woj/woj-sandbox
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

feat: pass config instead of getenv

Browse Source
This commit is contained in:
Paul Pan 2023-12-28 00:58:15 +08:00
parent d9655d6425
commit 02547b124d
10 changed files with 128 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CMakeLists.txt
View File

@ -20,17 +20,23 @@ include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libseccomp/include)
# Targets # Targets
add_library(woj_sandbox SHARED ${PROJECT_SOURCE_DIR}/library.c ${PROJECT_SOURCE_DIR}/inject.c ${SRC_FILES}) add_library(woj_sandbox SHARED ${PROJECT_SOURCE_DIR}/library.c ${PROJECT_SOURCE_DIR}/inject.c ${SRC_FILES})
add_executable(woj_launcher ${PROJECT_SOURCE_DIR}/launcher.c) add_executable(woj_launcher ${PROJECT_SOURCE_DIR}/launcher.c)
add_executable(woj_launcher2 ${PROJECT_SOURCE_DIR}/library.c ${PROJECT_SOURCE_DIR}/launcher.c ${SRC_FILES})
add_executable(woj_test ${PROJECT_SOURCE_DIR}/test.c) add_executable(woj_test ${PROJECT_SOURCE_DIR}/test.c)
# Link seccomp # Link seccomp
target_link_libraries(woj_sandbox ${CMAKE_SOURCE_DIR}/libseccomp/src/.libs/libseccomp.a) target_link_libraries(woj_sandbox ${CMAKE_SOURCE_DIR}/libseccomp/src/.libs/libseccomp.a)
target_link_libraries(woj_launcher ${CMAKE_SOURCE_DIR}/libseccomp/src/.libs/libseccomp.a) target_link_libraries(woj_launcher ${CMAKE_SOURCE_DIR}/libseccomp/src/.libs/libseccomp.a)
target_link_libraries(woj_launcher2 ${CMAKE_SOURCE_DIR}/libseccomp/src/.libs/libseccomp.a)
# Disable symbol export # Disable symbol export
set_target_properties(woj_sandbox PROPERTIES C_VISIBILITY_PRESET hidden) set_target_properties(woj_sandbox PROPERTIES C_VISIBILITY_PRESET hidden)
set_property(TARGET woj_sandbox APPEND_STRING PROPERTY LINK_FLAGS " -Wl,--version-script=${VERSION_SCRIPT}") set_property(TARGET woj_sandbox APPEND_STRING PROPERTY LINK_FLAGS " -Wl,--version-script=${VERSION_SCRIPT}")
set_target_properties(woj_sandbox PROPERTIES LINK_DEPENDS ${VERSION_SCRIPT}) set_target_properties(woj_sandbox PROPERTIES LINK_DEPENDS ${VERSION_SCRIPT})
set_target_properties(woj_launcher2 PROPERTIES C_VISIBILITY_PRESET hidden)
set_property(TARGET woj_launcher2 APPEND_STRING PROPERTY LINK_FLAGS " -Wl,--version-script=${VERSION_SCRIPT}")
set_target_properties(woj_launcher2 PROPERTIES LINK_DEPENDS ${VERSION_SCRIPT})
# Optimization # Optimization
include(CheckIPOSupported) include(CheckIPOSupported)
check_ipo_supported(RESULT ipo_result OUTPUT ipo_output) check_ipo_supported(RESULT ipo_result OUTPUT ipo_output)

