2020-01-17 21:05:03 +08:00
|
|
|
# Copyright 2019 Google LLC
|
2019-03-19 00:21:48 +08:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
2022-01-28 17:38:27 +08:00
|
|
|
# https://www.apache.org/licenses/LICENSE-2.0
|
2019-03-19 00:21:48 +08:00
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
# Description: sandbox2 is a C++ sandbox technology for Linux.
|
|
|
|
|
2019-11-20 01:01:59 +08:00
|
|
|
load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
|
|
|
|
load("//sandboxed_api/bazel:embed_data.bzl", "sapi_cc_embed_data")
|
|
|
|
load("//sandboxed_api/bazel:proto.bzl", "sapi_proto_library")
|
|
|
|
|
2023-06-07 17:22:31 +08:00
|
|
|
package(default_visibility = ["//sandboxed_api:__subpackages__"])
|
2019-03-19 00:21:48 +08:00
|
|
|
|
2022-02-03 23:09:37 +08:00
|
|
|
licenses(["notice"])
|
2019-03-19 00:21:48 +08:00
|
|
|
|
2023-03-01 21:35:51 +08:00
|
|
|
cc_library(
|
|
|
|
name = "allow_all_syscalls",
|
|
|
|
hdrs = ["allow_all_syscalls.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = [
|
|
|
|
"//sandboxed_api/sandbox2:__pkg__",
|
|
|
|
"//sandboxed_api/sandbox2/examples/tool:__pkg__",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "testonly_allow_all_syscalls",
|
|
|
|
testonly = True,
|
|
|
|
hdrs = ["allow_all_syscalls.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
)
|
|
|
|
|
2024-02-03 05:00:50 +08:00
|
|
|
cc_library(
|
|
|
|
name = "trace_all_syscalls",
|
|
|
|
hdrs = ["trace_all_syscalls.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = [
|
|
|
|
"//sandboxed_api/sandbox2:__pkg__",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "testonly_trace_all_syscalls",
|
|
|
|
testonly = True,
|
|
|
|
hdrs = ["trace_all_syscalls.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
)
|
|
|
|
|
2023-05-04 14:29:00 +08:00
|
|
|
cc_library(
|
|
|
|
name = "allow_unrestricted_networking",
|
2023-06-07 17:22:31 +08:00
|
|
|
hdrs = ["allow_unrestricted_networking.h"],
|
2023-05-04 14:29:00 +08:00
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = [
|
|
|
|
"//sandboxed_api/sandbox2:__pkg__",
|
|
|
|
"//sandboxed_api/sandbox2/examples/tool:__pkg__",
|
|
|
|
"//sandboxed_api/sandbox2/performance:__pkg__",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "testonly_allow_unrestricted_networking",
|
|
|
|
testonly = True,
|
|
|
|
hdrs = ["allow_unrestricted_networking.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
)
|
|
|
|
|
2019-03-19 00:21:48 +08:00
|
|
|
cc_library(
|
|
|
|
name = "bpfdisassembler",
|
|
|
|
srcs = ["bpfdisassembler.cc"],
|
|
|
|
hdrs = ["bpfdisassembler.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2021-04-21 20:32:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_absl//absl/types:span",
|
|
|
|
],
|
2019-03-19 00:21:48 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "regs",
|
|
|
|
srcs = ["regs.cc"],
|
|
|
|
hdrs = ["regs.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":syscall",
|
2019-09-25 22:13:33 +08:00
|
|
|
":violation_cc_proto",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2020-02-28 01:23:44 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2022-01-07 21:25:42 +08:00
|
|
|
cc_test(
|
|
|
|
name = "regs_test",
|
|
|
|
srcs = ["regs_test.cc"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
tags = ["no_qemu_user_mode"],
|
|
|
|
deps = [
|
|
|
|
":regs",
|
|
|
|
":sanitizer",
|
2023-08-25 21:49:42 +08:00
|
|
|
":syscall",
|
2022-01-07 21:25:42 +08:00
|
|
|
":util",
|
2023-08-25 21:49:42 +08:00
|
|
|
"//sandboxed_api:config",
|
2022-01-07 21:25:42 +08:00
|
|
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
|
|
|
"//sandboxed_api/util:status_matchers",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log:check",
|
2022-01-07 21:25:42 +08:00
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2019-03-19 00:21:48 +08:00
|
|
|
cc_library(
|
|
|
|
name = "syscall",
|
|
|
|
srcs = [
|
|
|
|
"syscall.cc",
|
|
|
|
"syscall_defs.cc",
|
2024-01-20 08:27:34 +08:00
|
|
|
],
|
|
|
|
hdrs = [
|
|
|
|
"syscall.h",
|
2019-03-19 00:21:48 +08:00
|
|
|
"syscall_defs.h",
|
|
|
|
],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
":util",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
2020-11-25 22:15:06 +08:00
|
|
|
"@com_google_absl//absl/algorithm:container",
|
2024-01-20 08:27:34 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_absl//absl/strings:str_format",
|
|
|
|
"@com_google_absl//absl/types:span",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "syscall_test",
|
|
|
|
srcs = ["syscall_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = ["no_qemu_user_mode"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":syscall",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "result",
|
|
|
|
srcs = ["result.cc"],
|
|
|
|
hdrs = ["result.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":regs",
