StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Internal change

Browse Source 
Only externally visible changes should be a few changed includes as well as
some formatting changes.

PiperOrigin-RevId: 353226662
Change-Id: Iebf5be13774efcbd94c5d5a17b9b27e47275b229
This commit is contained in:
Christian Blichmann 2021-01-22 06:01:05 -08:00 committed by Copybara-Service
parent 19fd11b91e
commit 75bbd0e1c1
54 changed files with 412 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
oss-internship-2020/curl/examples/example1.cc
View File

@ -39,22 +39,25 @@ absl::Status Example1() {
// Specify URL to get
sapi::v::ConstCStr url("http://example.com");
SAPI_ASSIGN_OR_RETURN(curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_URL,
url.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_URL, url.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
// Set the library to follow a redirection
SAPI_ASSIGN_OR_RETURN(curl_code, api.curl_easy_setopt_long(
&curl, curl::CURLOPT_FOLLOWLOCATION, 1l));
SAPI_ASSIGN_OR_RETURN(
curl_code,
api.curl_easy_setopt_long(&curl, curl::CURLOPT_FOLLOWLOCATION, 1l));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_long failed: " + curl_code);
}
// Disable authentication of peer certificate
SAPI_ASSIGN_OR_RETURN(curl_code, api.curl_easy_setopt_long(
&curl, curl::CURLOPT_SSL_VERIFYPEER, 0l));
SAPI_ASSIGN_OR_RETURN(
curl_code,
api.curl_easy_setopt_long(&curl, curl::CURLOPT_SSL_VERIFYPEER, 0l));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_long failed: " + curl_code);
}

19
oss-internship-2020/curl/examples/example2.cc
View File

@ -46,16 +46,17 @@ absl::Status Example2() {
// Specify URL to get
sapi::v::ConstCStr url("http://example.com");
SAPI_ASSIGN_OR_RETURN(curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_URL,
url.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_URL, url.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
// Set WriteMemoryCallback as the write function
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_WRITEFUNCTION,
&write_to_memory));
SAPI_ASSIGN_OR_RETURN(
curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_WRITEFUNCTION,
&write_to_memory));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
@ -63,8 +64,8 @@ absl::Status Example2() {
// Pass 'chunk' struct to the callback function
sapi::v::LenVal chunk(0);
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_WRITEDATA,
chunk.PtrBoth()));
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_WRITEDATA,
chunk.PtrBoth()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
@ -72,8 +73,8 @@ absl::Status Example2() {
// Set a user agent
sapi::v::ConstCStr user_agent("libcurl-agent/1.0");
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_USERAGENT,
user_agent.PtrBefore()));
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_USERAGENT,
user_agent.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}

38
oss-internship-2020/curl/examples/example3.cc
View File

@ -78,26 +78,27 @@ absl::Status Example3(std::string ssl_certificate, std::string ssl_key,
// Specify URL to get (using HTTPS)
sapi::v::ConstCStr url("https://example.com");
SAPI_ASSIGN_OR_RETURN(curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_URL,
url.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_URL, url.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
// Set the SSL certificate type to "PEM"
sapi::v::ConstCStr ssl_cert_type("PEM");
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_SSLCERTTYPE,
ssl_cert_type.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_SSLCERTTYPE,
ssl_cert_type.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
// Set the certificate for client authentication
sapi::v::ConstCStr sapi_ssl_certificate(ssl_certificate.c_str());
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_SSLCERT,
sapi_ssl_certificate.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_SSLCERT,
sapi_ssl_certificate.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
@ -105,33 +106,34 @@ absl::Status Example3(std::string ssl_certificate, std::string ssl_key,
// Set the private key for client authentication
sapi::v::ConstCStr sapi_ssl_key(ssl_key.c_str());
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_SSLKEY,
sapi_ssl_key.PtrBefore()));
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_SSLKEY,
sapi_ssl_key.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
// Set the password used to protect the private key
sapi::v::ConstCStr sapi_ssl_key_password(ssl_key_password.c_str());
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_KEYPASSWD,
sapi_ssl_key_password.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_KEYPASSWD,
sapi_ssl_key_password.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
// Set the file with the certificates vaildating the server
sapi::v::ConstCStr sapi_ca_certificates(ca_certificates.c_str());
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_CAINFO,
sapi_ca_certificates.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_CAINFO,
sapi_ca_certificates.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
// Verify the authenticity of the server
SAPI_ASSIGN_OR_RETURN(curl_code, api.curl_easy_setopt_long(
&curl, curl::CURLOPT_SSL_VERIFYPEER, 1L));
SAPI_ASSIGN_OR_RETURN(
curl_code,
api.curl_easy_setopt_long(&curl, curl::CURLOPT_SSL_VERIFYPEER, 1L));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_long failed: " + curl_code);
}