106
launcher.c
View File

@ -15,7 +15,7 @@
#include <time.h> #include <time.h>
#include <unistd.h> #include <unistd.h>
char *config[is_valid + 1]; char *config[CFG_IS_VALID + 1];
void print_help(char *self) { void print_help(char *self) {
LOG_WARN("Usage:"); LOG_WARN("Usage:");
@ -36,33 +36,33 @@ void print_help(char *self) {
void parse(int argc, char *argv[]) { void parse(int argc, char *argv[]) {
static struct option options[] = { static struct option options[] = {
[memory_limit] = {"memory_limit", required_argument, NULL, 0}, [CFG_MEMORY_LIMIT] = {"memory_limit", required_argument, NULL, 0},
[nproc_limit] = {"nproc_limit", required_argument, NULL, 0}, [CFG_NPROC_LIMIT] = {"nproc_limit", required_argument, NULL, 0},
[time_limit] = {"time_limit", required_argument, NULL, 0}, [CFG_TIME_LIMIT] = {"time_limit", required_argument, NULL, 0},
[sandbox_path] = {"sandbox_path", required_argument, NULL, 0}, [CFG_SANDBOX_PATH] = {"sandbox_path", required_argument, NULL, 0},
[sandbox_template] = {"sandbox_template", required_argument, NULL, 0}, [CFG_SANDBOX_TEMPLATE] = {"sandbox_template", required_argument, NULL, 0},
[sandbox_action] = {"sandbox_action", required_argument, NULL, 0}, [CFG_SANDBOX_ACTION] = {"sandbox_action", required_argument, NULL, 0},
[file_input] = {"file_input", required_argument, NULL, 0}, [CFG_FILE_INPUT] = {"file_input", required_argument, NULL, 0},
[file_output] = {"file_output", required_argument, NULL, 0}, [CFG_FILE_OUTPUT] = {"file_output", required_argument, NULL, 0},
[file_info] = {"file_info", required_argument, NULL, 0}, [CFG_FILE_INFO] = {"file_info", required_argument, NULL, 0},
[program] = {"program", required_argument, NULL, 0}, [CFG_PROGRAM] = {"program", required_argument, NULL, 0},
[is_valid] = {"help", no_argument, NULL, 0}, [CFG_IS_VALID] = {"help", no_argument, NULL, 0},
[is_valid + 1] = {NULL, 0, NULL, 0} [CFG_IS_VALID + 1] = {NULL, 0, NULL, 0}
}; };
int c, idx = 0; int c, idx = 0;
while ((c = getopt_long_only(argc, argv, "", options, &idx)) != -1) { while ((c = getopt_long_only(argc, argv, "", options, &idx)) != -1) {
if (c != 0) break; if (c != 0) break;
if (idx < is_valid) if (idx < CFG_IS_VALID)
config[idx] = optarg; config[idx] = optarg;
else if (idx == is_valid) { else if (idx == CFG_IS_VALID) {
print_help(argv[0]); print_help(argv[0]);
exit(0); exit(0);
} }
} }
for (int i = 0; i < is_valid; i++) { for (int i = 0; i < CFG_IS_VALID; i++) {
if (!config[i]) { if (!config[i]) {
print_help(argv[0]); print_help(argv[0]);
LOG_ERR("Missing arguments"); LOG_ERR("Missing arguments");
@ -70,51 +70,74 @@ void parse(int argc, char *argv[]) {
} }
} }
config[is_valid] = (char *)1; config[CFG_IS_VALID] = (char *)1;
} }
void launch_child() { void launch_child() {
char *args[] = {config[program], NULL}; char *args[] = {config[CFG_PROGRAM], NULL};
char *env[8]; char *env[8];
/* build env */ { /* build env */ {
env[0] = malloc(sizeof("LD_PRELOAD=") + strlen(config[sandbox_path]) + 1); env[0] = malloc(sizeof("LD_PRELOAD=") + strlen(config[CFG_SANDBOX_PATH]) + 1);
sprintf(env[0], "LD_PRELOAD=%s", config[sandbox_path]); sprintf(env[0], "LD_PRELOAD=%s", config[CFG_SANDBOX_PATH]);
env[1] = malloc(sizeof(LIMIT_MEMORY "=") + strlen(config[memory_limit]) + 1); env[1] = malloc(sizeof(LIMIT_MEMORY "=") + strlen(config[CFG_MEMORY_LIMIT]) + 1);
sprintf(env[1], LIMIT_MEMORY "=%s", config[memory_limit]); sprintf(env[1], LIMIT_MEMORY "=%s", config[CFG_MEMORY_LIMIT]);
env[2] = malloc(sizeof(LIMIT_NPROC "=") + strlen(config[nproc_limit]) + 1); env[2] = malloc(sizeof(LIMIT_NPROC "=") + strlen(config[CFG_NPROC_LIMIT]) + 1);
sprintf(env[2], LIMIT_NPROC "=%s", config[nproc_limit]); sprintf(env[2], LIMIT_NPROC "=%s", config[CFG_NPROC_LIMIT]);