|
|
|
|
":syscall",
|
|
|
|
":util",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
2020-02-28 01:23:44 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
sapi_proto_library(
|
|
|
|
name = "logserver_proto",
|
|
|
|
srcs = ["logserver.proto"],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "logserver",
|
|
|
|
srcs = ["logserver.cc"],
|
|
|
|
hdrs = ["logserver.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":comms",
|
2019-09-25 22:13:33 +08:00
|
|
|
":logserver_cc_proto",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/base:log_severity",
|
|
|
|
"@com_google_absl//absl/log",
|
2019-03-19 00:21:48 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "logsink",
|
|
|
|
srcs = ["logsink.cc"],
|
|
|
|
hdrs = ["logsink.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
":comms",
|
2019-09-25 22:13:33 +08:00
|
|
|
":logserver_cc_proto",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/base:log_severity",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log:log_entry",
|
|
|
|
"@com_google_absl//absl/log:log_sink",
|
|
|
|
"@com_google_absl//absl/log:log_sink_registry",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/strings:str_format",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/synchronization",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "ipc",
|
|
|
|
srcs = ["ipc.cc"],
|
|
|
|
hdrs = ["ipc.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":comms",
|
|
|
|
":logserver",
|
|
|
|
":logsink",
|
2022-10-20 21:48:06 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "policy",
|
|
|
|
srcs = ["policy.cc"],
|
|
|
|
hdrs = ["policy.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":bpfdisassembler",
|
|
|
|
":comms",
|
|
|
|
":namespace",
|
|
|
|
":syscall",
|
2019-09-25 22:13:33 +08:00
|
|
|
":violation_cc_proto",
|
2021-05-20 23:16:45 +08:00
|
|
|
"//sandboxed_api:config",
|
2020-02-20 23:45:22 +08:00
|
|
|
"//sandboxed_api/sandbox2/network_proxy:filtering",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
2022-10-20 21:48:06 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
|
|
|
"@com_google_absl//absl/flags:flag",
|
|
|
|
"@com_google_absl//absl/log",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/strings:string_view",
|
2019-03-19 00:21:48 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "notify",
|
|
|
|
srcs = [],
|
|
|
|
hdrs = ["notify.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":comms",
|
|
|
|
":result",
|
|
|
|
":syscall",
|
2022-01-13 22:48:44 +08:00
|
|
|
":util",
|
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log",
|
2019-03-19 00:21:48 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "limits",
|
|
|
|
hdrs = ["limits.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
"@com_google_absl//absl/base:core_headers",
|
|
|
|
"@com_google_absl//absl/time",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2019-04-09 18:44:34 +08:00
|
|
|
cc_binary(
|
|
|
|
name = "forkserver_bin",
|
|
|
|
srcs = ["forkserver_bin.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2022-08-26 00:53:52 +08:00
|
|
|
stamp = 0,
|
2019-04-09 18:44:34 +08:00
|
|
|
deps = [
|
2023-08-18 04:32:10 +08:00
|
|
|
":client",
|
2019-04-09 18:44:34 +08:00
|
|
|
":comms",
|
|
|
|
":forkserver",
|
2020-04-08 04:26:15 +08:00
|
|
|
":sanitizer",
|
2023-08-18 04:32:10 +08:00
|
|
|
"//sandboxed_api/sandbox2/unwind",
|
2019-04-09 18:44:34 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/base:log_severity",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log:globals",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2019-04-09 18:44:34 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
sapi_cc_embed_data(
|
|
|
|
name = "forkserver_bin_embed",
|
|
|
|
srcs = [":forkserver_bin.stripped"],
|
|
|
|
)
|
|
|
|
|
2019-03-19 00:21:48 +08:00
|
|
|
cc_library(
|
|
|
|
name = "global_forkserver",
|
|
|
|
srcs = ["global_forkclient.cc"],
|
|
|
|
hdrs = ["global_forkclient.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2020-11-06 00:47:34 +08:00
|
|
|
visibility = ["//visibility:public"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":comms",
|
2020-07-17 19:54:20 +08:00
|
|
|
":fork_client",
|
2019-04-09 18:44:34 +08:00
|
|
|
":forkserver_bin_embed",
|
2020-11-06 00:47:34 +08:00
|
|
|
":forkserver_cc_proto",
|
2023-03-28 20:50:06 +08:00
|
|
|
":util",
|
2022-03-03 00:11:37 +08:00
|
|
|
"//sandboxed_api:config",
|
2019-04-09 18:44:34 +08:00
|
|
|
"//sandboxed_api:embed_file",
|
2022-03-03 00:11:37 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2021-08-10 15:33:04 +08:00
|
|
|
"//sandboxed_api/util:status",
|
2020-12-02 19:05:06 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2023-01-03 21:36:02 +08:00
|
|
|
"@com_google_absl//absl/cleanup",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/flags:flag",
