mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Ability to inspect a syscall's return value.
PiperOrigin-RevId: 421552017 Change-Id: I7103720723b5e5828f80731a724c5672895dfa54
This commit is contained in:
parent
ebe4475348
commit
2546d9e85b
|
@ -46,7 +46,6 @@ cc_library(
|
||||||
":violation_cc_proto",
|
":violation_cc_proto",
|
||||||
"//sandboxed_api:config",
|
"//sandboxed_api:config",
|
||||||
"//sandboxed_api/util:status",
|
"//sandboxed_api/util:status",
|
||||||
"//sandboxed_api/util:strerror",
|
|
||||||
"@com_google_absl//absl/base:core_headers",
|
"@com_google_absl//absl/base:core_headers",
|
||||||
"@com_google_absl//absl/status",
|
"@com_google_absl//absl/status",
|
||||||
"@com_google_absl//absl/strings",
|
"@com_google_absl//absl/strings",
|
||||||
|
@ -197,6 +196,10 @@ cc_library(
|
||||||
":comms",
|
":comms",
|
||||||
":result",
|
":result",
|
||||||
":syscall",
|
":syscall",
|
||||||
|
":util",
|
||||||
|
"//sandboxed_api:config",
|
||||||
|
"@com_google_absl//absl/base:core_headers",
|
||||||
|
"@com_google_glog//:glog",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -347,7 +350,6 @@ cc_library(
|
||||||
"//sandboxed_api/util:file_helpers",
|
"//sandboxed_api/util:file_helpers",
|
||||||
"//sandboxed_api/util:fileops",
|
"//sandboxed_api/util:fileops",
|
||||||
"//sandboxed_api/util:flags",
|
"//sandboxed_api/util:flags",
|
||||||
"//sandboxed_api/util:raw_logging",
|
|
||||||
"//sandboxed_api/util:status",
|
"//sandboxed_api/util:status",
|
||||||
"//sandboxed_api/util:strerror",
|
"//sandboxed_api/util:strerror",
|
||||||
"//sandboxed_api/util:temp_file",
|
"//sandboxed_api/util:temp_file",
|
||||||
|
|
|
@ -170,11 +170,15 @@ add_library(sandbox2_notify ${SAPI_LIB_TYPE}
|
||||||
notify.h
|
notify.h
|
||||||
)
|
)
|
||||||
add_library(sandbox2::notify ALIAS sandbox2_notify)
|
add_library(sandbox2::notify ALIAS sandbox2_notify)
|
||||||
target_link_libraries(sandbox2_notify PRIVATE
|
target_link_libraries(sandbox2_notify
|
||||||
|
PUBLIC absl::core_headers
|
||||||
|
glog::glog
|
||||||
sandbox2::comms
|
sandbox2::comms
|
||||||
sandbox2::result
|
sandbox2::result
|
||||||
sandbox2::syscall
|
sandbox2::syscall
|
||||||
sapi::base
|
sandbox2::util
|
||||||
|
PRIVATE sapi::base
|
||||||
|
sapi::config
|
||||||
)
|
)
|
||||||
|
|
||||||
# sandboxed_api/sandbox2:limits
|
# sandboxed_api/sandbox2:limits
|
||||||
|
@ -296,7 +300,6 @@ add_library(sandbox2::sandbox2 ALIAS sandbox2_sandbox2)
|
||||||
target_link_libraries(sandbox2_sandbox2
|
target_link_libraries(sandbox2_sandbox2
|
||||||
PRIVATE absl::core_headers
|
PRIVATE absl::core_headers
|
||||||
absl::cleanup
|
absl::cleanup
|
||||||
absl::flat_hash_map
|
|
||||||
absl::flat_hash_set
|
absl::flat_hash_set
|
||||||
absl::memory
|
absl::memory
|
||||||
absl::optional
|
absl::optional
|
||||||
|
@ -305,7 +308,8 @@ target_link_libraries(sandbox2_sandbox2
|
||||||
absl::strings
|
absl::strings
|
||||||
sapi::strerror
|
sapi::strerror
|
||||||
sapi::base
|
sapi::base
|
||||||
PUBLIC absl::status
|
PUBLIC absl::flat_hash_map
|
||||||
|
absl::status
|
||||||
absl::statusor
|
absl::statusor
|
||||||
absl::synchronization
|
absl::synchronization
|
||||||
absl::time