17
oss-internship-2020/curl/examples/example4.cc
View File

@ -50,9 +50,9 @@ absl::Status Example4() {
// Specify URL to get
sapi::v::ConstCStr url("http://example.com");
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_easy_setopt_ptr(&http_handle, curl::CURLOPT_URL,
url.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code, api.curl_easy_setopt_ptr(&http_handle, curl::CURLOPT_URL,
url.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}
@ -68,7 +68,7 @@ absl::Status Example4() {
// Add http_handle to the multi stack
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_multi_add_handle(&multi_handle, &http_handle));
api.curl_multi_add_handle(&multi_handle, &http_handle));
if (curl_code != 0) {
return absl::UnavailableError("curl_multi_add_handle failed: " + curl_code);
}
@ -77,8 +77,9 @@ absl::Status Example4() {
sapi::v::Int numfds(0);
// Perform the request
SAPI_ASSIGN_OR_RETURN(curl_code, api.curl_multi_perform(
&multi_handle, still_running.PtrBoth()));
SAPI_ASSIGN_OR_RETURN(
curl_code,
api.curl_multi_perform(&multi_handle, still_running.PtrBoth()));
if (curl_code != 0) {
return absl::UnavailableError("curl_mutli_perform failed: " + curl_code);
}
@ -97,8 +98,8 @@ absl::Status Example4() {
}
// Remove http_handle from the multi stack
SAPI_ASSIGN_OR_RETURN(curl_code,
api.curl_multi_remove_handle(&multi_handle, &http_handle));
SAPI_ASSIGN_OR_RETURN(
curl_code, api.curl_multi_remove_handle(&multi_handle, &http_handle));
if (curl_code != 0) {
return absl::UnavailableError("curl_multi_remove_handle failed: " +
curl_code);

5
oss-internship-2020/curl/examples/example5.cc
View File

@ -36,8 +36,9 @@ absl::Status pull_one_url(const std::string& url, curl::CurlApi& api) {
// Specify URL to get
sapi::v::ConstCStr sapi_url(url.c_str());
SAPI_ASSIGN_OR_RETURN(curl_code, api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_URL,
sapi_url.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
curl_code,
api.curl_easy_setopt_ptr(&curl, curl::CURLOPT_URL, sapi_url.PtrBefore()));
if (curl_code != 0) {
return absl::UnavailableError("curl_easy_setopt_ptr failed: " + curl_code);
}

8
oss-internship-2020/curl/tests/tests.cc
View File

@ -46,8 +46,8 @@ TEST_F(CurlTest, EffectiveUrl) {
// Store effective URL in a string
SAPI_ASSERT_OK_AND_ASSIGN(std::string effective_url,
sandbox_->GetCString(sapi::v::RemotePtr(
effective_url_ptr.GetPointedVar())));
sandbox_->GetCString(sapi::v::RemotePtr(
effective_url_ptr.GetPointedVar())));
// Compare effective URL with original URL
ASSERT_EQ(effective_url, kUrl);
@ -99,8 +99,8 @@ TEST_F(CurlTest, ContentType) {
// Store content type in a string
SAPI_ASSERT_OK_AND_ASSIGN(std::string content_type,
sandbox_->GetCString(sapi::v::RemotePtr(
content_type_ptr.GetPointedVar())));
sandbox_->GetCString(sapi::v::RemotePtr(
content_type_ptr.GetPointedVar())));
// Compare content type with "text/plain"
ASSERT_EQ(content_type, "text/plain");

