1d059297112922cabb0c674840589be8db821fd9aAdam Langley/* $OpenBSD: sandbox-systrace.c,v 1.14 2015/01/20 23:14:00 deraadt Exp $ */ 2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* 3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Permission to use, copy, modify, and distribute this software for any 6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * purpose with or without fee is hereby granted, provided that the above 7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * copyright notice and this permission notice appear in all copies. 8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */ 17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "includes.h" 19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef SANDBOX_SYSTRACE 21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/types.h> 23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/ioctl.h> 24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/syscall.h> 25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/socket.h> 26d059297112922cabb0c674840589be8db821fd9aAdam Langley#include <sys/wait.h> 27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <dev/systrace.h> 29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <errno.h> 31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <fcntl.h> 32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <limits.h> 33d059297112922cabb0c674840589be8db821fd9aAdam Langley#include <signal.h> 34bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <stdarg.h> 35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <stdio.h> 36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <stdlib.h> 37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <string.h> 38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <unistd.h> 39d059297112922cabb0c674840589be8db821fd9aAdam Langley#include <limits.h> 40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "atomicio.h" 42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "log.h" 43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "ssh-sandbox.h" 44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "xmalloc.h" 45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstruct sandbox_policy { 47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int syscall; 48bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int action; 49bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}; 50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */ 52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic const struct sandbox_policy preauth_policy[] = { 53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_open, SYSTR_POLICY_NEVER }, 54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 55d059297112922cabb0c674840589be8db821fd9aAdam Langley#ifdef SYS_getentropy 56d059297112922cabb0c674840589be8db821fd9aAdam Langley /* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */ 57d059297112922cabb0c674840589be8db821fd9aAdam Langley { SYS_getentropy, SYSTR_POLICY_PERMIT }, 58d059297112922cabb0c674840589be8db821fd9aAdam Langley#else 59d059297112922cabb0c674840589be8db821fd9aAdam Langley /* Previous releases used sysctl(3)'s kern.arnd variable. */ 60bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS___sysctl, SYSTR_POLICY_PERMIT }, 61d059297112922cabb0c674840589be8db821fd9aAdam Langley#endif 62d059297112922cabb0c674840589be8db821fd9aAdam Langley 63d059297112922cabb0c674840589be8db821fd9aAdam Langley#ifdef SYS_sendsyslog 64d059297112922cabb0c674840589be8db821fd9aAdam Langley { SYS_sendsyslog, SYSTR_POLICY_PERMIT }, 65d059297112922cabb0c674840589be8db821fd9aAdam Langley#endif 66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_close, SYSTR_POLICY_PERMIT }, 67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_exit, SYSTR_POLICY_PERMIT }, 68bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_getpid, SYSTR_POLICY_PERMIT }, 69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, 70d059297112922cabb0c674840589be8db821fd9aAdam Langley { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, 71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_madvise, SYSTR_POLICY_PERMIT }, 72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_mmap, SYSTR_POLICY_PERMIT }, 73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_mprotect, SYSTR_POLICY_PERMIT }, 74d059297112922cabb0c674840589be8db821fd9aAdam Langley { SYS_mquery, SYSTR_POLICY_PERMIT }, 75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_poll, SYSTR_POLICY_PERMIT }, 76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_munmap, SYSTR_POLICY_PERMIT }, 77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_read, SYSTR_POLICY_PERMIT }, 78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_select, SYSTR_POLICY_PERMIT }, 79d059297112922cabb0c674840589be8db821fd9aAdam Langley { SYS_shutdown, SYSTR_POLICY_PERMIT }, 80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, 81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { SYS_write, SYSTR_POLICY_PERMIT }, 82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { -1, -1 } 83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}; 84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstruct ssh_sandbox { 86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int systrace_fd; 87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman pid_t child_pid; 88d059297112922cabb0c674840589be8db821fd9aAdam Langley void (*osigchld)(int); 89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}; 90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstruct ssh_sandbox * 92d059297112922cabb0c674840589be8db821fd9aAdam Langleyssh_sandbox_init(struct monitor *monitor) 93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman struct ssh_sandbox *box; 95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug3("%s: preparing systrace sandbox", __func__); 97bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman box = xcalloc(1, sizeof(*box)); 98bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman box->systrace_fd = -1; 99bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman box->child_pid = 0; 100d059297112922cabb0c674840589be8db821fd9aAdam Langley box->osigchld = signal(SIGCHLD, SIG_IGN); 101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return box; 103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid 106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanssh_sandbox_child(struct ssh_sandbox *box) 107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug3("%s: ready", __func__); 109d059297112922cabb0c674840589be8db821fd9aAdam Langley signal(SIGCHLD, box->osigchld); 110d059297112922cabb0c674840589be8db821fd9aAdam Langley if (kill(getpid(), SIGSTOP) != 0) 111d059297112922cabb0c674840589be8db821fd9aAdam Langley fatal("%s: kill(%d, SIGSTOP)", __func__, getpid()); 112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug3("%s: started", __func__); 113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 115bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic void 116bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid, 117bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman const struct sandbox_policy *allowed_syscalls) 118bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 119d059297112922cabb0c674840589be8db821fd9aAdam Langley int dev_systrace, i, j, found, status; 120d059297112922cabb0c674840589be8db821fd9aAdam Langley pid_t pid; 121bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman struct systrace_policy policy; 122bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 