|
|
|
|
"@com_google_absl//absl/log",
|
2022-03-03 00:11:37 +08:00
|
|
|
"@com_google_absl//absl/status",
|
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2020-12-02 19:05:06 +08:00
|
|
|
"@com_google_absl//absl/synchronization",
|
2020-11-06 00:47:34 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
# Use only if Sandbox2 global forkserver has to be started very early on.
|
|
|
|
# By default the forkserver is started on demand.
|
|
|
|
cc_library(
|
|
|
|
name = "start_global_forkserver_lib_constructor",
|
|
|
|
srcs = ["global_forkclient_lib_ctor.cc"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
2020-12-10 18:49:25 +08:00
|
|
|
":fork_client",
|
2020-11-06 00:47:34 +08:00
|
|
|
":global_forkserver",
|
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2019-03-19 00:21:48 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2019-07-09 16:53:31 +08:00
|
|
|
cc_library(
|
|
|
|
name = "executor",
|
|
|
|
srcs = ["executor.cc"],
|
|
|
|
hdrs = ["executor.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
deps = [
|
2020-07-17 19:54:20 +08:00
|
|
|
":fork_client",
|
2019-09-25 22:13:33 +08:00
|
|
|
":forkserver_cc_proto",
|
2019-07-09 16:53:31 +08:00
|
|
|
":global_forkserver",
|
|
|
|
":ipc",
|
|
|
|
":limits",
|
|
|
|
":namespace",
|
|
|
|
":util",
|
2022-03-08 00:43:03 +08:00
|
|
|
"//sandboxed_api:config",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
2022-10-20 21:48:06 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2019-07-09 16:53:31 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log",
|
|
|
|
"@com_google_absl//absl/log:check",
|
2022-04-21 21:15:07 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-07-09 16:53:31 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2021-01-28 18:20:13 +08:00
|
|
|
"@com_google_absl//absl/types:span",
|
2019-07-09 16:53:31 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2019-03-19 00:21:48 +08:00
|
|
|
# Should not be used in sandboxee code if it only uses sandbox2::Comms and
|
|
|
|
# sandbox2::Client objects
|
|
|
|
cc_library(
|
|
|
|
name = "sandbox2",
|
|
|
|
srcs = [
|
|
|
|
"sandbox2.cc",
|
|
|
|
],
|
|
|
|
hdrs = [
|
2019-07-09 16:53:31 +08:00
|
|
|
"client.h",
|
2019-03-19 00:21:48 +08:00
|
|
|
"executor.h",
|
|
|
|
"ipc.h",
|
|
|
|
"limits.h",
|
|
|
|
"notify.h",
|
|
|
|
"policy.h",
|
2019-07-09 16:53:31 +08:00
|
|
|
"policybuilder.h",
|
2019-03-19 00:21:48 +08:00
|
|
|
"result.h",
|
2019-07-09 16:53:31 +08:00
|
|
|
"sandbox2.h",
|
2019-03-19 00:21:48 +08:00
|
|
|
"syscall.h",
|
|
|
|
],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
":client",
|
|
|
|
":comms",
|
2020-07-17 18:20:18 +08:00
|
|
|
":executor",
|
2020-07-17 19:54:20 +08:00
|
|
|
":fork_client",
|
2023-03-09 00:08:35 +08:00
|
|
|
":forkserver_cc_proto",
|
2019-03-19 00:21:48 +08:00
|
|
|
":ipc",
|
|
|
|
":limits",
|
|
|
|
":logsink",
|
2023-01-30 21:08:42 +08:00
|
|
|
":monitor_base",
|
2023-02-16 21:06:50 +08:00
|
|
|
":monitor_ptrace",
|
2023-03-09 00:08:35 +08:00
|
|
|
":monitor_unotify",
|
2019-03-19 00:21:48 +08:00
|
|
|
":mounts",
|
|
|
|
":namespace",
|
|
|
|
":notify",
|
|
|
|
":policy",
|
2023-01-27 17:24:14 +08:00
|
|
|
":policybuilder",
|
2019-03-19 00:21:48 +08:00
|
|
|
":regs",
|
|
|
|
":result",
|
2023-02-16 21:06:50 +08:00
|
|
|
":stack_trace",
|
2019-03-19 00:21:48 +08:00
|
|
|
":syscall",
|
|
|
|
":util",
|
2020-07-17 18:20:18 +08:00
|
|
|
":violation_cc_proto",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
2020-02-20 23:45:22 +08:00
|
|
|
"//sandboxed_api/sandbox2/network_proxy:client",
|
|
|
|
"//sandboxed_api/sandbox2/network_proxy:filtering",
|
2023-02-16 21:06:50 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
|
|
|
"@com_google_absl//absl/base",
|
|
|
|
"@com_google_absl//absl/base:core_headers",
|
|
|
|
"@com_google_absl//absl/container:flat_hash_map",
|
|
|
|
"@com_google_absl//absl/container:flat_hash_set",
|
|
|
|
"@com_google_absl//absl/log",
|
|
|
|
"@com_google_absl//absl/log:check",
|
|
|
|
"@com_google_absl//absl/status",
|
|
|
|
"@com_google_absl//absl/status:statusor",
|
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_absl//absl/time",
|
|
|
|
"@com_google_absl//absl/types:optional",
|
|
|
|
"@com_google_absl//absl/types:span",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "stack_trace",