9
oss-internship-2020/gdal/raster.cc
View File

@ -101,8 +101,9 @@ absl::Status GdalMain(std::string filename) {
// analyzing the returning object.
// Same for GDALReturnsIO from below.
CPLErr err;
SAPI_ASSIGN_OR_RETURN(err, api.GDALGetGeoTransform(
&ptr_dataset, adf_geo_transform_array.PtrBoth()));
SAPI_ASSIGN_OR_RETURN(
err,
api.GDALGetGeoTransform(&ptr_dataset, adf_geo_transform_array.PtrBoth()));
// If GDALGetGeoTransform generates an error.
if (err != CE_None) {
@ -127,8 +128,8 @@ absl::Status GdalMain(std::string filename) {
}
sapi::v::RemotePtr ptr_band(band.value());
SAPI_RETURN_IF_ERROR(api.GDALGetBlockSize(&ptr_band, nBlockXSizeArray.PtrBoth(),
nBlockYSizeArray.PtrBoth()));
SAPI_RETURN_IF_ERROR(api.GDALGetBlockSize(
&ptr_band, nBlockXSizeArray.PtrBoth(), nBlockYSizeArray.PtrBoth()));
LOG(INFO) << "Block = " << n_blockX_size[0] << " x " << n_blockY_size[0]
<< std::endl;

9
oss-internship-2020/gdal/raster_to_gtiff/gtiff_converter.cc
View File

@ -44,7 +44,7 @@ absl::Status RasterToGTiffProcessor::Main() {
sapi::v::CStr driver_name_ptr(kDriverName);
SAPI_ASSIGN_OR_RETURN(absl::StatusOr<GDALDriverH> driver,
api.GDALGetDriverByName(driver_name_ptr.PtrBefore()));
api.GDALGetDriverByName(driver_name_ptr.PtrBefore()));
TRANSACTION_FAIL_IF_NOT(driver.value() != nullptr,
"Error getting GTiff driver");
@ -69,7 +69,7 @@ absl::Status RasterToGTiffProcessor::Main() {
int current_band = 1;
for (auto& band_data : data_.bands) {
SAPI_ASSIGN_OR_RETURN(absl::StatusOr<GDALRasterBandH> band,
api.GDALGetRasterBand(&dataset_ptr, current_band));
api.GDALGetRasterBand(&dataset_ptr, current_band));
TRANSACTION_FAIL_IF_NOT(band.value() != nullptr,
"Error getting band from dataset");
sapi::v::RemotePtr band_ptr(band.value());
@ -95,8 +95,9 @@ absl::Status RasterToGTiffProcessor::Main() {
"Error setting color interpretation");
if (band_data.no_data_value.has_value()) {
SAPI_ASSIGN_OR_RETURN(result, api.GDALSetRasterNoDataValue(
&band_ptr, band_data.no_data_value.value()));
SAPI_ASSIGN_OR_RETURN(result,
api.GDALSetRasterNoDataValue(
&band_ptr, band_data.no_data_value.value()));
TRANSACTION_FAIL_IF_NOT(result.value() == CPLErr::CE_None,
"Error setting no data value for the band");

8
oss-internship-2020/jsonnet/examples/jsonnet_base_example.cc
View File

@ -37,14 +37,14 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
std::string in_file_in_sandboxee(JoinPath("/input", Basename(in_file)));
sapi::v::ConstCStr in_file_var(in_file_in_sandboxee.c_str());
SAPI_ASSIGN_OR_RETURN(char* input,
api.c_read_input(false, in_file_var.PtrBefore()));
api.c_read_input(false, in_file_var.PtrBefore()));
// Process jsonnet data.
sapi::v::RemotePtr input_pointer(input);
sapi::v::Int error;
SAPI_ASSIGN_OR_RETURN(char* output, api.c_jsonnet_evaluate_snippet(
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
CHECK(!error.GetValue()) << "Jsonnet code evaluation failed: "
<< error.GetValue() << "\n"
<< "Make sure all files used by your jsonnet file "
@ -62,7 +62,7 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
// Clean up.
SAPI_ASSIGN_OR_RETURN(char* result,
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
SAPI_RETURN_IF_ERROR(api.c_jsonnet_destroy(&vm_pointer));
SAPI_RETURN_IF_ERROR(api.c_free_input(&input_pointer));

