[clang] [clang] Bypass sandbox in `ModuleDependencyCollector` (PR #175220)

Fri, 09 Jan 2026 10:26:56 -0800 

https://github.com/jansvoboda11 created 
https://github.com/llvm/llvm-project/pull/175220

This PR disables the sandbox for file collection within 
`ModuleDependencyCollector`. This is typically only invoked when the 
`-module-dependency-dir` option is specified for generating a crash report, 
where the sandbox is not as crucial as for regular compilation.

>From 9af65e0084fbb160197385ea652f86cfd45efa24 Mon Sep 17 00:00:00 2001
From: Jan Svoboda <[email protected]>
Date: Fri, 9 Jan 2026 10:16:08 -0800
Subject: [PATCH] [clang] Bypass sandbox in `ModuleDependencyCollector`

---
 clang/lib/Frontend/ModuleDependencyCollector.cpp | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/clang/lib/Frontend/ModuleDependencyCollector.cpp 
b/clang/lib/Frontend/ModuleDependencyCollector.cpp
index ff37065885289..38415377c8b9b 100644
--- a/clang/lib/Frontend/ModuleDependencyCollector.cpp
+++ b/clang/lib/Frontend/ModuleDependencyCollector.cpp
@@ -16,6 +16,7 @@
 #include "clang/Serialization/ASTReader.h"
 #include "llvm/Config/llvm-config.h"
 #include "llvm/Support/FileSystem.h"
+#include "llvm/Support/IOSandbox.h"
 #include "llvm/Support/Path.h"
 #include "llvm/Support/raw_ostream.h"
 
@@ -161,11 +162,16 @@ std::error_code 
ModuleDependencyCollector::copyToRoot(StringRef Src,
   }
 
   // Copy the file into place.
-  if (std::error_code EC = fs::create_directories(path::parent_path(CacheDst),
-                                                  /*IgnoreExisting=*/true))
-    return EC;
-  if (std::error_code EC = fs::copy_file(Paths.CopyFrom, CacheDst))
-    return EC;
+  {
+    // FIXME(sandboxing): Implement this via vfs::{FileSystem,OutputBackend}.
+    auto BypassSandbox = sandbox::scopedDisable();
+
+    if (std::error_code EC = 
fs::create_directories(path::parent_path(CacheDst),
+                                                    /*IgnoreExisting=*/true))
+      return EC;
+    if (std::error_code EC = fs::copy_file(Paths.CopyFrom, CacheDst))
+      return EC;
+  }
 
   // Always map a canonical src path to its real path into the YAML, by doing
   // this we map different virtual src paths to the same entry in the VFS

_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to