|
|
|
|
srcs = ["stack_trace.cc"],
|
|
|
|
hdrs = ["stack_trace.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
deps = [
|
|
|
|
":comms",
|
|
|
|
":executor",
|
|
|
|
":limits",
|
2023-08-31 19:05:12 +08:00
|
|
|
":mounts",
|
2023-02-16 21:06:50 +08:00
|
|
|
":namespace",
|
|
|
|
":policy",
|
|
|
|
":policybuilder",
|
|
|
|
":regs",
|
|
|
|
":result",
|
|
|
|
"//sandboxed_api:config",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/sandbox2/unwind",
|
2019-09-25 22:13:33 +08:00
|
|
|
"//sandboxed_api/sandbox2/unwind:unwind_cc_proto",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:file_base",
|
|
|
|
"//sandboxed_api/util:fileops",
|
2022-10-20 21:48:06 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status",
|
2021-05-10 22:03:15 +08:00
|
|
|
"@com_google_absl//absl/cleanup",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/flags:flag",
|
|
|
|
"@com_google_absl//absl/log",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/log:check",
|
2020-07-17 18:20:18 +08:00
|
|
|
"@com_google_absl//absl/memory",
|
|
|
|
"@com_google_absl//absl/status",
|
2020-09-02 23:46:48 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2020-07-17 18:20:18 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/time",
|
2023-02-16 21:06:50 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "monitor_ptrace",
|
|
|
|
srcs = ["monitor_ptrace.cc"],
|
|
|
|
hdrs = ["monitor_ptrace.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
deps = [
|
|
|
|
":client",
|
|
|
|
":comms",
|
|
|
|
":executor",
|
|
|
|
":monitor_base",
|
|
|
|
":notify",
|
|
|
|
":policy",
|
|
|
|
":regs",
|
|
|
|
":result",
|
|
|
|
":sanitizer",
|
|
|
|
":syscall",
|
|
|
|
":util",
|
|
|
|
"//sandboxed_api:config",
|
|
|
|
"//sandboxed_api/util:raw_logging",
|
|
|
|
"//sandboxed_api/util:status",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2023-02-16 21:06:50 +08:00
|
|
|
"@com_google_absl//absl/cleanup",
|
|
|
|
"@com_google_absl//absl/container:flat_hash_map",
|
|
|
|
"@com_google_absl//absl/container:flat_hash_set",
|
|
|
|
"@com_google_absl//absl/flags:flag",
|
2023-08-07 15:27:17 +08:00
|
|
|
"@com_google_absl//absl/log",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/log:check",
|
2023-02-16 21:06:50 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2023-02-16 21:06:50 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/strings:str_format",
|
2020-07-17 18:20:18 +08:00
|
|
|
"@com_google_absl//absl/synchronization",
|
|
|
|
"@com_google_absl//absl/time",
|
2019-03-19 00:21:48 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2023-03-09 00:08:35 +08:00
|
|
|
cc_library(
|
|
|
|
name = "monitor_unotify",
|
|
|
|
srcs = ["monitor_unotify.cc"],
|
|
|
|
hdrs = ["monitor_unotify.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
deps = [
|
|
|
|
":client",
|
|
|
|
":executor",
|
|
|
|
":forkserver_cc_proto",
|
|
|
|
":monitor_base",
|
|
|
|
":notify",
|
|
|
|
":policy",
|
2023-08-30 17:55:35 +08:00
|
|
|
":result",
|
|
|
|
"//sandboxed_api:config",
|
2023-03-09 00:08:35 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
|
|
|
"//sandboxed_api/util:raw_logging",
|
2023-08-30 17:55:35 +08:00
|
|
|
"//sandboxed_api/util:status",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2023-03-09 00:08:35 +08:00
|
|
|
"@com_google_absl//absl/cleanup",
|
|
|
|
"@com_google_absl//absl/log",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/log:check",
|
2023-03-09 00:08:35 +08:00
|
|
|
"@com_google_absl//absl/status",
|
|
|
|
"@com_google_absl//absl/status:statusor",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2023-03-09 00:08:35 +08:00
|
|
|
"@com_google_absl//absl/synchronization",
|
|
|
|
"@com_google_absl//absl/time",
|
2023-08-30 17:55:35 +08:00
|
|
|
"@com_google_absl//absl/types:span",
|
2023-03-09 00:08:35 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2023-01-30 21:08:42 +08:00
|
|
|
cc_library(
|
|
|
|
name = "monitor_base",
|
|
|
|
srcs = ["monitor_base.cc"],
|
|
|
|
hdrs = ["monitor_base.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
deps = [
|
|
|
|
":client",
|
|
|
|
":comms",
|
|
|
|
":executor",
|
2023-02-07 18:22:02 +08:00
|
|
|
":fork_client",
|
2023-03-09 00:08:35 +08:00
|
|
|
":forkserver_cc_proto",
|
