mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Add special handling for global forkserver
PiperOrigin-RevId: 590533638 Change-Id: Ibbb7685c58bae0ebf340eaa0186ecc794a5a5fea
This commit is contained in:
parent
d95df64ebb
commit
0a992b683f
|
@ -529,6 +529,7 @@ cc_library(
|
||||||
":stack_trace",
|
":stack_trace",
|
||||||
":syscall",
|
":syscall",
|
||||||
":util",
|
":util",
|
||||||
|
"//sandboxed_api/sandbox2/network_proxy:client",
|
||||||
"//sandboxed_api/sandbox2/network_proxy:server",
|
"//sandboxed_api/sandbox2/network_proxy:server",
|
||||||
"//sandboxed_api/util:file_helpers",
|
"//sandboxed_api/util:file_helpers",
|
||||||
"//sandboxed_api/util:raw_logging",
|
"//sandboxed_api/util:raw_logging",
|
||||||
|
|
|
@ -422,6 +422,7 @@ target_link_libraries(sandbox2_monitor_base
|
||||||
sandbox2::executor
|
sandbox2::executor
|
||||||
sandbox2::fork_client
|
sandbox2::fork_client
|
||||||
sandbox2::ipc
|
sandbox2::ipc
|
||||||
|
sandbox2::network_proxy_client
|
||||||
sandbox2::network_proxy_server
|
sandbox2::network_proxy_server
|
||||||
sandbox2::notify
|
sandbox2::notify
|
||||||
sandbox2::policy
|
sandbox2::policy
|
||||||
|
|
|
@ -27,6 +27,13 @@ namespace sandbox2 {
|
||||||
|
|
||||||
using ::sapi::file_util::fileops::FDCloser;
|
using ::sapi::file_util::fileops::FDCloser;
|
||||||
|
|
||||||
|
ForkClient::ForkClient(pid_t pid, Comms* comms, bool is_global)
|
||||||
|
: pid_(pid), comms_(comms), is_global_(is_global) {
|
||||||
|
}
|
||||||
|
|
||||||
|
ForkClient::~ForkClient() {
|
||||||
|
}
|
||||||
|
|
||||||
SandboxeeProcess ForkClient::SendRequest(const ForkRequest& request,
|
SandboxeeProcess ForkClient::SendRequest(const ForkRequest& request,
|
||||||
int exec_fd, int comms_fd) {
|
int exec_fd, int comms_fd) {
|
||||||
SandboxeeProcess process;
|
SandboxeeProcess process;
|
||||||
|
|
|
@ -37,9 +37,10 @@ struct SandboxeeProcess {
|
||||||
|
|
||||||
class ForkClient {
|
class ForkClient {
|
||||||
public:
|
public:
|
||||||
ForkClient(pid_t pid, Comms* comms) : pid_(pid), comms_(comms) {}
|
ForkClient(pid_t pid, Comms* comms) : ForkClient(pid, comms, false) {}
|
||||||
ForkClient(const ForkClient&) = delete;
|
ForkClient(const ForkClient&) = delete;
|
||||||
ForkClient& operator=(const ForkClient&) = delete;
|
ForkClient& operator=(const ForkClient&) = delete;
|
||||||
|
~ForkClient();
|
||||||
|
|
||||||
// Sends the fork request over the supplied Comms channel.
|
// Sends the fork request over the supplied Comms channel.
|
||||||
SandboxeeProcess SendRequest(const ForkRequest& request, int exec_fd,
|
SandboxeeProcess SendRequest(const ForkRequest& request, int exec_fd,
|
||||||
|
@ -48,10 +49,16 @@ class ForkClient {
|
||||||
pid_t pid() { return pid_; }
|
pid_t pid() { return pid_; }
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
friend class GlobalForkClient;
|
||||||
|
|
||||||
|
ForkClient(pid_t pid, Comms* comms, bool is_global);
|
||||||
|
|
||||||
// Pid of the ForkServer.
|
// Pid of the ForkServer.
|
||||||
pid_t pid_;
|
pid_t pid_;
|
||||||
// Comms channel connecting with the ForkServer. Not owned by the object.
|
// Comms channel connecting with the ForkServer. Not owned by the object.
|
||||||
Comms* comms_ ABSL_GUARDED_BY(comms_mutex_);
|
Comms* comms_ ABSL_GUARDED_BY(comms_mutex_);
|
||||||
|
// Is it the global forkserver
|
||||||
|
bool is_global_;
|
||||||
// Mutex locking transactions (requests) over the Comms channel.
|
// Mutex locking transactions (requests) over the Comms channel.
|
||||||
absl::Mutex comms_mutex_;
|
absl::Mutex comms_mutex_;
|
||||||
};
|
};
|
||||||
|
|
|
@ -43,7 +43,7 @@ enum class GlobalForkserverStartMode {
|
||||||
class GlobalForkClient {
|
class GlobalForkClient {
|
||||||
public:
|
public:
|
||||||
GlobalForkClient(int fd, pid_t pid)
|
GlobalForkClient(int fd, pid_t pid)
|
||||||
: comms_(fd), fork_client_(pid, &comms_) {}
|
: comms_(fd), fork_client_(pid, &comms_, /*is_global=*/true) {}
|
||||||
|
|
||||||
static SandboxeeProcess SendRequest(const ForkRequest& request, int exec_fd,
|
static SandboxeeProcess SendRequest(const ForkRequest& request, int exec_fd,
|
||||||
int comms_fd)
|
int comms_fd)
|
||||||
|
|
|
@ -50,7 +50,9 @@
|
||||||
#include "sandboxed_api/sandbox2/limits.h"
|
#include "sandboxed_api/sandbox2/limits.h"
|
||||||
#include "sandboxed_api/sandbox2/mounts.h"
|
#include "sandboxed_api/sandbox2/mounts.h"
|
||||||
#include "sandboxed_api/sandbox2/namespace.h"
|
#include "sandboxed_api/sandbox2/namespace.h"
|
||||||
|
#include "sandboxed_api/sandbox2/network_proxy/client.h"
|
||||||
#include "sandboxed_api/sandbox2/network_proxy/server.h"
|
#include "sandboxed_api/sandbox2/network_proxy/server.h"
|
||||||
|
#include "sandboxed_api/sandbox2/notify.h"
|
||||||
#include "sandboxed_api/sandbox2/policy.h"
|
#include "sandboxed_api/sandbox2/policy.h"
|
||||||
#include "sandboxed_api/sandbox2/result.h"
|
#include "sandboxed_api/sandbox2/result.h"
|
||||||
#include "sandboxed_api/sandbox2/stack_trace.h"
|
#include "sandboxed_api/sandbox2/stack_trace.h"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user