|
absl::time
|
||||||
|
|
|
@ -127,6 +127,18 @@ void StopProcess(pid_t pid, int signo) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void CompleteSyscall(pid_t pid, int signo) {
|
||||||
|
if (ptrace(PTRACE_SYSCALL, pid, 0, signo) == -1) {
|
||||||
|
if (errno == ESRCH) {
|
||||||
|
LOG(WARNING) << "Process " << pid
|
||||||
|
<< " died while trying to PTRACE_SYSCALL it";
|
||||||
|
} else {
|
||||||
|
PLOG(ERROR) << "ptrace(PTRACE_SYSCALL, pid=" << pid << ", sig=" << signo
|
||||||
|
<< ")";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
void MaybeEnableTomoyoLsmWorkaround(Mounts& mounts, std::string& comms_fd_dev) {
|
void MaybeEnableTomoyoLsmWorkaround(Mounts& mounts, std::string& comms_fd_dev) {
|
||||||
static auto tomoyo_active = []() -> bool {
|
static auto tomoyo_active = []() -> bool {
|
||||||
std::string lsm_list;
|
std::string lsm_list;
|
||||||
|
@ -768,14 +780,20 @@ void Monitor::ActionProcessSyscall(Regs* regs, const Syscall& syscall) {
|
||||||
// Notify can decide whether we want to allow this syscall. It could be useful
|
// Notify can decide whether we want to allow this syscall. It could be useful
|
||||||
// for sandbox setups in which some syscalls might still need some logging,
|
// for sandbox setups in which some syscalls might still need some logging,
|
||||||
// but nonetheless be allowed ('permissible syscalls' in sandbox v1).
|
// but nonetheless be allowed ('permissible syscalls' in sandbox v1).
|
||||||
if (notify_->EventSyscallTrap(syscall)) {
|
auto trace_response = notify_->EventSyscallTrace(syscall);
|
||||||
LOG(WARNING) << "[PERMITTED]: SYSCALL ::: PID: " << regs->pid()
|
if (trace_response == Notify::TraceAction::kAllow) {
|
||||||
<< ", PROG: '" << util::GetProgName(regs->pid())
|
|
||||||
<< "' : " << syscall.GetDescription();
|
|
||||||
|
|
||||||
ContinueProcess(regs->pid(), 0);
|
ContinueProcess(regs->pid(), 0);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if (trace_response == Notify::TraceAction::kInspectAfterReturn) {
|
||||||
|
// Note that a process might die without an exit-stop before the syscall is
|
||||||
|
// completed (eg. a thread calls execve() and the thread group leader dies),
|
||||||
|
// so this entry might never get removed from the table. This may increase
|
||||||
|
// the monitor's memory usage by O(number-of-sandboxed-pids).
|
||||||
|
syscalls_in_progress_[regs->pid()] = syscall;
|
||||||
|
CompleteSyscall(regs->pid(), 0);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// TODO(wiktorg): Further clean that up, probably while doing monitor cleanup
|
// TODO(wiktorg): Further clean that up, probably while doing monitor cleanup
|
||||||
// log_file_ not null iff FLAGS_sandbox2_danger_danger_permit_all_and_log is
|
// log_file_ not null iff FLAGS_sandbox2_danger_danger_permit_all_and_log is
|
||||||
|
@ -856,11 +874,74 @@ void Monitor::EventPtraceSeccomp(pid_t pid, int event_msg) {
|
||||||
ActionProcessSyscall(®s, syscall);
|
ActionProcessSyscall(®s, syscall);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void Monitor::EventSyscallExit(pid_t pid) {
|
||||||
|
// Check that the monitor wants to inspect the current syscall's return value.