2023-01-30 21:08:42 +08:00
|
|
|
":ipc",
|
|
|
|
":limits",
|
|
|
|
":mounts",
|
|
|
|
":namespace",
|
|
|
|
":notify",
|
|
|
|
":policy",
|
2023-02-16 21:06:50 +08:00
|
|
|
":regs",
|
2023-01-30 21:08:42 +08:00
|
|
|
":result",
|
2023-02-16 21:06:50 +08:00
|
|
|
":stack_trace",
|
2023-01-30 21:08:42 +08:00
|
|
|
":syscall",
|
|
|
|
":util",
|
2023-12-13 19:33:36 +08:00
|
|
|
"//sandboxed_api/sandbox2/network_proxy:client",
|
2023-01-30 21:08:42 +08:00
|
|
|
"//sandboxed_api/sandbox2/network_proxy:server",
|
|
|
|
"//sandboxed_api/util:file_helpers",
|
|
|
|
"//sandboxed_api/util:raw_logging",
|
|
|
|
"//sandboxed_api/util:strerror",
|
|
|
|
"//sandboxed_api/util:temp_file",
|
2023-02-16 21:06:50 +08:00
|
|
|
"@com_google_absl//absl/base",
|
2023-01-30 21:08:42 +08:00
|
|
|
"@com_google_absl//absl/cleanup",
|
|
|
|
"@com_google_absl//absl/flags:flag",
|
|
|
|
"@com_google_absl//absl/log",
|
|
|
|
"@com_google_absl//absl/log:check",
|
|
|
|
"@com_google_absl//absl/memory",
|
|
|
|
"@com_google_absl//absl/status",
|
|
|
|
"@com_google_absl//absl/status:statusor",
|
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_absl//absl/synchronization",
|
|
|
|
"@com_google_absl//absl/time",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2023-01-27 17:24:14 +08:00
|
|
|
cc_library(
|
|
|
|
name = "policybuilder",
|
|
|
|
srcs = ["policybuilder.cc"],
|
|
|
|
hdrs = ["policybuilder.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
deps = [
|
2023-03-01 21:35:51 +08:00
|
|
|
":allow_all_syscalls",
|
2023-05-04 14:29:00 +08:00
|
|
|
":allow_unrestricted_networking",
|
2023-01-27 17:24:14 +08:00
|
|
|
":mounts",
|
|
|
|
":namespace",
|
|
|
|
":policy",
|
2023-08-24 21:23:03 +08:00
|
|
|
":syscall",
|
2024-02-03 05:00:50 +08:00
|
|
|
":trace_all_syscalls",
|
2023-08-09 21:43:50 +08:00
|
|
|
":violation_cc_proto",
|
2023-01-27 17:24:14 +08:00
|
|
|
"//sandboxed_api:config",
|
|
|
|
"//sandboxed_api/sandbox2/network_proxy:filtering",
|
|
|
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
|
|
|
"//sandboxed_api/util:file_base",
|
|
|
|
"//sandboxed_api/util:status",
|
|
|
|
"@com_google_absl//absl/base:core_headers",
|
|
|
|
"@com_google_absl//absl/container:flat_hash_set",
|
|
|
|
"@com_google_absl//absl/log",
|
|
|
|
"@com_google_absl//absl/log:check",
|
|
|
|
"@com_google_absl//absl/memory",
|
|
|
|
"@com_google_absl//absl/status",
|
|
|
|
"@com_google_absl//absl/status:statusor",
|
|
|
|
"@com_google_absl//absl/strings",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/types:optional",
|
2023-01-27 17:24:14 +08:00
|
|
|
"@com_google_absl//absl/types:span",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2019-03-19 00:21:48 +08:00
|
|
|
# Should be used in sandboxee code instead of :sandbox2 if it uses just
|
|
|
|
# sandbox2::Client::SandboxMeHere() and sandbox2::Comms
|
|
|
|
cc_library(
|
|
|
|
name = "client",
|
2020-03-26 16:58:42 +08:00
|
|
|
srcs = ["client.cc"],
|
2020-04-08 04:26:15 +08:00
|
|
|
hdrs = ["client.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
":comms",
|
|
|
|
":logsink",
|
2023-03-09 00:08:35 +08:00
|
|
|
":policy",
|
2020-03-26 16:58:42 +08:00
|
|
|
":sanitizer",
|
2023-03-09 00:08:35 +08:00
|
|
|
":syscall",
|
2020-02-20 23:45:22 +08:00
|
|
|
"//sandboxed_api/sandbox2/network_proxy:client",
|
2023-03-09 00:08:35 +08:00
|
|
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2020-11-05 17:48:46 +08:00
|
|
|
"@com_google_absl//absl/container:flat_hash_map",
|
2023-08-24 00:03:05 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2020-03-25 00:54:21 +08:00
|
|
|
cc_library(
|
|
|
|
name = "sanitizer",
|
|
|
|
srcs = ["sanitizer.cc"],
|
|
|
|
hdrs = ["sanitizer.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
2021-04-17 03:42:41 +08:00
|
|
|
":util",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
2020-03-25 00:54:21 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2021-09-06 16:00:42 +08:00
|
|
|
"//sandboxed_api/util:status",
|
|
|
|
"@com_google_absl//absl/container:flat_hash_set",
|
2021-09-10 18:34:21 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2021-09-06 16:00:42 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2020-03-25 00:54:21 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2019-03-19 00:21:48 +08:00
|
|
|