env[3] = malloc(sizeof(LIMIT_TIME "=") + strlen(config[time_limit]) + 1); env[3] = malloc(sizeof(LIMIT_TIME "=") + strlen(config[CFG_TIME_LIMIT]) + 1);
sprintf(env[3], LIMIT_TIME "=%s", config[time_limit]); sprintf(env[3], LIMIT_TIME "=%s", config[CFG_TIME_LIMIT]);
env[4] = malloc(sizeof(SANDBOX_TEMPLATE "=") + strlen(config[sandbox_template]) + 1); env[4] = malloc(sizeof(SANDBOX_TEMPLATE "=") + strlen(config[CFG_SANDBOX_TEMPLATE]) + 1);
sprintf(env[4], SANDBOX_TEMPLATE "=%s", config[sandbox_template]); sprintf(env[4], SANDBOX_TEMPLATE "=%s", config[CFG_SANDBOX_TEMPLATE]);
env[5] = malloc(sizeof(SANDBOX_ACTION "=") + strlen(config[sandbox_action]) + 1); env[5] = malloc(sizeof(SANDBOX_ACTION "=") + strlen(config[CFG_SANDBOX_ACTION]) + 1);
sprintf(env[5], SANDBOX_ACTION "=%s", config[sandbox_action]); sprintf(env[5], SANDBOX_ACTION "=%s", config[CFG_SANDBOX_ACTION]);
env[6] = malloc(sizeof(SANDBOX_EXE_PATH "=") + strlen(config[program]) + 1); env[6] = malloc(sizeof(SANDBOX_EXE_PATH "=") + strlen(config[CFG_PROGRAM]) + 1);
sprintf(env[6], SANDBOX_EXE_PATH "=%s", config[program]); sprintf(env[6], SANDBOX_EXE_PATH "=%s", config[CFG_PROGRAM]);
env[7] = NULL; env[7] = NULL;
} }
/* build stdin */ { /* build stdin */ {
int fd = open(config[file_input], O_RDONLY); int fd = open(config[CFG_FILE_INPUT], O_RDONLY);
dup2(fd, STDIN_FILENO); dup2(fd, STDIN_FILENO);
close(fd); close(fd);
} }
/* build stdout */ { /* build stdout */ {
int fd = open(config[file_output], O_WRONLY | O_CREAT, 0644); int fd = open(config[CFG_FILE_OUTPUT], O_WRONLY | O_CREAT, 0644);
dup2(fd, STDOUT_FILENO); dup2(fd, STDOUT_FILENO);
close(fd); close(fd);
} }
execve(config[program], args, env); execve(config[CFG_PROGRAM], args, env);
}
void launch_child2() {
// TODO: glibc compiled program has a very annoying setup process
LOG_WARN("launch_child2 is not implemented yet");
char *args[] = {config[CFG_PROGRAM], NULL};
/* build stdin */ {
int fd = open(config[CFG_FILE_INPUT], O_RDONLY);
dup2(fd, STDIN_FILENO);
close(fd);
}
/* build stdout */ {
int fd = open(config[CFG_FILE_OUTPUT], O_WRONLY | O_CREAT, 0644);
dup2(fd, STDOUT_FILENO);
close(fd);
}
setup_all();
execve(config[CFG_PROGRAM], args, nullptr);
} }
void dump_info(FILE *dest, struct rusage *usage, int status, long long time_usage) { void dump_info(FILE *dest, struct rusage *usage, int status, long long time_usage) {
@ -137,7 +160,14 @@ int main(int argc, char *argv[]) {
exit(ERR_FORK); exit(ERR_FORK);
} else if (child == 0) { // Program } else if (child == 0) { // Program
launch_child(); if (!setup_all) {
LOG_INFO("Using preload sandbox");
launch_child();
} else {
LOG_INFO("Using inplace sandbox");
launch_child2();
}
LOG_ERR("Failed to execute child program"); LOG_ERR("Failed to execute child program");
exit(ERR_EXEC); exit(ERR_EXEC);
@ -148,7 +178,7 @@ int main(int argc, char *argv[]) {
exit(ERR_FORK); exit(ERR_FORK);
} else if (killer == 0) { // Killer } else if (killer == 0) { // Killer
long limit = (strtol(config[time_limit], NULL, 10) + 1000) / 1000 + 2; long limit = (strtol(config[CFG_TIME_LIMIT], NULL, 10) + 1000) / 1000 + 2;
LOG_INFO("Killer started, time limit: %lds", limit); LOG_INFO("Killer started, time limit: %lds", limit);
sleep(limit); // two more seconds sleep(limit); // two more seconds
LOG_WARN("Killer killed child"); LOG_WARN("Killer killed child");
@ -175,7 +205,7 @@ int main(int argc, char *argv[]) {
exit(ERR_WAIT); exit(ERR_WAIT);
} }
FILE *info = fopen(config[file_info], "w"); FILE *info = fopen(config[CFG_FILE_INFO], "w");
dump_info(info, &usage, status, time_usage); dump_info(info, &usage, status, time_usage);
exit(0); exit(0);
} }