|
||||||
|
auto index = syscalls_in_progress_.find(pid);
|
||||||
|
if (index == syscalls_in_progress_.end()) {
|
||||||
|
LOG(ERROR) << "Expected a syscall in progress in PID " << pid;
|
||||||
|
SetExitStatusCode(Result::INTERNAL_ERROR, Result::FAILED_INSPECT);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
Regs regs(pid);
|
||||||
|
auto status = regs.Fetch();
|
||||||
|
if (!status.ok()) {
|
||||||
|
LOG(ERROR) << status;
|
||||||
|
SetExitStatusCode(Result::INTERNAL_ERROR, Result::FAILED_FETCH);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
int64_t return_value = regs.GetReturnValue(sapi::host_cpu::Architecture());
|
||||||
|
notify_->EventSyscallReturn(index->second, return_value);
|
||||||
|
syscalls_in_progress_.erase(index);
|
||||||
|
ContinueProcess(pid, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
void Monitor::EventPtraceNewProcess(pid_t pid, int event_msg) {
|
||||||
|
// ptrace doesn't issue syscall-exit-stops for successful fork/vfork/clone
|
||||||
|
// system calls. Check if the monitor wanted to inspect the syscall's return
|
||||||
|
// value, and call EventSyscallReturn for the parent process if so.
|
||||||
|
auto index = syscalls_in_progress_.find(pid);
|
||||||
|
if (index != syscalls_in_progress_.end()) {
|
||||||
|
auto syscall_nr = index->second.nr();
|
||||||
|
bool creating_new_process = syscall_nr == __NR_clone;
|
||||||
|
#ifdef __NR_fork
|
||||||
|
creating_new_process = creating_new_process || syscall_nr == __NR_fork;
|
||||||
|
#endif
|
||||||
|
#ifdef __NR_vfork
|
||||||
|
creating_new_process = creating_new_process || syscall_nr == __NR_vfork;
|
||||||
|
#endif
|
||||||
|
if (!creating_new_process) {
|
||||||
|
LOG(ERROR) << "Expected a fork/vfork/clone syscall in progress in PID "
|
||||||
|
<< pid << "; actual: " << index->second.GetDescription();
|
||||||
|
SetExitStatusCode(Result::INTERNAL_ERROR, Result::FAILED_INSPECT);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
notify_->EventSyscallReturn(index->second, event_msg);
|
||||||
|
syscalls_in_progress_.erase(index);
|
||||||
|
}
|
||||||
|
ContinueProcess(pid, 0);
|
||||||
|
}
|
||||||
|
|
||||||
void Monitor::EventPtraceExec(pid_t pid, int event_msg) {
|
void Monitor::EventPtraceExec(pid_t pid, int event_msg) {
|
||||||
if (!IsActivelyMonitoring()) {
|
if (!IsActivelyMonitoring()) {
|
||||||
VLOG(1) << "PTRACE_EVENT_EXEC seen from PID: " << event_msg
|
VLOG(1) << "PTRACE_EVENT_EXEC seen from PID: " << event_msg
|
||||||
<< ". SANDBOX ENABLED!";
|
<< ". SANDBOX ENABLED!";
|
||||||
SetActivelyMonitoring();
|
SetActivelyMonitoring();
|
||||||
|
} else {
|
||||||
|
// ptrace doesn't issue syscall-exit-stops for successful execve/execveat
|
||||||
|
// system calls. Check if the monitor wanted to inspect the syscall's return
|
||||||
|
// value, and call EventSyscallReturn if so.
|
||||||
|
auto index = syscalls_in_progress_.find(pid);
|
||||||
|
if (index != syscalls_in_progress_.end()) {
|
||||||
|
auto syscall_nr = index->second.nr();
|
||||||
|
if (syscall_nr != __NR_execve && syscall_nr != __NR_execveat) {
|
||||||
|
LOG(ERROR) << "Expected an execve/execveat syscall in progress in PID "
|
||||||
|
<< pid << "; actual: " << index->second.GetDescription();
|
||||||
|
SetExitStatusCode(Result::INTERNAL_ERROR, Result::FAILED_INSPECT);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
notify_->EventSyscallReturn(index->second, 0);
|
||||||
|
syscalls_in_progress_.erase(index);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
ContinueProcess(pid, 0);
|
ContinueProcess(pid, 0);
|
||||||
}
|
}
|
||||||
|
@ -932,7 +1013,10 @@ void Monitor::EventPtraceStop(pid_t pid, int stopsig) {
|
||||||
|
|
||||||
void Monitor::StateProcessStopped(pid_t pid, int status) {
|
void Monitor::StateProcessStopped(pid_t pid, int status) {
|
||||||
int stopsig = WSTOPSIG(status);
|
int stopsig = WSTOPSIG(status);
|
||||||
if (__WPTRACEEVENT(status) == 0) {
|
// We use PTRACE_O_TRACESYSGOOD, so we can tell it's a syscall stop without
|
||||||
|
// calling PTRACE_GETSIGINFO by checking the value of the reported signal.