cc_library(
|
|
|
|
name = "forkserver",
|
|
|
|
srcs = ["forkserver.cc"],
|
|
|
|
hdrs = ["forkserver.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":client",
|
|
|
|
":comms",
|
2020-07-17 19:54:20 +08:00
|
|
|
":fork_client",
|
2019-09-25 22:13:33 +08:00
|
|
|
":forkserver_cc_proto",
|
2019-03-19 00:21:48 +08:00
|
|
|
":namespace",
|
|
|
|
":policy",
|
2020-04-08 04:26:15 +08:00
|
|
|
":sanitizer",
|
2019-03-19 00:21:48 +08:00
|
|
|
":syscall",
|
|
|
|
":util",
|
|
|
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:strerror",
|
2023-03-22 19:06:25 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2021-07-14 16:32:57 +08:00
|
|
|
"@com_google_absl//absl/container:flat_hash_map",
|
2021-09-06 16:00:42 +08:00
|
|
|
"@com_google_absl//absl/container:flat_hash_set",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log",
|
2020-02-28 01:23:44 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2020-09-02 23:46:48 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@org_kernel_libcap//:libcap",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2020-07-17 19:54:20 +08:00
|
|
|
cc_library(
|
|
|
|
name = "fork_client",
|
|
|
|
srcs = ["fork_client.cc"],
|
|
|
|
hdrs = ["fork_client.h"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
":comms",
|
|
|
|
":forkserver_cc_proto",
|
2023-03-09 00:08:35 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
2020-07-17 19:54:20 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log",
|
|
|
|
"@com_google_absl//absl/log:check",
|
2020-07-17 19:54:20 +08:00
|
|
|
"@com_google_absl//absl/synchronization",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2019-03-19 00:21:48 +08:00
|
|
|
cc_library(
|
|
|
|
name = "mounts",
|
|
|
|
srcs = ["mounts.cc"],
|
|
|
|
hdrs = ["mounts.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
2022-03-14 20:14:41 +08:00
|
|
|
":mount_tree_cc_proto",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/sandbox2/util:minielf",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:file_base",
|
|
|
|
"//sandboxed_api/util:fileops",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
|
|
|
"//sandboxed_api/util:status",
|
|
|
|
"@com_google_absl//absl/container:flat_hash_set",
|
2020-02-28 01:23:44 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2020-09-02 23:46:48 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "mounts_test",
|
|
|
|
srcs = ["mounts_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-04-24 01:45:50 +08:00
|
|
|
data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":mounts",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:testing",
|
|
|
|
"//sandboxed_api/util:file_base",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:temp_file",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "namespace",
|
|
|
|
srcs = ["namespace.cc"],
|
|
|
|
hdrs = ["namespace.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":mounts",
|
2019-09-25 22:13:33 +08:00
|
|
|
":violation_cc_proto",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:file_base",
|
|
|
|
"//sandboxed_api/util:fileops",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "namespace_test",
|
|
|
|
srcs = ["namespace_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2023-09-14 17:08:31 +08:00
|
|
|
data = [
|
|
|
|
"//sandboxed_api/sandbox2/testcases:namespace",
|
|
|
|
],
|
2023-03-06 16:27:06 +08:00
|
|
|
tags = [
|
|
|
|
"requires-net:external",
|
2019-03-19 00:21:48 +08:00
|
|
|
],
|
|
|
|
deps = [
|
|
|
|
":namespace",
|
|
|
|
":sandbox2",
|
2023-03-01 21:35:51 +08:00
|
|
|
":testonly_allow_all_syscalls",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
|
|
|
"//sandboxed_api:testing",
|
|
|
|
"//sandboxed_api/util:fileops",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:temp_file",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/log:check",
|
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "forkingclient",
|
|
|
|
srcs = ["forkingclient.cc"],
|
|
|
|
hdrs = ["forkingclient.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
":client",
|
|
|
|
":comms",
|
|
|
|
":forkserver",
|
2020-04-08 04:26:15 +08:00
|
|
|
":sanitizer",
|
2023-03-29 17:21:31 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/log",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log:check",
