diff --git a/.gitignore b/.gitignore index 77610b3193..469bbd39a5 100644 --- a/.gitignore +++ b/.gitignore @@ -186,6 +186,8 @@ uptime-*.json /src/lib/libtor-geoip-testing.a /src/lib/libtor-intmath.a /src/lib/libtor-intmath-testing.a +/src/lib/libtor-llharden.a +/src/lib/libtor-llharden-testing.a /src/lib/libtor-lock.a /src/lib/libtor-lock-testing.a /src/lib/libtor-log.a diff --git a/Makefile.am b/Makefile.am index ac61a990fc..7774995aea 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,6 +70,7 @@ TOR_UTIL_LIBS = \ src/lib/libtor-wallclock.a \ src/lib/libtor-err.a \ src/lib/libtor-version.a \ + src/lib/libtor-llharden.a \ src/lib/libtor-intmath.a \ src/lib/libtor-ctime.a @@ -104,6 +105,7 @@ TOR_UTIL_TESTING_LIBS = \ src/lib/libtor-wallclock-testing.a \ src/lib/libtor-err-testing.a \ src/lib/libtor-version-testing.a \ + src/lib/libtor-llharden-testing.a \ src/lib/libtor-intmath.a \ src/lib/libtor-ctime-testing.a endif diff --git a/src/app/main/subsystem_list.c b/src/app/main/subsystem_list.c index bb15b17365..84c6e6ec0e 100644 --- a/src/app/main/subsystem_list.c +++ b/src/app/main/subsystem_list.c @@ -24,7 +24,7 @@ #include "lib/log/log_sys.h" #include "lib/net/network_sys.h" #include "lib/process/process_sys.h" -#include "lib/process/winprocess_sys.h" +#include "lib/llharden/winprocess_sys.h" #include "lib/thread/thread_sys.h" #include "lib/time/time_sys.h" #include "lib/tls/tortls_sys.h" diff --git a/src/include.am b/src/include.am index f5f868d23f..657f6e823a 100644 --- a/src/include.am +++ b/src/include.am @@ -19,6 +19,7 @@ include src/lib/fs/include.am include src/lib/geoip/include.am include src/lib/include.libdonna.am include src/lib/intmath/include.am +include src/lib/llharden/include.am include src/lib/lock/include.am include src/lib/log/include.am include src/lib/math/include.am diff --git a/src/lib/llharden/.may_include b/src/lib/llharden/.may_include new file mode 100644 index 0000000000..038237dadf --- /dev/null +++ b/src/lib/llharden/.may_include @@ -0,0 +1,3 @@ +lib/llharden/*.h +lib/subsys/*.h +orconfig.h diff --git a/src/lib/llharden/include.am b/src/lib/llharden/include.am new file mode 100644 index 0000000000..0a4788c7dc --- /dev/null +++ b/src/lib/llharden/include.am @@ -0,0 +1,19 @@ + +noinst_LIBRARIES += src/lib/libtor-llharden.a + +if UNITTESTS_ENABLED +noinst_LIBRARIES += src/lib/libtor-llharden-testing.a +endif + +# ADD_C_FILE: INSERT SOURCES HERE. +src_lib_libtor_llharden_a_SOURCES = \ + src/lib/llharden/winprocess_sys.c + +src_lib_libtor_llharden_testing_a_SOURCES = \ + $(src_lib_libtor_llharden_a_SOURCES) +src_lib_libtor_llharden_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) +src_lib_libtor_llharden_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) + +# ADD_C_FILE: INSERT HEADERS HERE. +noinst_HEADERS += \ + src/lib/llharden/winprocess_sys.h diff --git a/src/lib/llharden/lib_llharden.md b/src/lib/llharden/lib_llharden.md new file mode 100644 index 0000000000..69e9af5327 --- /dev/null +++ b/src/lib/llharden/lib_llharden.md @@ -0,0 +1,6 @@ +@dir /lib/llharden +@brief lib/llharden: low-level unconditional process hardening + +This module contains process hardening code that we want to run before any +other code, including configuration. It needs to be self-contained, since +nothing else will be initialized at this point. diff --git a/src/lib/process/winprocess_sys.c b/src/lib/llharden/winprocess_sys.c similarity index 97% rename from src/lib/process/winprocess_sys.c rename to src/lib/llharden/winprocess_sys.c index e43a77e467..a5f22c182b 100644 --- a/src/lib/process/winprocess_sys.c +++ b/src/lib/llharden/winprocess_sys.c @@ -8,7 +8,7 @@ #include "orconfig.h" #include "lib/subsys/subsys.h" -#include "lib/process/winprocess_sys.h" +#include "lib/llharden/winprocess_sys.h" #include #include diff --git a/src/lib/process/winprocess_sys.h b/src/lib/llharden/winprocess_sys.h similarity index 100% rename from src/lib/process/winprocess_sys.h rename to src/lib/llharden/winprocess_sys.h diff --git a/src/lib/process/include.am b/src/lib/process/include.am index af5f99617b..18876b3f54 100644 --- a/src/lib/process/include.am +++ b/src/lib/process/include.am @@ -16,8 +16,7 @@ src_lib_libtor_process_a_SOURCES = \ src/lib/process/process_win32.c \ src/lib/process/restrict.c \ src/lib/process/setuid.c \ - src/lib/process/waitpid.c \ - src/lib/process/winprocess_sys.c + src/lib/process/waitpid.c src_lib_libtor_process_testing_a_SOURCES = \ $(src_lib_libtor_process_a_SOURCES) @@ -35,5 +34,4 @@ noinst_HEADERS += \ src/lib/process/process_win32.h \ src/lib/process/restrict.h \ src/lib/process/setuid.h \ - src/lib/process/waitpid.h \ - src/lib/process/winprocess_sys.h + src/lib/process/waitpid.h