|
||||||
|
bool is_syscall_exit = stopsig == (SIGTRAP | 0x80);
|
||||||
|
if (__WPTRACEEVENT(status) == 0 && !is_syscall_exit) {
|
||||||
// Must be a regular signal delivery.
|
// Must be a regular signal delivery.
|
||||||
VLOG(2) << "PID: " << pid
|
VLOG(2) << "PID: " << pid
|
||||||
<< " received signal: " << util::GetSignalName(stopsig);
|
<< " received signal: " << util::GetSignalName(stopsig);
|
||||||
|
@ -980,13 +1064,25 @@ void Monitor::StateProcessStopped(pid_t pid, int status) {
|
||||||
#define PTRACE_EVENT_STOP 128
|
#define PTRACE_EVENT_STOP 128
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (is_syscall_exit) {
|
||||||
|
VLOG(2) << "PID: " << pid << " syscall-exit-stop: " << event_msg;
|
||||||
|
EventSyscallExit(pid);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
switch (__WPTRACEEVENT(status)) {
|
switch (__WPTRACEEVENT(status)) {
|
||||||
case PTRACE_EVENT_FORK:
|
case PTRACE_EVENT_FORK:
|
||||||
/* fall through */
|
VLOG(2) << "PID: " << pid << " PTRACE_EVENT_FORK, PID: " << event_msg;
|
||||||
|
EventPtraceNewProcess(pid, event_msg);
|
||||||
|
break;
|
||||||
case PTRACE_EVENT_VFORK:
|
case PTRACE_EVENT_VFORK:
|
||||||
/* fall through */
|
VLOG(2) << "PID: " << pid << " PTRACE_EVENT_VFORK, PID: " << event_msg;
|
||||||
|
EventPtraceNewProcess(pid, event_msg);
|
||||||
|
break;
|
||||||
case PTRACE_EVENT_CLONE:
|
case PTRACE_EVENT_CLONE:
|
||||||
/* fall through */
|
VLOG(2) << "PID: " << pid << " PTRACE_EVENT_CLONE, PID: " << event_msg;
|
||||||
|
EventPtraceNewProcess(pid, event_msg);
|
||||||
|
break;
|
||||||
case PTRACE_EVENT_VFORK_DONE:
|
case PTRACE_EVENT_VFORK_DONE:
|
||||||
ContinueProcess(pid, 0);
|
ContinueProcess(pid, 0);
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
#include <memory>
|
#include <memory>
|
||||||
#include <thread>
|
#include <thread>
|
||||||
|
|
||||||
|
#include "absl/container/flat_hash_map.h"
|
||||||
#include "absl/synchronization/notification.h"
|
#include "absl/synchronization/notification.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
#include "sandboxed_api/sandbox2/executor.h"
|
#include "sandboxed_api/sandbox2/executor.h"
|
||||||
|
@ -135,12 +136,18 @@ class Monitor final {
|
||||||
// Processes exit path.
|
// Processes exit path.
|
||||||
void EventPtraceExit(pid_t pid, int event_msg);
|
void EventPtraceExit(pid_t pid, int event_msg);
|
||||||
|
|
||||||
// Processes excution path.
|
// Processes fork/vfork/clone path.
|
||||||
|
void EventPtraceNewProcess(pid_t pid, int event_msg);
|
||||||
|
|
||||||
|
// Processes execution path.
|
||||||
void EventPtraceExec(pid_t pid, int event_msg);
|
void EventPtraceExec(pid_t pid, int event_msg);
|
||||||
|
|
||||||
// Processes stop path.
|
// Processes stop path.
|
||||||
void EventPtraceStop(pid_t pid, int stopsig);
|
void EventPtraceStop(pid_t pid, int stopsig);
|
||||||
|
|
||||||
|
// Processes syscall exit.
|
||||||
|
void EventSyscallExit(pid_t pid);
|
||||||
|
|
||||||
// Enable network proxy server, this will start a thread in the sandbox
|
// Enable network proxy server, this will start a thread in the sandbox
|
||||||
// that waits for connection requests from the sandboxee.
|
// that waits for connection requests from the sandboxee.
