Fix #45 - Enable sandbox by default -g to setup the granularity

trufae · web-flow · commit 482cde650000 · 2026-03-24T07:51:00.000+01:00
diff --git a/src/main.c b/src/main.c
@@ -38,6 +38,7 @@ void r2mcp_help(void) {
 		" -d [pdc]   select a different decompiler (pdc by default)\n"
 		" -D [tool]  disable the specified tool (repeatable)\n"
 		" -e [tool]  enable only the specified tool (repeatable)\n"
+		" -g [grain] set cfg.sandbox.grain (default: exec,socket; use all to disable sandbox)\n"
 		" -h         show this help\n"
 		" -i         ignore analysis level specified in analyze calls\n"
 		" -l [file]  append debug logs to this file\n"
@@ -82,6 +83,7 @@ int r2mcp_main(int argc, const char **argv) {
 	char *baseurl = NULL;
 	char *svc_baseurl = NULL;
 	char *sandbox = NULL;
+	char *sandbox_grain = strdup ("exec,socket");
 	char *logfile = NULL;
 	char *prompts_dir = NULL;
 	bool load_prompts = true;
@@ -90,7 +92,7 @@ int r2mcp_main(int argc, const char **argv) {
 	const char *dsl_tests = NULL;
 	RList *disabled_tools = NULL;
 	RGetopt opt;
-	r_getopt_init (&opt, argc, argv, "hmvpd:nc:u:l:s:rite:D:RT:S:P:NL");
+	r_getopt_init (&opt, argc, argv, "hmvpd:nc:u:g:l:s:rite:D:RT:S:P:NL");
 	int c;
 	while ((c = r_getopt_next (&opt)) != -1) {
 		switch (c) {
@@ -111,6 +113,10 @@ int r2mcp_main(int argc, const char **argv) {
 			baseurl = strdup (opt.arg);
 			R_LOG_INFO ("[R2MCP] HTTP r2pipe client mode enabled, baseurl=%s", baseurl);
 			break;
+		case 'g':
+			free (sandbox_grain);
+			sandbox_grain = strdup (opt.arg);
+			break;
 		case 'l':
 			logfile = strdup (opt.arg);
 			break;
@@ -205,6 +211,7 @@ int r2mcp_main(int argc, const char **argv) {
 		.baseurl = baseurl,
 		.svc_baseurl = svc_baseurl,
 		.sandbox = sandbox,
+		.sandbox_grain = sandbox_grain,
 		.logfile = logfile,
 		.prompts_dir = prompts_dir,
 		.load_prompts = load_prompts,
@@ -269,6 +276,7 @@ int r2mcp_main(int argc, const char **argv) {
 		free (ss.baseurl);
 		free (ss.svc_baseurl);
 		free (ss.sandbox);
+		free (ss.sandbox_grain);
 		free (ss.logfile);
 		free (ss.prompts_dir);
 		if (ss.enabled_tools) {
@@ -294,6 +302,7 @@ int r2mcp_main(int argc, const char **argv) {
 	/* Cleanup */
 	free (ss.baseurl);
 	free (ss.sandbox);
+	free (ss.sandbox_grain);
 	free (ss.logfile);
 	free (ss.prompts_dir);
 	if (ss.enabled_tools) {
diff --git a/src/r2api.inc.c b/src/r2api.inc.c
@@ -21,6 +21,16 @@ static void r2state_settings(RCore *core) {
 	r_config_set_i (core->config, "scr.limit", 16768);
 }
 
+static void r2state_sandbox_settings(ServerState *ss, RCore *core) {
+	const char *sandbox_grain = (ss && ss->sandbox_grain)? ss->sandbox_grain: "exec,socket";
+	if (!strcmp (sandbox_grain, "all")) {
+		r_config_set_b (core->config, "cfg.sandbox", false);
+	} else {
+		r_config_set_b (core->config, "cfg.sandbox", true);
+		r_config_set (core->config, "cfg.sandbox.grain", sandbox_grain);
+	}
+}
+
 static bool logcb(void *user, int type, const char *origin, const char *msg) {
 	if (type > R_LOG_LEVEL_WARN) {
 		return false;
@@ -191,6 +201,7 @@ R_IPI bool r2_open_file(ServerState *ss, const char *filepath) {
 		R_LOG_ERROR ("Failed to initialize r2 core\n");
 		return false;
 	}
+	r_config_set_b (core->config, "cfg.sandbox", false);
 
 	if (ss->rstate.file_opened) {
 		R_LOG_INFO ("Closing previously opened file: %s", ss->rstate.current_file);
@@ -230,6 +241,7 @@ R_IPI bool r2_open_file(ServerState *ss, const char *filepath) {
 	free (ss->rstate.current_file);
 	ss->rstate.current_file = strdup (filepath);
 	ss->rstate.file_opened = true;
+	r2state_sandbox_settings (ss, core);
 	R_LOG_INFO ("File opened successfully: %s", filepath);
 
 	return true;
diff --git a/src/r2mcp.h b/src/r2mcp.h
@@ -52,6 +52,8 @@ typedef struct {
 	char *svc_baseurl;
 	/* Optional sandbox path. When set, only allow opening files under this dir */
 	char *sandbox;
+	/* Optional radare2 sandbox grain mask; "all" disables cfg.sandbox */
+	char *sandbox_grain;
 	/* Optional path to append debug logs when set via -l */
 	char *logfile;
 	/* Optional custom prompts directory path */