|
2019-03-19 00:21:48 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "util",
|
|
|
|
srcs = ["util.cc"],
|
|
|
|
hdrs = ["util.h"],
|
|
|
|
# The default is 16384, however we need to do a clone with a
|
|
|
|
# stack-allocated buffer -- and PTHREAD_STACK_MIN also happens to be 16384.
|
|
|
|
# Thus the slight increase.
|
2019-08-27 20:36:07 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
|
|
|
"//sandboxed_api/util:file_base",
|
2021-04-17 03:42:41 +08:00
|
|
|
"//sandboxed_api/util:file_helpers",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2021-07-27 19:09:37 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2020-09-02 23:46:48 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_absl//absl/strings:str_format",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "buffer",
|
|
|
|
srcs = ["buffer.cc"],
|
|
|
|
hdrs = ["buffer.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
":util",
|
2022-10-25 21:20:08 +08:00
|
|
|
"@com_google_absl//absl/memory",
|
2021-07-27 19:09:37 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2020-09-02 23:46:48 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "buffer_test",
|
|
|
|
srcs = ["buffer_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
data = ["//sandboxed_api/sandbox2/testcases:buffer"],
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = ["no_qemu_user_mode"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":buffer",
|
|
|
|
":sandbox2",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:testing",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
sapi_proto_library(
|
|
|
|
name = "forkserver_proto",
|
|
|
|
srcs = ["forkserver.proto"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2022-03-14 20:14:41 +08:00
|
|
|
deps = [":mount_tree_proto"],
|
2019-03-19 00:21:48 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
sapi_proto_library(
|
2022-03-14 20:14:41 +08:00
|
|
|
name = "mount_tree_proto",
|
|
|
|
srcs = ["mount_tree.proto"],
|
2019-03-19 00:21:48 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "comms",
|
|
|
|
srcs = ["comms.cc"],
|
|
|
|
hdrs = ["comms.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
deps = [
|
|
|
|
":util",
|
2023-09-19 20:13:40 +08:00
|
|
|
"//sandboxed_api/util:fileops",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
|
|
|
"//sandboxed_api/util:status",
|
2021-01-22 22:01:05 +08:00
|
|
|
"//sandboxed_api/util:status_cc_proto",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/base:core_headers",
|
2021-02-01 23:10:43 +08:00
|
|
|
"@com_google_absl//absl/base:dynamic_annotations",
|
2022-10-25 20:50:16 +08:00
|
|
|
"@com_google_absl//absl/log:die_if_null",
|
2020-02-28 01:23:44 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2020-09-02 23:46:48 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_absl//absl/strings:str_format",
|
|
|
|
"@com_google_protobuf//:protobuf",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
sapi_proto_library(
|
|
|
|
name = "comms_test_proto",
|
|
|
|
srcs = ["comms_test.proto"],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "comms_test",
|
|
|
|
srcs = ["comms_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":comms",
|
2019-09-25 22:13:33 +08:00
|
|
|
":comms_test_cc_proto",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
|
|
|
"@com_google_absl//absl/container:fixed_array",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log",
|
|
|
|
"@com_google_absl//absl/log:check",
|
2023-08-24 00:03:05 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "forkserver_test",
|
2020-07-17 19:54:20 +08:00
|
|
|
srcs = ["forkserver_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
data = ["//sandboxed_api/sandbox2/testcases:minimal"],
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = ["no_qemu_user_mode"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
2023-05-03 23:43:42 +08:00
|
|
|
":forkserver",
|
2019-09-25 22:13:33 +08:00
|
|
|
":forkserver_cc_proto",
|
2020-07-17 19:54:20 +08:00
|
|
|
":global_forkserver",
|
2019-03-19 00:21:48 +08:00
|
|
|
":sandbox2",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:testing",
|
2022-10-20 21:48:06 +08:00
|
|
|
"//sandboxed_api/util:raw_logging",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/log",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log:check",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "limits_test",
|
|
|
|
srcs = ["limits_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2023-09-15 19:56:38 +08:00
|
|
|
data = [
|
|
|
|
"//sandboxed_api/sandbox2/testcases:limits",
|
|
|
|
],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":limits",
|
|
|
|
":sandbox2",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
|
|
|
"//sandboxed_api:testing",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "notify_test",
|
|
|
|
srcs = ["notify_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
data = [
|
|
|
|
"//sandboxed_api/sandbox2/testcases:personality",
|
|
|
|
"//sandboxed_api/sandbox2/testcases:pidcomms",
|
|
|
|
],
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = ["no_qemu_user_mode"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":comms",
|
|
|
|
":sandbox2",
|
2024-02-03 05:00:50 +08:00
|
|
|
":trace_all_syscalls",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:testing",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "policy_test",
|
|
|
|
srcs = ["policy_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
data = [
|
|
|
|
"//sandboxed_api/sandbox2/testcases:add_policy_on_syscalls",
|
|
|
|
"//sandboxed_api/sandbox2/testcases:malloc_system",
|
|
|
|
"//sandboxed_api/sandbox2/testcases:minimal",
|
|
|
|
"//sandboxed_api/sandbox2/testcases:minimal_dynamic",
|
|
|
|
"//sandboxed_api/sandbox2/testcases:policy",
|
|
|
|
],
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = ["no_qemu_user_mode"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":sandbox2",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
|
|
|
"//sandboxed_api:testing",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
2023-03-03 22:50:17 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "sandbox2_test",
|
|
|
|
srcs = ["sandbox2_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
data = [
