2020-01-17 21:05:03 +08:00
|
|
|
// Copyright 2019 Google LLC
|
2019-03-19 00:21:48 +08:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
2022-01-28 17:38:27 +08:00
|
|
|
// https://www.apache.org/licenses/LICENSE-2.0
|
2019-03-19 00:21:48 +08:00
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
// Implementation of the sandbox2::Result class.
|
|
|
|
|
|
|
|
#include "sandboxed_api/sandbox2/result.h"
|
|
|
|
|
2023-08-24 21:23:03 +08:00
|
|
|
#include <sys/resource.h>
|
|
|
|
|
|
|
|
#include <cstdlib>
|
|
|
|
#include <memory>
|
|
|
|
#include <optional>
|
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
#include "absl/status/status.h"
|
2019-03-19 00:21:48 +08:00
|
|
|
#include "absl/strings/str_cat.h"
|
2020-07-20 15:24:12 +08:00
|
|
|
#include "absl/strings/str_join.h"
|
2021-02-01 23:10:43 +08:00
|
|
|
#include "sandboxed_api/config.h"
|
2019-03-19 00:21:48 +08:00
|
|
|
#include "sandboxed_api/sandbox2/syscall.h"
|
|
|
|
#include "sandboxed_api/sandbox2/util.h"
|
|
|
|
|
|
|
|
namespace sandbox2 {
|
|
|
|
|
|
|
|
Result& Result::operator=(const Result& other) {
|
|
|
|
final_status_ = other.final_status_;
|
|
|
|
reason_code_ = other.reason_code_;
|
|
|
|
stack_trace_ = other.stack_trace_;
|
|
|
|
if (other.regs_) {
|
2022-10-12 20:22:51 +08:00
|
|
|
regs_ = std::make_unique<Regs>(*other.regs_);
|
2019-03-19 00:21:48 +08:00
|
|
|
} else {
|
|
|
|
regs_.reset(nullptr);
|
|
|
|
}
|
|
|
|
if (other.syscall_) {
|
2022-10-12 20:22:51 +08:00
|
|
|
syscall_ = std::make_unique<Syscall>(*other.syscall_);
|
2019-03-19 00:21:48 +08:00
|
|
|
} else {
|
|
|
|
syscall_.reset(nullptr);
|
|
|
|
}
|
|
|
|
prog_name_ = other.prog_name_;
|
|
|
|
proc_maps_ = other.proc_maps_;
|
|
|
|
rusage_monitor_ = other.rusage_monitor_;
|
2023-06-16 19:36:42 +08:00
|
|
|
rusage_sandboxee_ = other.rusage_sandboxee_;
|
2019-03-19 00:21:48 +08:00
|
|
|
return *this;
|
|
|
|
}
|
|
|
|
|
2020-07-20 15:24:12 +08:00
|
|
|
std::string Result::GetStackTrace() const {
|
|
|
|
return absl::StrJoin(stack_trace_, " ");
|
|
|
|
}
|
|
|
|
|
2020-02-28 01:23:44 +08:00
|
|
|
absl::Status Result::ToStatus() const {
|
2019-03-19 00:21:48 +08:00
|
|
|
switch (final_status()) {
|
|
|
|
case OK:
|
|
|
|
if (reason_code() == 0) {
|
2020-02-28 01:23:44 +08:00
|
|
|
return absl::OkStatus();
|
2019-03-19 00:21:48 +08:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case TIMEOUT:
|
2020-02-28 01:23:44 +08:00
|
|
|
return absl::DeadlineExceededError(ToString());
|
2019-03-19 00:21:48 +08:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
2020-02-28 01:23:44 +08:00
|
|
|
return absl::InternalError(ToString());
|
2019-03-19 00:21:48 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
std::string Result::ToString() const {
|
|
|
|
std::string result;
|
|
|
|
switch (final_status()) {
|
