2019-03-19 00:21:48 +08:00
|
|
|
// Copyright 2019 Google LLC. All Rights Reserved.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
// This file is an example of a computational-centric binary which is intended
|
|
|
|
// to be sandboxed by the sandbox2.
|
|
|
|
|
|
|
|
#include <syscall.h>
|
|
|
|
|
2019-03-26 22:27:53 +08:00
|
|
|
#include <cstdint>
|
2019-03-19 00:21:48 +08:00
|
|
|
#include <cstring>
|
|
|
|
|
|
|
|
#include <glog/logging.h>
|
|
|
|
#include "sandboxed_api/util/flag.h"
|
|
|
|
#include "sandboxed_api/sandbox2/client.h"
|
|
|
|
#include "sandboxed_api/sandbox2/comms.h"
|
|
|
|
#include "sandboxed_api/sandbox2/util.h"
|
|
|
|
|
|
|
|
ABSL_FLAG(bool, call_syscall_not_allowed, false,
|
|
|
|
"Call a syscall that is not allowed by policy.");
|
|
|
|
|
|
|
|
// This function is insecure (i.e. can be crashed and exploited) to demonstrate
|
|
|
|
// how sandboxing can be helpful in defending against bugs.
|
|
|
|
// We need to make sure that this function is not inlined, so that we don't
|
|
|
|
// optimize the bug away.
|
|
|
|
static uint32_t ComputeCRC4Impl(const uint8_t* ptr, uint64_t len) {
|
|
|
|
uint8_t buf[8] = {0};
|
|
|
|
|
|
|
|
memcpy(buf, ptr, len); // buffer overflow!
|
|
|
|
|
|
|
|
uint32_t crc4 = 0;
|
|
|
|
for (uint64_t i = 0; i < len; i++) {
|
|
|
|
crc4 ^= (buf[i] << (i % 4) * 8);
|
|
|
|
}
|
|
|
|
return crc4;
|
|
|
|
}
|
|
|
|
|
|
|
|
int main(int argc, char** argv) {
|
|
|
|
google::ParseCommandLineFlags(&argc, &argv, false);
|
|
|
|
|
|
|
|
// Set-up the sandbox2::Client object, using a file descriptor (1023).
|
|
|
|
sandbox2::Comms comms(sandbox2::Comms::kSandbox2ClientCommsFD);
|
|
|
|
sandbox2::Client sandbox2_client(&comms);
|
|
|
|
// Enable sandboxing from here.
|
|
|
|
sandbox2_client.SandboxMeHere();
|
|
|
|
|
|
|
|
// A syscall not allowed in policy, should cause a violation.
|
|
|
|
if (absl::GetFlag(FLAGS_call_syscall_not_allowed)) {
|
|
|
|
sandbox2::util::Syscall(__NR_sendfile, 0, 0, 0, 0, 0, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Receive data to be processed, process it, and return results.
|
|
|
|
std::vector<uint8_t> buffer;
|
|
|
|
if (!comms.RecvBytes(&buffer)) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure we don't inline the function. See the comment in
|
|
|
|
// ComputeCRC4Impl() for more details.
|
2019-03-26 22:27:53 +08:00
|
|
|
std::function<uint32_t(const uint8_t*, uint64_t)> ComputeCRC4 =
|
|
|
|
ComputeCRC4Impl;
|
2019-03-19 00:21:48 +08:00
|
|
|
|
|
|
|
uint32_t crc4 = ComputeCRC4(buffer.data(), buffer.size());
|
|
|
|
|
|
|
|
if (!comms.SendUint32(crc4)) {
|
|
|
|
return 2;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|