24
launcher.h
View File

@ -2,19 +2,17 @@
#define WOJ_SANDBOX_LAUNCHER_H #define WOJ_SANDBOX_LAUNCHER_H
enum ConfigIndex { enum ConfigIndex {
memory_limit = 0, CFG_MEMORY_LIMIT = 0,
nproc_limit, CFG_NPROC_LIMIT,
time_limit, CFG_TIME_LIMIT,
sandbox_path, CFG_SANDBOX_PATH,
sandbox_template, CFG_SANDBOX_TEMPLATE,
sandbox_action, CFG_SANDBOX_ACTION,
file_input, CFG_FILE_INPUT,
file_output, CFG_FILE_OUTPUT,
file_info, CFG_FILE_INFO,
program, CFG_PROGRAM,
is_valid CFG_IS_VALID
}; };
char *config[is_valid + 1] __attribute__((weak));
#endif // WOJ_SANDBOX_LAUNCHER_H #endif // WOJ_SANDBOX_LAUNCHER_H

18
library.c
View File

@ -1,12 +1,14 @@
#include "launcher.h"
#include "resource.h" #include "resource.h"
#include "rules/lang.h" #include "rules/lang.h"
#include "sandbox.h" #include "sandbox.h"
#include "utils/log.h" #include "utils/log.h"
#include <fcntl.h> #include <fcntl.h>
#include <stdlib.h>
#include <unistd.h> #include <unistd.h>
char *config[CFG_IS_VALID + 1] __attribute__((weak));
void setup_all(void) { void setup_all(void) {
char comm[64]; char comm[64];
int fd = open("/proc/self/comm", O_RDONLY); int fd = open("/proc/self/comm", O_RDONLY);
@ -17,13 +19,21 @@ void setup_all(void) {
LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid()); LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid());
if (config[is_valid]) { if (config[CFG_IS_VALID]) {
LOG_INFO("Using config from launcher"); LOG_INFO("Using config from launcher");
} else { } else {
LOG_INFO("Using config from environment"); LOG_INFO("Using config from environment");
config[CFG_MEMORY_LIMIT] = getenv(LIMIT_MEMORY);
config[CFG_NPROC_LIMIT] = getenv(LIMIT_NPROC);
config[CFG_TIME_LIMIT] = getenv(LIMIT_TIME);
config[CFG_SANDBOX_TEMPLATE] = getenv(SANDBOX_TEMPLATE);
config[CFG_SANDBOX_ACTION] = getenv(SANDBOX_ACTION);
config[CFG_PROGRAM] = getenv(SANDBOX_EXE_PATH);
} }
register_lang_c_cpp(); register_lang_c_cpp();
setup_rlimit(); setup_rlimit(config);
setup_seccomp(); setup_seccomp(config);
} }

