mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Introduce commandline flag to pass forkserver_bin path for Android builds.
PiperOrigin-RevId: 431942480 Change-Id: I5382b4fc8e8a66bb823dda597e1b812421364212
This commit is contained in:
parent
3f042fa54f
commit
546365655d
|
@ -243,12 +243,16 @@ cc_library(
|
||||||
":forkserver_bin_embed",
|
":forkserver_bin_embed",
|
||||||
":forkserver_cc_proto",
|
":forkserver_cc_proto",
|
||||||
":util",
|
":util",
|
||||||
|
"//sandboxed_api:config",
|
||||||
"//sandboxed_api:embed_file",
|
"//sandboxed_api:embed_file",
|
||||||
|
"//sandboxed_api/util:fileops",
|
||||||
"//sandboxed_api/util:flags",
|
"//sandboxed_api/util:flags",
|
||||||
"//sandboxed_api/util:raw_logging",
|
"//sandboxed_api/util:raw_logging",
|
||||||
"//sandboxed_api/util:status",
|
"//sandboxed_api/util:status",
|
||||||
"@com_google_absl//absl/base:core_headers",
|
"@com_google_absl//absl/base:core_headers",
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
|
"@com_google_absl//absl/status",
|
||||||
|
"@com_google_absl//absl/status:statusor",
|
||||||
"@com_google_absl//absl/strings",
|
"@com_google_absl//absl/strings",
|
||||||
"@com_google_absl//absl/synchronization",
|
"@com_google_absl//absl/synchronization",
|
||||||
"@com_google_glog//:glog",
|
"@com_google_glog//:glog",
|
||||||
|
|
|
@ -229,13 +229,17 @@ add_library(sandbox2::global_forkserver ALIAS sandbox2_global_forkserver)
|
||||||
target_link_libraries(sandbox2_global_forkserver
|
target_link_libraries(sandbox2_global_forkserver
|
||||||
PRIVATE absl::memory
|
PRIVATE absl::memory
|
||||||
absl::strings
|
absl::strings
|
||||||
|
absl::status
|
||||||
|
absl::statusor
|
||||||
glog::glog
|
glog::glog
|
||||||
sandbox2::client
|
sandbox2::client
|
||||||
sandbox2::forkserver_bin_embed
|
sandbox2::forkserver_bin_embed
|
||||||
sapi::strerror
|
sapi::strerror
|
||||||
sandbox2::util
|
sandbox2::util
|
||||||
sapi::base
|
sapi::base
|
||||||
|
sapi::config
|
||||||
sapi::embed_file
|
sapi::embed_file
|
||||||
|
sapi::fileops
|
||||||
sapi::raw_logging
|
sapi::raw_logging
|
||||||
sapi::status
|
sapi::status
|
||||||
PUBLIC absl::core_headers
|
PUBLIC absl::core_headers
|
||||||
|
|
|
@ -32,22 +32,29 @@
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "sandboxed_api/util/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
|
#include "absl/status/status.h"
|
||||||
|
#include "absl/status/statusor.h"
|
||||||
#include "absl/strings/ascii.h"
|
#include "absl/strings/ascii.h"
|
||||||
#include "absl/strings/str_cat.h"
|
#include "absl/strings/str_cat.h"
|
||||||
#include "absl/strings/str_join.h"
|
#include "absl/strings/str_join.h"
|
||||||
#include "absl/strings/str_split.h"
|
#include "absl/strings/str_split.h"
|
||||||
#include "absl/strings/string_view.h"
|
#include "absl/strings/string_view.h"
|
||||||
#include "absl/synchronization/mutex.h"
|
#include "absl/synchronization/mutex.h"
|
||||||
|
#include "sandboxed_api/config.h"
|
||||||
#include "sandboxed_api/embed_file.h"
|
#include "sandboxed_api/embed_file.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
#include "sandboxed_api/sandbox2/fork_client.h"
|
#include "sandboxed_api/sandbox2/fork_client.h"
|
||||||
#include "sandboxed_api/sandbox2/forkserver_bin_embed.h"
|
#include "sandboxed_api/sandbox2/forkserver_bin_embed.h"
|
||||||
#include "sandboxed_api/sandbox2/util.h"
|
#include "sandboxed_api/sandbox2/util.h"
|
||||||
|
#include "sandboxed_api/util/fileops.h"
|
||||||
#include "sandboxed_api/util/os_error.h"
|
