[clang] fd90b7c - [clang] Bypass sandbox in `ModuleDependencyCollector` (#175220)

via cfe-commits cfe-commits at lists.llvm.org
Mon Jan 12 08:12:07 PST 2026 

Author: Jan Svoboda
Date: 2026-01-12T08:12:03-08:00
New Revision: fd90b7cd1fd3f1477094efc5fc53898edc0a77db

URL: https://github.com/llvm/llvm-project/commit/fd90b7cd1fd3f1477094efc5fc53898edc0a77db
DIFF: https://github.com/llvm/llvm-project/commit/fd90b7cd1fd3f1477094efc5fc53898edc0a77db.diff

LOG: [clang] Bypass sandbox in `ModuleDependencyCollector` (#175220)

This PR disables the sandbox for file collection within
`ModuleDependencyCollector`. This is typically only invoked when the
`-module-dependency-dir` option is specified for generating a crash
report, where the sandbox is not as crucial as for regular compilation.

Added: 
    

Modified: 
    clang/lib/Frontend/ModuleDependencyCollector.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/Frontend/ModuleDependencyCollector.cpp b/clang/lib/Frontend/ModuleDependencyCollector.cpp
index ff37065885289..38415377c8b9b 100644
--- a/clang/lib/Frontend/ModuleDependencyCollector.cpp
+++ b/clang/lib/Frontend/ModuleDependencyCollector.cpp
@@ -16,6 +16,7 @@
 #include "clang/Serialization/ASTReader.h"
 #include "llvm/Config/llvm-config.h"
 #include "llvm/Support/FileSystem.h"
+#include "llvm/Support/IOSandbox.h"
 #include "llvm/Support/Path.h"
 #include "llvm/Support/raw_ostream.h"
 
@@ -161,11 +162,16 @@ std::error_code ModuleDependencyCollector::copyToRoot(StringRef Src,
   }
 
   // Copy the file into place.
-  if (std::error_code EC = fs::create_directories(path::parent_path(CacheDst),
-                                                  /*IgnoreExisting=*/true))
-    return EC;
-  if (std::error_code EC = fs::copy_file(Paths.CopyFrom, CacheDst))
-    return EC;
+  {
+    // FIXME(sandboxing): Implement this via vfs::{FileSystem,OutputBackend}.
+    auto BypassSandbox = sandbox::scopedDisable();
+
+    if (std::error_code EC = fs::create_directories(path::parent_path(CacheDst),
+                                                    /*IgnoreExisting=*/true))
+      return EC;
+    if (std::error_code EC = fs::copy_file(Paths.CopyFrom, CacheDst))
+      return EC;
+  }
 
   // Always map a canonical src path to its real path into the YAML, by doing
   // this we map 
diff erent virtual src paths to the same entry in the VFS

More information about the cfe-commits mailing list