10
resource.c
View File

@ -16,18 +16,18 @@
} \ } \
} while (0) } while (0)
void setup_rlimit(void) { void setup_rlimit(char *config[CFG_IS_VALID + 1]) {
LOG_INFO("Setting resource limit"); LOG_INFO("Setting resource limit");
char *mem_limit_str = getenv(LIMIT_MEMORY); // in mb char *mem_limit_str = config[CFG_MEMORY_LIMIT]; // in mb
char *nproc_limit_str = getenv(LIMIT_NPROC); char *nproc_limit_str = config[CFG_NPROC_LIMIT];
char *time_limit_str = getenv(LIMIT_TIME); // in ms char *time_limit_str = config[CFG_TIME_LIMIT]; // in ms
long mem_limit = 0, nproc_limit = 0, time_limit = 0; long mem_limit = 0, nproc_limit = 0, time_limit = 0;
if (mem_limit_str) { if (mem_limit_str) {
// convert to bytes and double the memory limit // convert to bytes and double the memory limit
mem_limit = strtol(mem_limit_str, NULL, 10) * 1024 * 1024 * 2; mem_limit = strtol(mem_limit_str, NULL, 10) * 1024 * 1024;
} }
if (nproc_limit_str) { if (nproc_limit_str) {

4
resource.h
View File

@ -1,11 +1,13 @@
#ifndef WOJ_SANDBOX_RESOURCE_H #ifndef WOJ_SANDBOX_RESOURCE_H
#define WOJ_SANDBOX_RESOURCE_H #define WOJ_SANDBOX_RESOURCE_H
#include "launcher.h"
// Configuration Environment Variables // Configuration Environment Variables
#define LIMIT_MEMORY "LIMIT_MEMORY" #define LIMIT_MEMORY "LIMIT_MEMORY"
#define LIMIT_TIME "LIMIT_TIME" #define LIMIT_TIME "LIMIT_TIME"
#define LIMIT_NPROC "LIMIT_NPROC" #define LIMIT_NPROC "LIMIT_NPROC"
void setup_rlimit(void); void setup_rlimit(char *config[CFG_IS_VALID + 1]);
#endif // WOJ_SANDBOX_RESOURCE_H #endif // WOJ_SANDBOX_RESOURCE_H

9
rules/rules.c
View File

@ -10,17 +10,16 @@ LIST_HEAD(seccomp_rules);
void register_rule(struct rule *rule) { list_add(&rule->list, &seccomp_rules); } void register_rule(struct rule *rule) { list_add(&rule->list, &seccomp_rules); }
void setup_self(scmp_filter_ctx ctx) { void setup_self(scmp_filter_ctx ctx, const char *exe_path) {
// allow to execute self // allow to execute self
char *self = getenv(SANDBOX_EXE_PATH); add_syscall_nr_arg(SCMP_SYS(execve), ctx, SCMP_ACT_ALLOW, 1, &SCMP_A0(SCMP_CMP_EQ, (scmp_datum_t)exe_path));
if (self) add_syscall_nr_arg(SCMP_SYS(execve), ctx, SCMP_ACT_ALLOW, 1, SCMP_A0(SCMP_CMP_EQ, (scmp_datum_t)self));
} }
void setup_rule(char *name, scmp_filter_ctx ctx) { void setup_rule(const char *name, scmp_filter_ctx ctx, const char *exe_path) {
struct list_head *current; struct list_head *current;
struct rule *rule; struct rule *rule;
setup_self(ctx); setup_self(ctx, exe_path);
list_for_each(current, &seccomp_rules) { list_for_each(current, &seccomp_rules) {
rule = list_entry(current, struct rule, list); rule = list_entry(current, struct rule, list);

6
rules/rules.h
View File

@ -6,13 +6,13 @@
#include "seccomp.h" #include "seccomp.h"
struct rule { struct rule {
char *name; char *name;
void (*setup)(scmp_filter_ctx); void (*setup)(scmp_filter_ctx);
struct list_head list; struct list_head list;
}; };
void register_rule(struct rule *rule); void register_rule(struct rule *rule);
void setup_rule(char *name, scmp_filter_ctx ctx); void setup_rule(const char *name, scmp_filter_ctx ctx, const char *exe_path);
void dump_rules(void); void dump_rules(void);
#endif // WOJ_SANDBOX_RULES_H #endif // WOJ_SANDBOX_RULES_H