8
oss-internship-2020/jsonnet/examples/jsonnet_base_transaction.cc
View File

@ -31,14 +31,14 @@ absl::Status JsonnetTransaction::Main() {
std::string in_file_in_sandboxee(JoinPath("/input", Basename(in_file)));
sapi::v::ConstCStr in_file_var(in_file_in_sandboxee.c_str());
SAPI_ASSIGN_OR_RETURN(char* input,
api.c_read_input(false, in_file_var.PtrBefore()));
api.c_read_input(false, in_file_var.PtrBefore()));
// Process jsonnet data.
sapi::v::RemotePtr input_pointer(input);
sapi::v::Int error;
SAPI_ASSIGN_OR_RETURN(char* output, api.c_jsonnet_evaluate_snippet(
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
TRANSACTION_FAIL_IF_NOT(error.GetValue() == 0,
"Jsonnet code evaluation failed.");
@ -53,7 +53,7 @@ absl::Status JsonnetTransaction::Main() {
// Clean up.
SAPI_ASSIGN_OR_RETURN(char* result,
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
SAPI_RETURN_IF_ERROR(api.c_jsonnet_destroy(&vm_pointer));
SAPI_RETURN_IF_ERROR(api.c_free_input(&input_pointer));

8
oss-internship-2020/jsonnet/examples/jsonnet_formatter_example.cc
View File

@ -71,14 +71,14 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
std::string in_file_in_sandboxee(JoinPath("/input", Basename(in_file)));
sapi::v::ConstCStr in_file_var(in_file_in_sandboxee.c_str());
SAPI_ASSIGN_OR_RETURN(char* input,
api.c_read_input(false, in_file_var.PtrBefore()));
api.c_read_input(false, in_file_var.PtrBefore()));
// Process jsonnet data.
sapi::v::RemotePtr input_pointer(input);
sapi::v::Int error;
SAPI_ASSIGN_OR_RETURN(char* output, api.c_jsonnet_fmt_snippet(
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
CHECK(!error.GetValue()) << "Jsonnet code evaluation failed: "
<< error.GetValue() << "\n";
@ -95,7 +95,7 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
// Clean up.
SAPI_ASSIGN_OR_RETURN(char* result,
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
SAPI_RETURN_IF_ERROR(api.c_jsonnet_destroy(&vm_pointer));
SAPI_RETURN_IF_ERROR(api.c_free_input(&input_pointer));

8
oss-internship-2020/jsonnet/examples/jsonnet_multiple_files_example.cc
View File

@ -74,14 +74,14 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
std::string in_file_in_sandboxee(JoinPath("/input", Basename(in_file)));
sapi::v::ConstCStr in_file_var(in_file_in_sandboxee.c_str());
SAPI_ASSIGN_OR_RETURN(char* input,
api.c_read_input(false, in_file_var.PtrBefore()));
api.c_read_input(false, in_file_var.PtrBefore()));
// Process jsonnet data.
sapi::v::RemotePtr input_pointer(input);
sapi::v::Int error;
SAPI_ASSIGN_OR_RETURN(char* output, api.c_jsonnet_evaluate_snippet_multi(
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
CHECK(!error.GetValue()) << "Jsonnet code evaluation failed: "
<< error.GetValue() << "\n"
<< "Make sure all files used by your jsonnet file "
@ -99,7 +99,7 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
// Clean up.
SAPI_ASSIGN_OR_RETURN(char* result,
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
SAPI_RETURN_IF_ERROR(api.c_jsonnet_destroy(&vm_pointer));
SAPI_RETURN_IF_ERROR(api.c_free_input(&input_pointer));

8
oss-internship-2020/jsonnet/examples/jsonnet_yaml_stream_example.cc
View File

@ -37,14 +37,14 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
std::string in_file_in_sandboxee(JoinPath("/input", Basename(in_file)));
sapi::v::ConstCStr in_file_var(in_file_in_sandboxee.c_str());
SAPI_ASSIGN_OR_RETURN(char* input,
api.c_read_input(false, in_file_var.PtrBefore()));
api.c_read_input(false, in_file_var.PtrBefore()));
// Process jsonnet data.
sapi::v::RemotePtr input_pointer(input);
sapi::v::Int error;
SAPI_ASSIGN_OR_RETURN(char* output, api.c_jsonnet_evaluate_snippet_stream(
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
CHECK(!error.GetValue())
<< "Jsonnet code evaluation failed: " << error.GetValue() << "\n"
<< "Make sure all files used by your jsonnet file are in the same "
@ -62,7 +62,7 @@ absl::Status JsonnetMain(std::string in_file, std::string out_file) {
// Clean up.
SAPI_ASSIGN_OR_RETURN(char* result,
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
SAPI_RETURN_IF_ERROR(api.c_jsonnet_destroy(&vm_pointer));
SAPI_RETURN_IF_ERROR(api.c_free_input(&input_pointer));