|
|
|
case sandbox2::Result::UNSET:
|
|
|
|
result = absl::StrCat("UNSET - Code: ", reason_code());
|
|
|
|
break;
|
|
|
|
case sandbox2::Result::OK:
|
|
|
|
result = absl::StrCat("OK - Exit code: ", reason_code());
|
|
|
|
break;
|
|
|
|
case sandbox2::Result::SETUP_ERROR:
|
|
|
|
result = absl::StrCat(
|
|
|
|
"SETUP_ERROR - Code: ",
|
|
|
|
ReasonCodeEnumToString(static_cast<ReasonCodeEnum>(reason_code())));
|
|
|
|
break;
|
|
|
|
case sandbox2::Result::VIOLATION:
|
2023-01-12 19:57:13 +08:00
|
|
|
if (syscall_) {
|
|
|
|
result = absl::StrCat("SYSCALL VIOLATION - Violating Syscall ",
|
|
|
|
syscall_->GetDescription(),
|
|
|
|
" Stack: ", GetStackTrace());
|
|
|
|
} else if (reason_code() == sandbox2::Result::VIOLATION_NETWORK) {
|
2020-02-20 23:45:22 +08:00
|
|
|
result = absl::StrCat("NETWORK VIOLATION: ", GetNetworkViolation());
|
|
|
|
} else {
|
2023-01-12 19:57:13 +08:00
|
|
|
result = "SYSCALL VIOLATION - Unknown Violation";
|
2020-02-20 23:45:22 +08:00
|
|
|
}
|
2019-03-19 00:21:48 +08:00
|
|
|
break;
|
|
|
|
case sandbox2::Result::SIGNALED:
|
|
|
|
result = absl::StrCat("Process terminated with a SIGNAL - Signal: ",
|
|
|
|
util::GetSignalName(reason_code()),
|
|
|
|
" Stack: ", GetStackTrace());
|
|
|
|
break;
|
|
|
|
case sandbox2::Result::TIMEOUT:
|
|
|
|
result = absl::StrCat("Process TIMEOUT - Code: ", reason_code(),
|
|
|
|
" Stack: ", GetStackTrace());
|
|
|
|
break;
|
|
|
|
case sandbox2::Result::EXTERNAL_KILL:
|
|
|
|
result = absl::StrCat("Process killed by user - Code: ", reason_code(),
|
|
|
|
" Stack: ", GetStackTrace());
|
|
|
|
break;
|
|
|
|
case sandbox2::Result::INTERNAL_ERROR:
|
|
|
|
result = absl::StrCat(
|
|
|
|
"INTERNAL_ERROR - Code: ",
|
|
|
|
ReasonCodeEnumToString(static_cast<ReasonCodeEnum>(reason_code())));
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
result =
|
|
|
|
absl::StrCat("<UNKNOWN>(", final_status(), ") Code: ", reason_code());
|
|
|
|
}
|
2021-02-01 23:10:43 +08:00
|
|
|
if constexpr (sapi::sanitizers::IsAny()) {
|
|
|
|
absl::StrAppend(
|
|
|
|
&result,
|
|
|
|
" - Warning: this executor is built with ASAN, MSAN or TSAN, chances "
|
|
|
|
"are the sandboxee is too, which is incompatible with sandboxing.");
|
|
|
|
} else {
|
|
|
|
if (
|
|
|
|
getenv("COVERAGE") != nullptr) {
|
|
|
|
absl::StrAppend(
|
|
|
|
&result,
|
|
|
|
" - Warning: this executor is built with coverage enabled, chances "
|
|
|
|
"are the sandboxee too, which is incompatible with sandboxing.");
|
|
|
|
}
|
2019-03-19 00:21:48 +08:00
|
|
|
}
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string Result::StatusEnumToString(StatusEnum value) {
|
|
|
|
switch (value) {
|
|
|
|
case sandbox2::Result::UNSET:
|
|
|
|
return "UNSET";
|
|
|
|
case sandbox2::Result::OK:
|
|
|
|
return "OK";
|
|
|
|
case sandbox2::Result::SETUP_ERROR:
|
|
|
|
return "SETUP_ERROR";
|
|
|
|
case sandbox2::Result::VIOLATION:
|
|
|
|
return "VIOLATION";
|
|
|
|
case sandbox2::Result::SIGNALED:
|
|
|
|
return "SIGNALED";
|
|
|
|
case sandbox2::Result::TIMEOUT:
|
|
|
|
return "TIMEOUT";
|
|
|
|
case sandbox2::Result::EXTERNAL_KILL:
|
|
|
|
return "EXTERNAL_KILL";
|
|
|
|
case sandbox2::Result::INTERNAL_ERROR:
|
|
|
|
return "INTERNAL_ERROR";
|
|
|
|
}
|
|
|
|
return "UNKNOWN";
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string Result::ReasonCodeEnumToString(ReasonCodeEnum value) {
|
|
|
|
switch (value) {
|
|
|
|
case sandbox2::Result::UNSUPPORTED_ARCH:
|
|
|
|
return "UNSUPPORTED_ARCH";
|
|
|
|
case sandbox2::Result::FAILED_TIMERS:
|
|
|
|
return "FAILED_TIMERS";
|
|
|
|
case sandbox2::Result::FAILED_SIGNALS:
|
|
|
|
return "FAILED_SIGNALS";
|
|
|
|
case sandbox2::Result::FAILED_SUBPROCESS:
|
|
|
|
return "FAILED_SUBPROCESS";
|
|
|
|
case sandbox2::Result::FAILED_NOTIFY:
|
|
|
|
return "FAILED_NOTIFY";
|
|
|
|
case sandbox2::Result::FAILED_CONNECTION:
|
|
|
|
return "FAILED_CONNECTION";
|
|
|
|
case sandbox2::Result::FAILED_WAIT:
|
|
|
|
return "FAILED_WAIT";
|
|
|
|
case sandbox2::Result::FAILED_NAMESPACES:
|
|
|
|
return "FAILED_NAMESPACES";
|
|
|
|
case sandbox2::Result::FAILED_PTRACE:
|
|
|
|
return "FAILED_PTRACE";
|
|
|
|
case sandbox2::Result::FAILED_IPC:
|
|
|
|
return "FAILED_IPC";
|
|
|
|
case sandbox2::Result::FAILED_LIMITS:
|
|
|
|
return "FAILED_LIMITS";
|
|
|
|
case sandbox2::Result::FAILED_CWD:
|
|
|
|
return "FAILED_CWD";
|
|
|
|
case sandbox2::Result::FAILED_POLICY:
|
|
|
|
return "FAILED_POLICY";
|
|
|
|
case sandbox2::Result::FAILED_STORE:
|
|
|
|
return "FAILED_STORE";
|
|
|
|
case sandbox2::Result::FAILED_FETCH:
|
|
|
|
return "FAILED_FETCH";
|
|
|
|
case sandbox2::Result::FAILED_GETEVENT:
|
|
|
|
return "FAILED_GETEVENT";
|
|
|
|
case sandbox2::Result::FAILED_MONITOR:
|
|
|
|
return "FAILED_MONITOR";
|
2019-05-15 22:46:26 +08:00
|
|
|
case sandbox2::Result::FAILED_KILL:
|
|
|
|
return "FAILED_KILL";
|
2022-05-09 21:57:52 +08:00
|
|
|
case sandbox2::Result::FAILED_INTERRUPT:
|
|
|
|
return "FAILED_INTERRUPT";
|
2019-05-15 22:46:26 +08:00
|
|
|
case sandbox2::Result::FAILED_CHILD:
|
|
|
|
return "FAILED_CHILD";
|
2022-01-13 22:48:44 +08:00
|
|
|
case sandbox2::Result::FAILED_INSPECT:
|
|
|
|
return "FAILED_INSPECT";
|
2019-03-19 00:21:48 +08:00
|
|
|
case sandbox2::Result::VIOLATION_SYSCALL:
|
|
|
|
return "VIOLATION_SYSCALL";
|
|
|
|
case sandbox2::Result::VIOLATION_ARCH:
|
|
|
|
return "VIOLATION_ARCH";
|
2020-02-20 23:45:22 +08:00
|
|
|
case sandbox2::Result::VIOLATION_NETWORK:
|
|
|
|
return "VIOLATION_NETWORK";
|
2019-03-19 00:21:48 +08:00
|
|
|
}
|
|
|
|
return absl::StrCat("UNKNOWN: ", value);
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace sandbox2
|