|
|
|
|
"//sandboxed_api/sandbox2/testcases:abort",
|
2023-12-12 22:52:38 +08:00
|
|
|
"//sandboxed_api/sandbox2/testcases:custom_fork",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/sandbox2/testcases:minimal",
|
|
|
|
"//sandboxed_api/sandbox2/testcases:sleep",
|
2019-05-15 23:04:36 +08:00
|
|
|
"//sandboxed_api/sandbox2/testcases:starve",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/sandbox2/testcases:tsync",
|
|
|
|
],
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = [
|
|
|
|
"local",
|
|
|
|
"no_qemu_user_mode",
|
|
|
|
],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
2023-12-12 22:52:38 +08:00
|
|
|
":fork_client",
|
2019-03-19 00:21:48 +08:00
|
|
|
":sandbox2",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:config",
|
|
|
|
"//sandboxed_api:testing",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/status",
|
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/synchronization",
|
|
|
|
"@com_google_absl//absl/time",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "sanitizer_test",
|
|
|
|
srcs = ["sanitizer_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2021-12-07 18:22:46 +08:00
|
|
|
data = [
|
|
|
|
"//sandboxed_api/sandbox2/testcases:close_fds",
|
|
|
|
"//sandboxed_api/sandbox2/testcases:sanitizer",
|
|
|
|
],
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = ["no_qemu_user_mode"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":comms",
|
|
|
|
":sandbox2",
|
2020-04-08 04:26:15 +08:00
|
|
|
":sanitizer",
|
2019-03-19 00:21:48 +08:00
|
|
|
":util",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:testing",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
2021-09-10 18:34:21 +08:00
|
|
|
"@com_google_absl//absl/container:flat_hash_set",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/log",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "util_test",
|
|
|
|
srcs = ["util_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":util",
|
2023-03-14 15:03:33 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
|
|
|
"@com_google_absl//absl/cleanup",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2023-03-14 15:03:33 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
2019-07-09 16:31:48 +08:00
|
|
|
name = "stack_trace_test",
|
2021-06-25 15:03:27 +08:00
|
|
|
srcs = [
|
|
|
|
"stack_trace_test.cc",
|
|
|
|
],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
data = ["//sandboxed_api/sandbox2/testcases:symbolize"],
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = ["no_qemu_user_mode"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":global_forkserver",
|
|
|
|
":sandbox2",
|
2023-02-16 21:06:50 +08:00
|
|
|
":stack_trace",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:testing",
|
|
|
|
"//sandboxed_api/util:fileops",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
2023-09-19 21:49:17 +08:00
|
|
|
"@com_google_absl//absl/base:log_severity",
|
2022-10-20 21:48:06 +08:00
|
|
|
"@com_google_absl//absl/flags:flag",
|
|
|
|
"@com_google_absl//absl/flags:reflection",
|
2023-08-24 21:23:03 +08:00
|
|
|
"@com_google_absl//absl/log:check",
|
2023-09-19 21:49:17 +08:00
|
|
|
"@com_google_absl//absl/log:scoped_mock_log",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2023-03-02 17:25:02 +08:00
|
|
|
"@com_google_absl//absl/time",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "ipc_test",
|
|
|
|
srcs = ["ipc_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
data = ["//sandboxed_api/sandbox2/testcases:ipc"],
|
2021-11-29 21:19:36 +08:00
|
|
|
tags = ["no_qemu_user_mode"],
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
|
|
|
":comms",
|
|
|
|
":sandbox2",
|
2021-01-14 01:25:25 +08:00
|
|
|
"//sandboxed_api:testing",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/util:status_matchers",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
cc_library(
|
|
|
|
name = "testing",
|
|
|
|
testonly = 1,
|
|
|
|
hdrs = ["testing.h"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
visibility = ["//visibility:public"],
|
2021-01-14 01:25:25 +08:00
|
|
|
deps = ["//sandboxed_api:testing"],
|
2019-03-19 00:21:48 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
sapi_proto_library(
|
2019-03-20 20:19:28 +08:00
|
|
|
name = "violation_proto",
|
|
|
|
srcs = ["violation.proto"],
|
2023-03-21 16:48:46 +08:00
|
|
|
deps = [
|
|
|
|
":mount_tree_proto",
|
|
|
|
],
|
2019-03-19 00:21:48 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "policybuilder_test",
|
|
|
|
srcs = ["policybuilder_test.cc"],
|
2019-05-09 20:21:11 +08:00
|
|
|
copts = sapi_platform_copts(),
|
2019-03-19 00:21:48 +08:00
|
|
|
deps = [
|
2023-09-05 22:13:06 +08:00
|
|
|
":policy",
|
2023-01-27 17:24:14 +08:00
|
|
|
":policybuilder",
|
2023-09-05 22:13:06 +08:00
|
|
|
":violation_cc_proto",
|
2019-03-19 00:21:48 +08:00
|
|
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
|
|
|
"//sandboxed_api/util:status_matchers",
|
2020-02-28 01:23:44 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2020-09-02 23:46:48 +08:00
|
|
|
"@com_google_absl//absl/status:statusor",
|
2019-03-19 00:21:48 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
2023-03-07 21:03:22 +08:00
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "bpfdisassembler_test",
|
|
|
|
srcs = ["bpfdisassembler_test.cc"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
deps = [
|
|
|
|
":bpfdisassembler",
|
|
|
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|
2023-08-31 21:05:17 +08:00
|
|
|
|
|
|
|
cc_test(
|
|
|
|
name = "network_proxy_test",
|
|
|
|
srcs = ["network_proxy_test.cc"],
|
|
|
|
copts = sapi_platform_copts(),
|
|
|
|
data = [
|
|
|
|
"//sandboxed_api/sandbox2/testcases:network_proxy",
|
|
|
|
],
|
|
|
|
tags = ["no_qemu_user_mode"],
|
|
|
|
deps = [
|
|
|
|
":sandbox2",
|
|
|
|
"//sandboxed_api:testing",
|
|
|
|
"//sandboxed_api/sandbox2/network_proxy:testing",
|
|
|
|
"//sandboxed_api/util:status_matchers",
|
2023-09-05 17:16:47 +08:00
|
|
|
"@com_google_absl//absl/status",
|
2023-08-31 21:05:17 +08:00
|
|
|
"@com_google_absl//absl/strings",
|
2023-09-05 15:56:21 +08:00
|
|
|
"@com_google_absl//absl/time",
|
2023-08-31 21:05:17 +08:00
|
|
|
"@com_google_googletest//:gtest_main",
|
|
|
|
],
|
|
|
|
)
|