31
oss-internship-2020/jsonnet/tests/jsonnet_tests_utils.cc
View File

@ -46,8 +46,8 @@ void JsonnetTestHelper::TestSetUp() {
// Cleans up after a test.
void JsonnetTestHelper::TestTearDown() {
if (jsonnet_vm_was_used_) {
SAPI_ASSERT_OK_AND_ASSIGN(char* result,
api_->c_jsonnet_realloc(vm_.get(), output_.get(), 0));
SAPI_ASSERT_OK_AND_ASSIGN(
char* result, api_->c_jsonnet_realloc(vm_.get(), output_.get(), 0));
}
ASSERT_THAT(api_->c_jsonnet_destroy(vm_.get()), sapi::IsOk());
if (input_was_read_) {
@ -63,7 +63,7 @@ void JsonnetTestHelper::ReadInput(const char* filename) {
sapi::v::ConstCStr in_file_var(input_filename_in_sandboxee_.c_str());
SAPI_ASSERT_OK_AND_ASSIGN(char* input_ptr,
api_->c_read_input(0, in_file_var.PtrBefore()));
api_->c_read_input(0, in_file_var.PtrBefore()));
input_ = absl::make_unique<sapi::v::RemotePtr>(input_ptr);
input_was_read_ = true;
@ -78,23 +78,26 @@ void JsonnetTestHelper::Evaluate_jsonnet_code(Evaluation type,
switch (type) {
case kBase: {
SAPI_ASSERT_OK_AND_ASSIGN(output_ptr, api_->c_jsonnet_evaluate_snippet(
vm_.get(), in_file_var.PtrBefore(),
SAPI_ASSERT_OK_AND_ASSIGN(
output_ptr,
api_->c_jsonnet_evaluate_snippet(vm_.get(), in_file_var.PtrBefore(),
input_.get(), error.PtrAfter()));
break;
}
case kMultipleFiles: {
SAPI_ASSERT_OK_AND_ASSIGN(output_ptr, api_->c_jsonnet_evaluate_snippet_multi(
vm_.get(), in_file_var.PtrBefore(),
input_.get(), error.PtrAfter()));
SAPI_ASSERT_OK_AND_ASSIGN(
output_ptr, api_->c_jsonnet_evaluate_snippet_multi(
vm_.get(), in_file_var.PtrBefore(), input_.get(),
error.PtrAfter()));
break;
}
case kYamlStream: {
SAPI_ASSERT_OK_AND_ASSIGN(output_ptr, api_->c_jsonnet_evaluate_snippet_stream(
vm_.get(), in_file_var.PtrBefore(),
input_.get(), error.PtrAfter()));
SAPI_ASSERT_OK_AND_ASSIGN(
output_ptr, api_->c_jsonnet_evaluate_snippet_stream(
vm_.get(), in_file_var.PtrBefore(), input_.get(),
error.PtrAfter()));
break;
}
}
@ -130,9 +133,9 @@ void JsonnetTestHelper::WriteOutput(const char* filename_or_directory,
case kMultipleFiles: {
std::string out_file_in_sandboxee(std::string("/output/"));
sapi::v::ConstCStr out_file_var(out_file_in_sandboxee.c_str());
SAPI_ASSERT_OK_AND_ASSIGN(success,
api_->c_write_multi_output_files(
output_.get(), out_file_var.PtrBefore(), false));
SAPI_ASSERT_OK_AND_ASSIGN(
success, api_->c_write_multi_output_files(
output_.get(), out_file_var.PtrBefore(), false));
break;
}

