prefix,
             edition,
+            env_sb,
         },
         cfg,
     )