123d059297112922cabb0c674840589be8db821fd9aAdam Langley /* Wait for the child to send itself a SIGSTOP */ 124bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug3("%s: wait for child %ld", __func__, (long)child_pid); 125d059297112922cabb0c674840589be8db821fd9aAdam Langley do { 126d059297112922cabb0c674840589be8db821fd9aAdam Langley pid = waitpid(child_pid, &status, WUNTRACED); 127d059297112922cabb0c674840589be8db821fd9aAdam Langley } while (pid == -1 && errno == EINTR); 128d059297112922cabb0c674840589be8db821fd9aAdam Langley signal(SIGCHLD, box->osigchld); 129d059297112922cabb0c674840589be8db821fd9aAdam Langley if (!WIFSTOPPED(status)) { 130d059297112922cabb0c674840589be8db821fd9aAdam Langley if (WIFSIGNALED(status)) 131d059297112922cabb0c674840589be8db821fd9aAdam Langley fatal("%s: child terminated with signal %d", 132d059297112922cabb0c674840589be8db821fd9aAdam Langley __func__, WTERMSIG(status)); 133d059297112922cabb0c674840589be8db821fd9aAdam Langley if (WIFEXITED(status)) 134d059297112922cabb0c674840589be8db821fd9aAdam Langley fatal("%s: child exited with status %d", 135d059297112922cabb0c674840589be8db821fd9aAdam Langley __func__, WEXITSTATUS(status)); 136d059297112922cabb0c674840589be8db821fd9aAdam Langley fatal("%s: child not stopped", __func__); 137d059297112922cabb0c674840589be8db821fd9aAdam Langley } 138d059297112922cabb0c674840589be8db821fd9aAdam Langley debug3("%s: child %ld stopped", __func__, (long)child_pid); 139bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman box->child_pid = child_pid; 140bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 141bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* Set up systracing of child */ 142bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1) 143bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("%s: open(\"/dev/systrace\"): %s", __func__, 144bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman strerror(errno)); 145bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (ioctl(dev_systrace, STRIOCCLONE, &box->systrace_fd) == -1) 146bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("%s: ioctl(STRIOCCLONE, %d): %s", __func__, 147bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman dev_systrace, strerror(errno)); 148bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(dev_systrace); 149bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug3("%s: systrace attach, fd=%d", __func__, box->systrace_fd); 150bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (ioctl(box->systrace_fd, STRIOCATTACH, &child_pid) == -1) 151bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("%s: ioctl(%d, STRIOCATTACH, %d): %s", __func__, 152bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman box->systrace_fd, child_pid, strerror(errno)); 153bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 154bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* Allocate and assign policy */ 155d059297112922cabb0c674840589be8db821fd9aAdam Langley memset(&policy, 0, sizeof(policy)); 156bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman policy.strp_op = SYSTR_POLICY_NEW; 157bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman policy.strp_maxents = SYS_MAXSYSCALL; 158bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) 159bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("%s: ioctl(%d, STRIOCPOLICY (new)): %s", __func__, 160bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman box->systrace_fd, strerror(errno)); 161bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 162bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman policy.strp_op = SYSTR_POLICY_ASSIGN; 163bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman policy.strp_pid = box->child_pid; 164bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) 165bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("%s: ioctl(%d, STRIOCPOLICY (assign)): %s", 166bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman __func__, box->systrace_fd, strerror(errno)); 167bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 168bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* Set per-syscall policy */ 169bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman for (i = 0; i < SYS_MAXSYSCALL; i++) { 170bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman found = 0; 171bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman for (j = 0; allowed_syscalls[j].syscall != -1; j++) { 172bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (allowed_syscalls[j].syscall == i) { 173bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman found = 1; 174bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman break; 175bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 176bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 177bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman policy.strp_op = SYSTR_POLICY_MODIFY; 178bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman policy.strp_code = i; 179bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman policy.strp_policy = found ? 180bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman allowed_syscalls[j].action : SYSTR_POLICY_KILL; 181bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (found) 182bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug3("%s: policy: enable syscall %d", __func__, i); 183bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) 184bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("%s: ioctl(%d, STRIOCPOLICY (modify)): %s", 185bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman __func__, box->systrace_fd, strerror(errno)); 186bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 187bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 188bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* Signal the child to start running */ 189bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug3("%s: start child %ld", __func__, (long)child_pid); 190d059297112922cabb0c674840589be8db821fd9aAdam Langley if (kill(box->child_pid, SIGCONT) != 0) 191d059297112922cabb0c674840589be8db821fd9aAdam Langley fatal("%s: kill(%d, SIGCONT)", __func__, box->child_pid); 192bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 193bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 194bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid 195bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanssh_sandbox_parent_finish(struct ssh_sandbox *box) 196bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 197bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* Closing this before the child exits will terminate it */ 198bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(box->systrace_fd); 199bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 200bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman free(box); 201bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug3("%s: finished", __func__); 202bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 203bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 204bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid 205bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) 206bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 207bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ssh_sandbox_parent(box, child_pid, preauth_policy); 208bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 209bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 210bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif /* SANDBOX_SYSTRACE */ 211