38
oss-internship-2020/libarchive/examples/sapi_minitar.cc
View File

@ -106,8 +106,9 @@ absl::Status CreateArchive(const char* initial_filename, int compress,
filename_ptr = nullptr;
}
SAPI_ASSIGN_OR_RETURN(rc, api.archive_write_open_filename(
&a, sapi::v::ConstCStr(filename_ptr).PtrBefore()));
SAPI_ASSIGN_OR_RETURN(rc,
api.archive_write_open_filename(
&a, sapi::v::ConstCStr(filename_ptr).PtrBefore()));
if (rc != ARCHIVE_OK) {
return absl::FailedPreconditionError(
"Unexpected result from write_open_filename call");
@ -139,7 +140,7 @@ absl::Status CreateArchive(const char* initial_filename, int compress,
sapi::v::ConstCStr(absolute_paths[file_idx].c_str()).PtrBefore()));
if (rc != ARCHIVE_OK) {
SAPI_ASSIGN_OR_RETURN(msg, CheckStatusAndGetString(
api.archive_error_string(&disk), sandbox));
api.archive_error_string(&disk), sandbox));
return absl::FailedPreconditionError(msg);
}
@ -160,8 +161,9 @@ absl::Status CreateArchive(const char* initial_filename, int compress,
}
if (rc != ARCHIVE_OK) {
SAPI_ASSIGN_OR_RETURN(msg, CheckStatusAndGetString(
api.archive_error_string(&disk), sandbox));
SAPI_ASSIGN_OR_RETURN(
msg,
CheckStatusAndGetString(api.archive_error_string(&disk), sandbox));
return absl::FailedPreconditionError(msg);
}
@ -209,8 +211,9 @@ absl::Status CreateArchive(const char* initial_filename, int compress,
&entry, sapi::v::ConstCStr(path_name.c_str()).PtrBefore()));
if (verbose) {
SAPI_ASSIGN_OR_RETURN(msg, CheckStatusAndGetString(
api.archive_entry_pathname(&entry), sandbox));
SAPI_ASSIGN_OR_RETURN(
msg, CheckStatusAndGetString(api.archive_entry_pathname(&entry),
sandbox));
std::cout << msg << std::endl;
}
@ -218,7 +221,7 @@ absl::Status CreateArchive(const char* initial_filename, int compress,
if (rc < ARCHIVE_OK) {
SAPI_ASSIGN_OR_RETURN(msg, CheckStatusAndGetString(
api.archive_error_string(&a), sandbox));
api.archive_error_string(&a), sandbox));
std::cout << msg << std::endl;
}
if (rc == ARCHIVE_FATAL) {
@ -256,11 +259,12 @@ absl::Status CreateArchive(const char* initial_filename, int compress,
sandbox.Call("read", &read_ret, &sapi_fd, buff.PtrNone(), &ssize));
while (read_ret.GetValue() > 0) {
SAPI_ASSIGN_OR_RETURN(rc, api.archive_write_data(&a, buff.PtrNone(),
read_ret.GetValue()));
SAPI_ASSIGN_OR_RETURN(
rc,
api.archive_write_data(&a, buff.PtrNone(), read_ret.GetValue()));
SAPI_RETURN_IF_ERROR(sandbox.Call("read", &read_ret, &sapi_fd,
buff.PtrNone(), &ssize));
buff.PtrNone(), &ssize));
}
// sapi_fd variable goes out of scope here so both the local and the
// remote file descriptors are closed.
@ -426,8 +430,9 @@ absl::Status ExtractArchive(const char* filename, int do_extract, int flags,
}
if (verbose || !do_extract) {
SAPI_ASSIGN_OR_RETURN(msg, CheckStatusAndGetString(
api.archive_entry_pathname(&entry), sandbox));
SAPI_ASSIGN_OR_RETURN(
msg,
CheckStatusAndGetString(api.archive_entry_pathname(&entry), sandbox));
std::cout << msg << std::endl;
}
@ -436,7 +441,7 @@ absl::Status ExtractArchive(const char* filename, int do_extract, int flags,
if (rc != ARCHIVE_OK) {
SAPI_ASSIGN_OR_RETURN(msg, CheckStatusAndGetString(
api.archive_error_string(&a), sandbox));
api.archive_error_string(&a), sandbox));
std::cout << msg << std::endl;
} else {
SAPI_ASSIGN_OR_RETURN(rc, CopyData(&a, &ext, api, sandbox));
@ -502,8 +507,9 @@ absl::StatusOr<int> CopyData(sapi::v::RemotePtr* ar, sapi::v::RemotePtr* aw,
sapi::v::RemotePtr buff(buff_ptr_tmp.GetValue());
SAPI_ASSIGN_OR_RETURN(rc, api.archive_write_data_block(
aw, &buff, size.GetValue(), offset.GetValue()));
SAPI_ASSIGN_OR_RETURN(
rc, api.archive_write_data_block(aw, &buff, size.GetValue(),
offset.GetValue()));
if (rc != ARCHIVE_OK) {
SAPI_ASSIGN_OR_RETURN(

