StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Partial support for sandbox2::Notify in UnotifyMonitor

Browse Source 
PiperOrigin-RevId: 515562555
Change-Id: Ie73c34bc7e35942b307c458cfef80510e0b734c3
This commit is contained in:
Wiktor Garbacz 2023-03-10 00:58:59 -08:00 committed by Copybara-Service
parent 6a79282895
commit 10d44614fd
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sandboxed_api/sandbox2/monitor_unotify.cc
View File

@ -108,11 +108,12 @@ void UnotifyMonitor::HandleUnotify() {
{req_->data.args[0], req_->data.args[1], req_->data.args[2], {req_->data.args[0], req_->data.args[1], req_->data.args[2],
req_->data.args[3], req_->data.args[4], req_->data.args[5]}, req_->data.args[3], req_->data.args[4], req_->data.args[5]},
req_->pid, 0, req_->data.instruction_pointer); req_->pid, 0, req_->data.instruction_pointer);
LogSyscallViolation(syscall);
MaybeGetStackTrace(req_->pid, Result::VIOLATION);
ViolationType violation_type = syscall.arch() == Syscall::GetHostArch() ViolationType violation_type = syscall.arch() == Syscall::GetHostArch()
? kSyscallViolation ? kSyscallViolation
: kArchitectureSwitchViolation; : kArchitectureSwitchViolation;
LogSyscallViolation(syscall);
notify_->EventSyscallViolation(syscall, violation_type);
MaybeGetStackTrace(req_->pid, Result::VIOLATION);
SetExitStatusCode(Result::VIOLATION, syscall.nr()); SetExitStatusCode(Result::VIOLATION, syscall.nr());
notify_->EventSyscallViolation(syscall, violation_type); notify_->EventSyscallViolation(syscall, violation_type);
result_.SetSyscall(std::make_unique<Syscall>(syscall)); result_.SetSyscall(std::make_unique<Syscall>(syscall));

6
sandboxed_api/sandbox2/sandbox2.cc
View File

@ -113,8 +113,10 @@ void Sandbox2::Launch() {
absl::Status Sandbox2::EnableUnotifyMonitor() { absl::Status Sandbox2::EnableUnotifyMonitor() {
if (notify_) { if (notify_) {
return absl::FailedPreconditionError( LOG(WARNING) << "Running UnotifyMonitor with sandbox2::Notify is not fully "
"sandbox2::Notify is not compatible with unotify monitor"); "supported. Runtime syscall decisions via "
"EventSyscallTrap/EventSyscallTrace, notifications about "
"signals via EventSignal will not work";
} }
if (policy_->GetNamespace() == nullptr) { if (policy_->GetNamespace() == nullptr) {
return absl::FailedPreconditionError( return absl::FailedPreconditionError(