Add special handling for global forkserver

PiperOrigin-RevId: 590533638 Change-Id: Ibbb7685c58bae0ebf340eaa0186ecc794a5a5fea
2023-12-13 03:33:36 -08:00 · 2023-12-13 03:33:36 -08:00 · 0a992b683f
parent d95df64ebb
commit 0a992b683f
6 changed files with 20 additions and 2 deletions
--- a/sandboxed_api/sandbox2/BUILD.bazel
+++ b/sandboxed_api/sandbox2/BUILD.bazel
@ -529,6 +529,7 @@ cc_library(
        ":stack_trace",
        ":syscall",
        ":util",
+        "//sandboxed_api/sandbox2/network_proxy:client",
        "//sandboxed_api/sandbox2/network_proxy:server",
        "//sandboxed_api/util:file_helpers",
        "//sandboxed_api/util:raw_logging",
--- a/sandboxed_api/sandbox2/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/CMakeLists.txt
@ -422,6 +422,7 @@ target_link_libraries(sandbox2_monitor_base
          sandbox2::executor
          sandbox2::fork_client
          sandbox2::ipc
+          sandbox2::network_proxy_client
          sandbox2::network_proxy_server
          sandbox2::notify
          sandbox2::policy
--- a/sandboxed_api/sandbox2/fork_client.cc
+++ b/sandboxed_api/sandbox2/fork_client.cc
@ -27,6 +27,13 @@ namespace sandbox2 {

 using ::sapi::file_util::fileops::FDCloser;

+ForkClient::ForkClient(pid_t pid, Comms* comms, bool is_global)
+    : pid_(pid), comms_(comms), is_global_(is_global) {
+}
+
+ForkClient::~ForkClient() {
+}
+
 SandboxeeProcess ForkClient::SendRequest(const ForkRequest& request,
                                         int exec_fd, int comms_fd) {
  SandboxeeProcess process;
--- a/sandboxed_api/sandbox2/fork_client.h
+++ b/sandboxed_api/sandbox2/fork_client.h
@ -37,9 +37,10 @@ struct SandboxeeProcess {

 class ForkClient {
 public:
-  ForkClient(pid_t pid, Comms* comms) : pid_(pid), comms_(comms) {}
+  ForkClient(pid_t pid, Comms* comms) : ForkClient(pid, comms, false) {}
  ForkClient(const ForkClient&) = delete;
  ForkClient& operator=(const ForkClient&) = delete;
+  ~ForkClient();

  // Sends the fork request over the supplied Comms channel.
  SandboxeeProcess SendRequest(const ForkRequest& request, int exec_fd,
@ -48,10 +49,16 @@ class ForkClient {
  pid_t pid() { return pid_; }

 private:
+  friend class GlobalForkClient;
+
+  ForkClient(pid_t pid, Comms* comms, bool is_global);
+
  // Pid of the ForkServer.
  pid_t pid_;
  // Comms channel connecting with the ForkServer. Not owned by the object.
  Comms* comms_ ABSL_GUARDED_BY(comms_mutex_);
+  // Is it the global forkserver
+  bool is_global_;
  // Mutex locking transactions (requests) over the Comms channel.
  absl::Mutex comms_mutex_;
 };
--- a/sandboxed_api/sandbox2/global_forkclient.h
+++ b/sandboxed_api/sandbox2/global_forkclient.h
@ -43,7 +43,7 @@ enum class GlobalForkserverStartMode {
 class GlobalForkClient {
 public:
  GlobalForkClient(int fd, pid_t pid)
-      : comms_(fd), fork_client_(pid, &comms_) {}
+      : comms_(fd), fork_client_(pid, &comms_, /*is_global=*/true) {}

  static SandboxeeProcess SendRequest(const ForkRequest& request, int exec_fd,
                                      int comms_fd)
--- a/sandboxed_api/sandbox2/monitor_base.cc
+++ b/sandboxed_api/sandbox2/monitor_base.cc
@ -50,7 +50,9 @@
 #include "sandboxed_api/sandbox2/limits.h"
 #include "sandboxed_api/sandbox2/mounts.h"
 #include "sandboxed_api/sandbox2/namespace.h"
+#include "sandboxed_api/sandbox2/network_proxy/client.h"
 #include "sandboxed_api/sandbox2/network_proxy/server.h"
+#include "sandboxed_api/sandbox2/notify.h"
 #include "sandboxed_api/sandbox2/policy.h"
 #include "sandboxed_api/sandbox2/result.h"
 #include "sandboxed_api/sandbox2/stack_trace.h"