13
oss-internship-2020/libpng/examples/example1.cc
View File

@ -32,8 +32,9 @@ absl::Status LibPNGMain(const std::string& infile, const std::string& outfile) {
image.mutable_data()->version = PNG_IMAGE_VERSION;
SAPI_ASSIGN_OR_RETURN(int result, api.png_image_begin_read_from_file(
image.PtrBoth(), infile_var.PtrBefore()));
SAPI_ASSIGN_OR_RETURN(
int result, api.png_image_begin_read_from_file(image.PtrBoth(),
infile_var.PtrBefore()));
if (!result) {
return absl::InternalError(
absl::StrCat("begin read error: ", image.mutable_data()->message));
@ -45,16 +46,16 @@ absl::Status LibPNGMain(const std::string& infile, const std::string& outfile) {
sapi::v::NullPtr null = sapi::v::NullPtr();
SAPI_ASSIGN_OR_RETURN(result,
api.png_image_finish_read(image.PtrBoth(), &null,
buffer.PtrBoth(), 0, &null));
api.png_image_finish_read(image.PtrBoth(), &null,
buffer.PtrBoth(), 0, &null));
if (!result) {
return absl::InternalError(
absl::StrCat("finish read error: ", image.mutable_data()->message));
}
SAPI_ASSIGN_OR_RETURN(result, api.png_image_write_to_file(
image.PtrBoth(), outfile_var.PtrBefore(), 0,
buffer.PtrBoth(), 0, &null));
image.PtrBoth(), outfile_var.PtrBefore(), 0,
buffer.PtrBoth(), 0, &null));
if (!result) {
return absl::InternalError(
absl::StrCat("write error: ", image.mutable_data()->message));

27
oss-internship-2020/libpng/examples/example2.cc
View File

@ -44,7 +44,7 @@ absl::StatusOr<Data> ReadPng(LibPNGApi& api, absl::string_view infile) {
absl::StatusOr<void*> status_or_file;
sapi::v::ConstCStr rb_var("rb");
SAPI_ASSIGN_OR_RETURN(status_or_file,
api.png_fdopen(fd.GetRemoteFd(), rb_var.PtrBefore()));
api.png_fdopen(fd.GetRemoteFd(), rb_var.PtrBefore()));
sapi::v::RemotePtr file(status_or_file.value());
if (!file.GetValue()) {
@ -52,10 +52,11 @@ absl::StatusOr<Data> ReadPng(LibPNGApi& api, absl::string_view infile) {
}
sapi::v::Array<char> header(8);
SAPI_RETURN_IF_ERROR(api.png_fread(header.PtrBoth(), 1, header.GetSize(), &file));
SAPI_RETURN_IF_ERROR(
api.png_fread(header.PtrBoth(), 1, header.GetSize(), &file));
SAPI_ASSIGN_OR_RETURN(int return_value,
api.png_sig_cmp(header.PtrBoth(), 0, header.GetSize()));
api.png_sig_cmp(header.PtrBoth(), 0, header.GetSize()));
if (return_value != 0) {
return absl::InternalError(absl::StrCat(infile, " is not a PNG file"));
}
@ -74,7 +75,7 @@ absl::StatusOr<Data> ReadPng(LibPNGApi& api, absl::string_view infile) {
absl::StatusOr<png_infop> status_or_png_infop;
SAPI_ASSIGN_OR_RETURN(status_or_png_infop,
api.png_create_info_struct(&struct_ptr));
api.png_create_info_struct(&struct_ptr));
sapi::v::RemotePtr info_ptr(status_or_png_infop.value());
if (!info_ptr.GetValue()) {
@ -87,24 +88,26 @@ absl::StatusOr<Data> ReadPng(LibPNGApi& api, absl::string_view infile) {
SAPI_RETURN_IF_ERROR(api.png_read_info(&struct_ptr, &info_ptr));
Data data;
SAPI_ASSIGN_OR_RETURN(data.width, api.png_get_image_width(&struct_ptr, &info_ptr));
SAPI_ASSIGN_OR_RETURN(data.width,
api.png_get_image_width(&struct_ptr, &info_ptr));
SAPI_ASSIGN_OR_RETURN(data.height,
api.png_get_image_height(&struct_ptr, &info_ptr));
api.png_get_image_height(&struct_ptr, &info_ptr));
SAPI_ASSIGN_OR_RETURN(data.color_type,
api.png_get_color_type(&struct_ptr, &info_ptr));
api.png_get_color_type(&struct_ptr, &info_ptr));
SAPI_ASSIGN_OR_RETURN(data.bit_depth,
api.png_get_bit_depth(&struct_ptr, &info_ptr));
api.png_get_bit_depth(&struct_ptr, &info_ptr));
SAPI_ASSIGN_OR_RETURN(data.number_of_passes,
api.png_set_interlace_handling(&struct_ptr));
api.png_set_interlace_handling(&struct_ptr));
SAPI_RETURN_IF_ERROR(api.png_read_update_info(&struct_ptr, &info_ptr));
SAPI_RETURN_IF_ERROR(api.png_setjmp(&struct_ptr));
SAPI_ASSIGN_OR_RETURN(data.rowbytes, api.png_get_rowbytes(&struct_ptr, &info_ptr));
SAPI_ASSIGN_OR_RETURN(data.rowbytes,
api.png_get_rowbytes(&struct_ptr, &info_ptr));
data.row_pointers =
std::make_unique<sapi::v::Array<uint8_t>>(data.height * data.rowbytes);
@ -129,7 +132,7 @@ absl::Status WritePng(LibPNGApi& api, absl::string_view outfile, Data& data) {
absl::StatusOr<void*> status_or_file;
sapi::v::ConstCStr wb_var("wb");
SAPI_ASSIGN_OR_RETURN(status_or_file,
api.png_fdopen(fd.GetRemoteFd(), wb_var.PtrBefore()));
api.png_fdopen(fd.GetRemoteFd(), wb_var.PtrBefore()));
sapi::v::RemotePtr file(status_or_file.value());
if (!file.GetValue()) {
@ -150,7 +153,7 @@ absl::Status WritePng(LibPNGApi& api, absl::string_view outfile, Data& data) {
absl::StatusOr<png_infop> status_or_png_infop;
SAPI_ASSIGN_OR_RETURN(status_or_png_infop,
api.png_create_info_struct(&struct_ptr));
api.png_create_info_struct(&struct_ptr));
sapi::v::RemotePtr info_ptr(status_or_png_infop.value());
if (!info_ptr.GetValue()) {