|
||||||
void EnableNetworkProxyServer();
|
void EnableNetworkProxyServer();
|
||||||
|
@ -196,6 +203,9 @@ class Monitor final {
|
||||||
std::unique_ptr<NetworkProxyServer> network_proxy_server_;
|
std::unique_ptr<NetworkProxyServer> network_proxy_server_;
|
||||||
|
|
||||||
std::thread network_proxy_thread_;
|
std::thread network_proxy_thread_;
|
||||||
|
|
||||||
|
// Syscalls that are running, whose result values we want to inspect.
|
||||||
|
absl::flat_hash_map<pid_t, Syscall> syscalls_in_progress_;
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace sandbox2
|
} // namespace sandbox2
|
||||||
|
|
|
@ -19,9 +19,13 @@
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
|
#include <glog/logging.h>
|
||||||
|
#include "absl/base/attributes.h"
|
||||||
|
#include "sandboxed_api/config.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
#include "sandboxed_api/sandbox2/result.h"
|
#include "sandboxed_api/sandbox2/result.h"
|
||||||
#include "sandboxed_api/sandbox2/syscall.h"
|
#include "sandboxed_api/sandbox2/syscall.h"
|
||||||
|
#include "sandboxed_api/sandbox2/util.h"
|
||||||
|
|
||||||
namespace sandbox2 {
|
namespace sandbox2 {
|
||||||
|
|
||||||
|
@ -50,11 +54,41 @@ class Notify {
|
||||||
virtual void EventSyscallViolation(const Syscall& syscall,
|
virtual void EventSyscallViolation(const Syscall& syscall,
|
||||||
ViolationType type) {}
|
ViolationType type) {}
|
||||||
|
|
||||||
// Called when a policy called TRACE. The syscall is allowed if this method
|
// Called when a policy called TRACE. The syscall is allowed and logged if
|
||||||
// returns true.
|
// this method returns true. This allows for implementing 'log, but allow'
|
||||||
// This allows for implementing 'log, but allow' policies.
|
// policies.
|
||||||
|
ABSL_DEPRECATED("Override EventSyscallTrace() instead")
|
||||||
virtual bool EventSyscallTrap(const Syscall& syscall) { return false; }
|
virtual bool EventSyscallTrap(const Syscall& syscall) { return false; }
|
||||||
|
|
||||||
|
// Actions to perform after calling EventSyscallTrace.
|
||||||
|
enum class TraceAction {
|
||||||
|
// Deny the syscall.
|
||||||
|
kDeny,
|
||||||
|
// Allow the syscall.
|
||||||
|
kAllow,
|
||||||
|
// Allow the syscall so its return value can be inspected through a
|
||||||
|
// subsequent call to EventSyscallReturn.
|
||||||
|
// Requires Linux kernel 4.8 or later.
|
||||||
|
kInspectAfterReturn
|
||||||
|
};
|
||||||
|
|
||||||
|
// Called when a policy called TRACE. The syscall is allowed or denied
|
||||||
|
// depending on the return value of this function.
|
||||||
|
virtual TraceAction EventSyscallTrace(const Syscall& syscall) {
|
||||||
|
if (EventSyscallTrap(syscall)) {
|
||||||
|
LOG(WARNING) << "[PERMITTED]: SYSCALL ::: PID: " << syscall.pid()
|
||||||
|
<< ", PROG: '" << util::GetProgName(syscall.pid())
|
||||||
|
<< "' : " << syscall.GetDescription();
|
||||||
|
return TraceAction::kAllow;
|
||||||
|
}
|
||||||
|
return TraceAction::kDeny;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Called when a policy called TRACE and EventSyscallTrace returned
|
||||||
|
// kInspectAfterReturn.
|
||||||
|
virtual void EventSyscallReturn(const Syscall& syscall,
|
||||||
|
int64_t return_value) {}
|
||||||
|
|
||||||
// Called when a process received a signal.
|
// Called when a process received a signal.