22
sandbox.c
View File

@ -16,17 +16,13 @@ void add_syscall_nr(int syscall_nr, scmp_filter_ctx ctx, uint32_t action) {
} }
} }
void add_syscall_nr_arg(int syscall_nr, scmp_filter_ctx ctx, uint32_t action, unsigned arg_cnt, ...) { void add_syscall_nr_arg(int syscall_nr, scmp_filter_ctx ctx, uint32_t action, unsigned arg_cnt,
va_list(args); const struct scmp_arg_cmp *args) {
va_start(args, arg_cnt); if (seccomp_rule_add_array(ctx, action, syscall_nr, arg_cnt, args)) {
if (seccomp_rule_add(ctx, action, syscall_nr, arg_cnt, args)) {
LOG_ERR("Failed to add syscall %d", syscall_nr); LOG_ERR("Failed to add syscall %d", syscall_nr);
seccomp_release(ctx); seccomp_release(ctx);
exit(ERR_SECCOMP_RESOLVE); exit(ERR_SECCOMP_RESOLVE);
} }
va_end(args);
} }
void add_syscall_name(const char *syscall_name, scmp_filter_ctx ctx, uint32_t action) { void add_syscall_name(const char *syscall_name, scmp_filter_ctx ctx, uint32_t action) {
@ -40,14 +36,14 @@ void add_syscall_name(const char *syscall_name, scmp_filter_ctx ctx, uint32_t ac
add_syscall_nr(syscall_nr, ctx, action); add_syscall_nr(syscall_nr, ctx, action);
} }
void setup_seccomp(void) { void setup_seccomp(char *config[CFG_IS_VALID + 1]) {
LOG_INFO("Setting seccomp rules..."); LOG_INFO("Setting seccomp rules...");
char *template = getenv(SANDBOX_TEMPLATE); char *template = config[CFG_SANDBOX_TEMPLATE];
char *action = getenv(SANDBOX_ACTION); char *action = config[CFG_SANDBOX_ACTION];
char *exe_path = config[CFG_PROGRAM];
uint32_t act = SCMP_ACT_KILL; uint32_t act = SCMP_ACT_KILL;
bool disabled = false;
if (action && strncmp(action, "log", sizeof("log")) == 0) act = SCMP_ACT_LOG; if (action && strncmp(action, "log", sizeof("log")) == 0) act = SCMP_ACT_LOG;
if (action && strncmp(action, "kill", sizeof("kill")) == 0) act = SCMP_ACT_KILL; if (action && strncmp(action, "kill", sizeof("kill")) == 0) act = SCMP_ACT_KILL;
@ -69,7 +65,7 @@ void setup_seccomp(void) {
exit(ERR_SECCOMP_INIT); exit(ERR_SECCOMP_INIT);
} }
setup_rule(template, ctx); setup_rule(template, ctx, exe_path);
if (seccomp_load(ctx)) { if (seccomp_load(ctx)) {
LOG_ERR("Failed to load seccomp context"); LOG_ERR("Failed to load seccomp context");

7
sandbox.h
View File

@ -1,6 +1,7 @@
#ifndef WOJ_SANDBOX_SANDBOX_H #ifndef WOJ_SANDBOX_SANDBOX_H
#define WOJ_SANDBOX_SANDBOX_H #define WOJ_SANDBOX_SANDBOX_H
#include "launcher.h"
#include <seccomp.h> #include <seccomp.h>
#include <stdint.h> #include <stdint.h>
@ -9,9 +10,11 @@
#define SANDBOX_ACTION "SANDBOX_ACTION" #define SANDBOX_ACTION "SANDBOX_ACTION"
#define SANDBOX_EXE_PATH "SANDBOX_EXE_PATH" #define SANDBOX_EXE_PATH "SANDBOX_EXE_PATH"
void setup_seccomp(void); void setup_seccomp(char *config[CFG_IS_VALID + 1]);
void add_syscall_nr(int syscall_nr, scmp_filter_ctx ctx, uint32_t action); void add_syscall_nr(int syscall_nr, scmp_filter_ctx ctx, uint32_t action);
void add_syscall_nr_arg(int syscall_nr, scmp_filter_ctx ctx, uint32_t action, unsigned arg_cnt, ...); void add_syscall_nr_arg(int syscall_nr, scmp_filter_ctx ctx, uint32_t action, unsigned arg_cnt,
const struct scmp_arg_cmp *args);
void add_syscall_name(const char *syscall_name, scmp_filter_ctx ctx, uint32_t action); void add_syscall_name(const char *syscall_name, scmp_filter_ctx ctx, uint32_t action);
#endif // WOJ_SANDBOX_SANDBOX_H #endif // WOJ_SANDBOX_SANDBOX_H