mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Disable "mini" debug format support in libunwind to avoid additional library dependency
PiperOrigin-RevId: 239397518 Change-Id: Icd8c641f9d5aac721a2cf1e4e0d3347743f49d58
This commit is contained in:
parent
df4c151c75
commit
52f4c1f927
|
@ -134,6 +134,7 @@ autotools_repository(
|
||||||
build_file = "//sandboxed_api:bazel/external/libunwind.BUILD",
|
build_file = "//sandboxed_api:bazel/external/libunwind.BUILD",
|
||||||
configure_args = [
|
configure_args = [
|
||||||
"--disable-documentation",
|
"--disable-documentation",
|
||||||
|
"--disable-minidebuginfo",
|
||||||
"--disable-shared",
|
"--disable-shared",
|
||||||
"--enable-ptrace",
|
"--enable-ptrace",
|
||||||
],
|
],
|
||||||
|
|
148
sandboxed_api/sandbox2/violation.proto
Normal file
148
sandboxed_api/sandbox2/violation.proto
Normal file
|
@ -0,0 +1,148 @@
|
||||||
|
// Copyright 2019 Google LLC. All Rights Reserved.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
syntax = "proto3";
|
||||||
|
|
||||||
|
package sandbox2;
|
||||||
|
|
||||||
|
import "sandboxed_api/sandbox2/mounttree.proto";
|
||||||
|
|
||||||
|
enum PBViolationType {
|
||||||
|
VIOLATION_TYPE_UNSPECIFIED = 0;
|
||||||
|
DISALLOWED_SYSCALL = 1;
|
||||||
|
RESOURCE_LIMIT_EXCEEDED = 2;
|
||||||
|
SYSCALL_ARCHITECTURE_MISMATCH = 3;
|
||||||
|
}
|
||||||
|
|
||||||
|
// X86_64 not allowed (naming convention...)
|
||||||
|
message RegisterX8664 {
|
||||||
|
uint64 r15 = 1;
|
||||||
|
uint64 r14 = 2;
|
||||||
|
uint64 r13 = 3;
|
||||||
|
uint64 r12 = 4;
|
||||||
|
uint64 rbp = 5;
|
||||||
|
uint64 rbx = 6;
|
||||||
|
uint64 r11 = 7;
|
||||||
|
uint64 r10 = 8;
|
||||||
|
uint64 r9 = 9;
|
||||||
|
uint64 r8 = 10;
|
||||||
|
uint64 rax = 11;
|
||||||
|
uint64 rcx = 12;
|
||||||
|
uint64 rdx = 13;
|
||||||
|
uint64 rsi = 14;
|
||||||
|
uint64 rdi = 15;
|
||||||
|
uint64 orig_rax = 16;
|
||||||
|
uint64 rip = 17;
|
||||||
|
uint64 cs = 18;
|
||||||
|
uint64 eflags = 19;
|
||||||
|
uint64 rsp = 20;
|
||||||
|
uint64 ss = 21;
|
||||||
|
uint64 fs_base = 22;
|
||||||
|
uint64 gs_base = 23;
|
||||||
|
uint64 ds = 24;
|
||||||
|
uint64 es = 25;
|
||||||
|
uint64 fs = 26;
|
||||||
|
uint64 gs = 27;
|
||||||
|
}
|
||||||
|
|
||||||
|
message RegisterPowerpc64 {
|
||||||
|
repeated uint64 gpr = 1;
|
||||||
|
uint64 nip = 2;
|
||||||
|
uint64 msr = 3;
|
||||||
|
uint64 orig_gpr3 = 4;
|
||||||
|
uint64 ctr = 5;
|
||||||
|
uint64 link = 6;
|
||||||
|
uint64 xer = 7;
|
||||||
|
uint64 ccr = 8;
|
||||||
|
uint64 softe = 9;
|
||||||
|
uint64 trap = 10;
|
||||||
|
uint64 dar = 11;
|
||||||
|
uint64 dsisr = 12;
|
||||||
|
uint64 result = 13;
|
||||||
|
|
||||||
|
uint64 zero0 = 14;
|
||||||
|
uint64 zero1 = 15;
|
||||||
|
uint64 zero2 = 16;
|
||||||
|
uint64 zero3 = 17;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Deprecated.
|
||||||
|
message RegisterAarch64 {
|
||||||
|
repeated uint64 regs = 1;
|
||||||
|
uint64 sp = 2;
|
||||||
|
uint64 pc = 3;
|
||||||
|
uint64 pstate = 4;
|
||||||
|
}
|
||||||
|
|
||||||
|
message RegisterValues {
|
||||||
|
// Architecture architecture = 1;
|
||||||
|
oneof register_values {
|
||||||
|
RegisterX8664 register_x86_64 = 2;
|
||||||
|
RegisterPowerpc64 register_powerpc64 = 3;
|
||||||
|
RegisterAarch64 register_aarch64 = 4; // Deprecated.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
message SyscallDescription {
|
||||||
|
int32 syscall = 1;
|
||||||
|
// Should we have a second one with the raw value?
|
||||||
|
// This would be redundant (We dump all registers) + should not be as useful
|
||||||
|
// for debugging as the decoded values.
|
||||||
|
repeated string argument = 2;
|
||||||
|
// Store the architecture of the desired syscall in here as well? Might be
|
||||||
|
// useful when the violation type was a change in syscall architecture.
|
||||||
|
}
|
||||||
|
|
||||||
|
message FsDescription {
|
||||||
|
repeated string file_whitelist = 1;
|
||||||
|
repeated string symlink_whitelist = 2;
|
||||||
|
repeated string file_greylist = 3;
|
||||||
|
repeated string file_blacklist = 4;
|
||||||
|
}
|
||||||
|
|
||||||
|
message PolicyBuilderDescription {
|
||||||
|
repeated int32 handled_syscalls = 1;
|
||||||
|
repeated string bind_mounts = 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
message NamespaceDescription {
|
||||||
|
int32 clone_flags = 1;
|
||||||
|
// Do we want to have the mount tree in here?
|
||||||
|
MountTree mount_tree_mounts = 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
message PolicyDescription {
|
||||||
|
bytes user_bpf_policy = 1;
|
||||||
|
reserved 2 to 5;
|
||||||
|
// This requires additional fields. (e.g. whitelisted syscall #s)
|
||||||
|
PolicyBuilderDescription policy_builder_description = 6;
|
||||||
|
|
||||||
|
// namespace
|
||||||
|
NamespaceDescription namespace_description = 7;
|
||||||
|
|
||||||
|
repeated int32 capabilities = 8;
|
||||||
|
}
|
||||||
|
|
||||||
|
message Violation {
|
||||||
|
string legacy_fatal_message = 1;
|
||||||
|
PBViolationType violation_type = 2;
|
||||||
|
int32 pid = 3;
|
||||||
|
string prog_name = 4;
|
||||||
|
PolicyDescription policy = 5;
|
||||||
|
string stack_trace = 6;
|
||||||
|
SyscallDescription syscall_information = 7;
|
||||||
|
RegisterValues register_values = 8;
|
||||||
|
FsDescription fs = 9;
|
||||||
|
string proc_maps = 10;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user