|
||||||
virtual void EventSignal(pid_t pid, int sig_no) {}
|
virtual void EventSignal(pid_t pid, int sig_no) {}
|
||||||
};
|
};
|
||||||
|
|
|
@ -187,6 +187,30 @@ Syscall Regs::ToSyscall(sapi::cpu::Architecture syscall_arch) const {
|
||||||
return Syscall(pid_);
|
return Syscall(pid_);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int64_t Regs::GetReturnValue(sapi::cpu::Architecture syscall_arch) const {
|
||||||
|
#if defined(SAPI_X86_64)
|
||||||
|
if (ABSL_PREDICT_TRUE(syscall_arch == sapi::cpu::kX8664)) {
|
||||||
|
return static_cast<int64_t>(user_regs_.rax);
|
||||||
|
}
|
||||||
|
if (syscall_arch == sapi::cpu::kX86) {
|
||||||
|
return static_cast<int32_t>(user_regs_.rax & 0xFFFFFFFF);
|
||||||
|
}
|
||||||
|
#elif defined(SAPI_PPC64_LE)
|
||||||
|
if (ABSL_PREDICT_TRUE(syscall_arch == sapi::cpu::kPPC64LE)) {
|
||||||
|
return static_cast<int64_t>(user_regs_.gpr[3]);
|
||||||
|
}
|
||||||
|
#elif defined(SAPI_ARM64)
|
||||||
|
if (ABSL_PREDICT_TRUE(syscall_arch == sapi::cpu::kArm64)) {
|
||||||
|
return static_cast<int64_t>(user_regs_.regs[0]);
|
||||||
|
}
|
||||||
|
#elif defined(SAPI_ARM)
|
||||||
|
if (ABSL_PREDICT_TRUE(syscall_arch == sapi::cpu::kArm)) {
|
||||||
|
return static_cast<int32_t>(user_regs_.regs[0]);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
void Regs::StoreRegisterValuesInProtobuf(RegisterValues* values) const {
|
void Regs::StoreRegisterValuesInProtobuf(RegisterValues* values) const {
|
||||||
#if defined(SAPI_X86_64)
|
#if defined(SAPI_X86_64)
|
||||||
RegisterX8664* regs = values->mutable_register_x86_64();
|
RegisterX8664* regs = values->mutable_register_x86_64();
|
||||||
|
|
|
@ -48,6 +48,9 @@ class Regs {
|
||||||
// Converts raw register values obtained on syscall entry to syscall info
|
// Converts raw register values obtained on syscall entry to syscall info
|
||||||
Syscall ToSyscall(sapi::cpu::Architecture syscall_arch) const;
|
Syscall ToSyscall(sapi::cpu::Architecture syscall_arch) const;
|
||||||
|
|
||||||
|
// Returns the content of the register that holds a syscall's return value
|
||||||
|
int64_t GetReturnValue(sapi::cpu::Architecture syscall_arch) const;
|
||||||
|
|
||||||
pid_t pid() const { return pid_; }
|
pid_t pid() const { return pid_; }
|
||||||
|
|
||||||
// Stores register values in a protobuf structure.
|
// Stores register values in a protobuf structure.
|
||||||
|
|
|
@ -189,6 +189,8 @@ std::string Result::ReasonCodeEnumToString(ReasonCodeEnum value) {
|
||||||
return "FAILED_KILL";
|
return "FAILED_KILL";
|
||||||
case sandbox2::Result::FAILED_CHILD:
|
case sandbox2::Result::FAILED_CHILD:
|
||||||
return "FAILED_CHILD";
|
return "FAILED_CHILD";
|
||||||
|
case sandbox2::Result::FAILED_INSPECT:
|
||||||
|
return "FAILED_INSPECT";
|
||||||
case sandbox2::Result::VIOLATION_SYSCALL:
|
case sandbox2::Result::VIOLATION_SYSCALL:
|
||||||
return "VIOLATION_SYSCALL";
|
return "VIOLATION_SYSCALL";
|
||||||
case sandbox2::Result::VIOLATION_ARCH:
|
case sandbox2::Result::VIOLATION_ARCH:
|
||||||
|
|
|
@ -80,6 +80,7 @@ class Result {
|
||||||
FAILED_MONITOR,
|
FAILED_MONITOR,
|
||||||
FAILED_KILL,
|
FAILED_KILL,
|
||||||
FAILED_CHILD,
|
FAILED_CHILD,
|
||||||
|
FAILED_INSPECT,
|
||||||
|
|
||||||
// TODO(wiktorg) not used currently (syscall number stored insted) - need to
|
// TODO(wiktorg) not used currently (syscall number stored insted) - need to
|
||||||
// fix clients first
|
// fix clients first
|
||||||
|
|
Loading…
Reference in New Issue
Block a user