#include "sandboxed_api/util/os_error.h"
|
||||||
#include "sandboxed_api/util/raw_logging.h"
|
#include "sandboxed_api/util/raw_logging.h"
|
||||||
|
#include "sandboxed_api/util/status_macros.h"
|
||||||
|
|
||||||
namespace sandbox2 {
|
namespace sandbox2 {
|
||||||
|
|
||||||
|
namespace file_util = ::sapi::file_util;
|
||||||
|
|
||||||
bool AbslParseFlag(absl::string_view text, GlobalForkserverStartModeSet* out,
|
bool AbslParseFlag(absl::string_view text, GlobalForkserverStartModeSet* out,
|
||||||
std::string* error) {
|
std::string* error) {
|
||||||
*out = {};
|
*out = {};
|
||||||
|
@ -102,6 +109,8 @@ std::string AbslUnparseFlag(GlobalForkserverStartModeSet in) {
|
||||||
|
|
||||||
} // namespace sandbox2
|
} // namespace sandbox2
|
||||||
|
|
||||||
|
ABSL_FLAG(string, sandbox2_forkserver_binary_path, "",
|
||||||
|
"Path to forkserver_bin binary");
|
||||||
ABSL_FLAG(string, sandbox2_forkserver_start_mode, "ondemand",
|
ABSL_FLAG(string, sandbox2_forkserver_start_mode, "ondemand",
|
||||||
"When Sandbox2 Forkserver process should be started");
|
"When Sandbox2 Forkserver process should be started");
|
||||||
DEFINE_validator(sandbox2_forkserver_start_mode, &sandbox2::ValidateStartMode);
|
DEFINE_validator(sandbox2_forkserver_start_mode, &sandbox2::ValidateStartMode);
|
||||||
|
@ -121,12 +130,27 @@ GlobalForkserverStartModeSet GetForkserverStartMode() {
|
||||||
absl::StatusOr<std::unique_ptr<GlobalForkClient>> StartGlobalForkServer() {
|
absl::StatusOr<std::unique_ptr<GlobalForkClient>> StartGlobalForkServer() {
|
||||||
SAPI_RAW_LOG(INFO, "Starting global forkserver");
|
SAPI_RAW_LOG(INFO, "Starting global forkserver");
|
||||||
|
|
||||||
// The fd is owned by EmbedFile
|
// Allow passing of a spearate forkserver_bin via flag
|
||||||
int exec_fd = sapi::EmbedFile::instance()->GetFdForFileToc(
|
int exec_fd = -1;
|
||||||
|
if (!absl::GetFlag(FLAGS_sandbox2_forkserver_binary_path).empty()) {
|
||||||
|
exec_fd = open(absl::GetFlag(FLAGS_sandbox2_forkserver_binary_path).c_str(),
|
||||||
|
O_RDONLY);
|
||||||
|
}
|
||||||
|
if (exec_fd < 0) {
|
||||||
|
// For Android we expect the forkserver_bin in the flag
|
||||||
|
if constexpr (sapi::host_os::IsAndroid()) {
|
||||||
|
return absl::InternalError(sapi::OsErrorMessage(
|
||||||
|
errno,
|
||||||
|
"Open init binary passed via --sandbox2_forkserver_binary_path"));
|
||||||
|
}
|
||||||
|
// Extract the fd when it's owned by EmbedFile
|
||||||
|
exec_fd = sapi::EmbedFile::instance()->GetDupFdForFileToc(
|
||||||
forkserver_bin_embed_create());
|
forkserver_bin_embed_create());
|
||||||
|
}
|
||||||
if (exec_fd < 0) {
|
if (exec_fd < 0) {
|
||||||
return absl::InternalError("Getting FD for init binary failed");
|
return absl::InternalError("Getting FD for init binary failed");
|
||||||
}
|
}
|
||||||
|
file_util::fileops::FDCloser exec_fd_closer(exec_fd);
|
||||||
|
|
||||||
std::string proc_name = "S2-FORK-SERV";
|
std::string proc_name = "S2-FORK-SERV";
|
||||||
|
|
||||||
|
|
|
@ -107,5 +107,6 @@ std::string AbslUnparseFlag(GlobalForkserverStartModeSet in);
|
||||||
} // namespace sandbox2
|
} // namespace sandbox2
|
||||||
|
|
||||||
ABSL_DECLARE_FLAG(string, sandbox2_forkserver_start_mode);
|
ABSL_DECLARE_FLAG(string, sandbox2_forkserver_start_mode);
|
||||||
|
ABSL_DECLARE_FLAG(string, sandbox2_forkserver_binary_path);
|
||||||
|
|
||||||
#endif // SANDBOXED_API_SANDBOX2_GLOBAL_FORKCLIENT_H_
|
#endif // SANDBOXED_API_SANDBOX2_GLOBAL_FORKCLIENT_H_
|
||||||
|
|
Loading…
Reference in New Issue
Block a user