| Colin Cross | e16ce36 | 2020-11-12 08:29:30 -0800 | [diff] [blame] | 1 | // Copyright 2020 Google Inc. All Rights Reserved. |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
| 15 | syntax = "proto2"; |
| 16 | |
| 17 | package sbox; |
| 18 | option go_package = "sbox_proto"; |
| 19 | |
| 20 | // A set of commands to run in a sandbox. |
| 21 | message Manifest { |
| 22 | // A list of commands to run in the sandbox. |
| 23 | repeated Command commands = 1; |
| 24 | |
| 25 | // If set, GCC-style dependency files from any command that references __SBOX_DEPFILE__ will be |
| 26 | // merged into the given output file relative to the $PWD when sbox was started. |
| 27 | optional string output_depfile = 2; |
| 28 | } |
| 29 | |
| 30 | // SandboxManifest describes a command to run in the sandbox. |
| 31 | message Command { |
| 32 | // A list of copy rules to run before the sandboxed command. The from field is relative to the |
| 33 | // $PWD when sbox was run, the to field is relative to the top of the temporary sandbox directory. |
| 34 | repeated Copy copy_before = 1; |
| 35 | |
| 36 | // If true, change the working directory to the top of the temporary sandbox directory before |
| 37 | // running the command. If false, leave the working directory where it was when sbox was started. |
| 38 | optional bool chdir = 2; |
| 39 | |
| 40 | // The command to run. |
| 41 | required string command = 3; |
| 42 | |
| 43 | // A list of copy rules to run after the sandboxed command. The from field is relative to the |
| 44 | // top of the temporary sandbox directory, the to field is relative to the $PWD when sbox was run. |
| 45 | repeated Copy copy_after = 4; |
| 46 | |
| 47 | // An optional hash of the input files to ensure the textproto files and the sbox rule reruns |
| 48 | // when the lists of inputs changes, even if the inputs are not on the command line. |
| 49 | optional string input_hash = 5; |
| Colin Cross | e55bd42 | 2021-03-23 13:44:30 -0700 | [diff] [blame^] | 50 | |
| 51 | // A list of files that will be copied before the sandboxed command, and whose contents should be |
| 52 | // copied as if they were listed in copy_before. |
| 53 | repeated RspFile rsp_files = 6; |
| Colin Cross | e16ce36 | 2020-11-12 08:29:30 -0800 | [diff] [blame] | 54 | } |
| 55 | |
| 56 | // Copy describes a from-to pair of files to copy. The paths may be relative, the root that they |
| 57 | // are relative to is specific to the context the Copy is used in and will be different for |
| 58 | // from and to. |
| 59 | message Copy { |
| 60 | required string from = 1; |
| 61 | required string to = 2; |
| Colin Cross | 859dfd9 | 2020-11-30 20:12:47 -0800 | [diff] [blame] | 62 | |
| 63 | // If true, make the file executable after copying it. |
| 64 | optional bool executable = 3; |
| Colin Cross | e55bd42 | 2021-03-23 13:44:30 -0700 | [diff] [blame^] | 65 | } |
| 66 | |
| 67 | // RspFile describes an rspfile that should be copied into the sandbox directory. |
| 68 | message RspFile { |
| 69 | // The path to the rsp file. |
| 70 | required string file = 1; |
| 71 | |
| 72 | // A list of path mappings that should be applied to each file listed in the rsp file. |
| 73 | repeated PathMapping path_mappings = 2; |
| 74 | } |
| 75 | |
| 76 | // PathMapping describes a mapping from a path outside the sandbox to the path inside the sandbox. |
| 77 | message PathMapping { |
| 78 | required string from = 1; |
| 79 | required string to = 2; |
| 80 | } |