Expose NegotiationPrologueDetector decision state#20
Merged
Conversation
2 tasks
oferchen
added a commit
that referenced
this pull request
May 22, 2026
#4716) Adds four new SEC-1 helpers in `fast_io::dir_sandbox::at_syscalls`: - `openat(dirfd, name, flags, mode) -> File` raw libc wrapper. - `openat_via_sandbox_or_fallback(...)` adaptor that takes the sandbox fast path on a single-component leaf beneath `dest_dir` and falls back to `std::fs::OpenOptions` against `link_path` with best-effort `O_*` bit translation otherwise. - `readlinkat(dirfd, name) -> PathBuf` raw libc wrapper with a growing buffer (256B -> PATH_MAX, doubling each round trip). - `readlinkat_via_sandbox_or_fallback(...)` adaptor mirroring the openat shape but falling back to `std::fs::read_link`. The helpers follow the established SEC-1 pattern: pinning the parent via the sandbox dirfd closes the TOCTOU window between path walk and the kernel reaching the inode. The `*_via_sandbox_or_fallback` adaptors keep behaviour byte-identical for callers that have not yet plumbed a `DirSandbox`, so individual call sites can be cut over one at a time. This PR adds the helpers and re-exports them through `dir_sandbox::mod` and `fast_io::lib`. It deliberately does NOT wire any caller; per-site wiring lands in follow-up PRs so each cutover gets its own diff and review. Extends the existing tests module with 10 new tests covering: - raw `openat` success and ENOENT, - `openat_via_sandbox_or_fallback` fast path, multi-component fallback, and absent-sandbox fallback, - raw `readlinkat` success and EINVAL on a non-symlink, - `readlinkat_via_sandbox_or_fallback` fast path, EINVAL, and multi-component fallback. All helpers are `#[cfg(unix)]` (the `dir_sandbox` module is itself Unix-only); Windows continues to use path-based stdlib opens per the SEC-1.l NTFS handle audit. Closes (post-wire) 16+ GAPs from the SEC-1 path-syscall coverage audit in PR #4710: #4 (readlinkat) plus the 9 direct openat sites (#9-#17) and lays foundations for #5, #20 (open + readdir-loop) and #6, #27 (recursive *at peel). Refs PR #4710.
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
NegotiationPrologueDetectorso callers can query the decided negotiation style without re-readingTesting
https://chatgpt.com/codex/tasks/task_e_68ef912a850c83239d15bedb13bcce6a