6
oss-internship-2020/libuv/examples/idle-basic.cc
View File

@ -46,7 +46,8 @@ absl::Status IdleBasic() {
// Get remote pointer to the IdleCallback method
void* function_ptr;
SAPI_RETURN_IF_ERROR(sandbox.rpc_channel()->Symbol("IdleCallback", &function_ptr));
SAPI_RETURN_IF_ERROR(
sandbox.rpc_channel()->Symbol("IdleCallback", &function_ptr));
sapi::v::RemotePtr idle_callback(function_ptr);
// Allocate memory for the uv_idle_t object
@ -69,7 +70,8 @@ absl::Status IdleBasic() {
}
// Start idler
SAPI_ASSIGN_OR_RETURN(return_code, api.sapi_uv_idle_start(&idler, &idle_callback));
SAPI_ASSIGN_OR_RETURN(return_code,
api.sapi_uv_idle_start(&idler, &idle_callback));
if (return_code != 0) {
return absl::UnavailableError("sapi_uv_idle_start returned error " +
return_code);

7
oss-internship-2020/libuv/examples/uvcat.cc
View File

@ -61,7 +61,8 @@ absl::Status UVCat(std::string filearg) {
// Get remote pointer to the open_req variable
void* open_req_voidptr;
SAPI_RETURN_IF_ERROR(sandbox.rpc_channel()->Symbol("open_req", &open_req_voidptr));
SAPI_RETURN_IF_ERROR(
sandbox.rpc_channel()->Symbol("open_req", &open_req_voidptr));
sapi::v::RemotePtr open_req(open_req_voidptr);
// Get default loop
@ -72,8 +73,8 @@ absl::Status UVCat(std::string filearg) {
// Open file using the OnOpen callback (which will also read and print it)
sapi::v::ConstCStr filename(filearg.c_str());
SAPI_ASSIGN_OR_RETURN(return_code,
api.sapi_uv_fs_open(&loop, &open_req, filename.PtrBefore(),
SAPI_ASSIGN_OR_RETURN(
return_code, api.sapi_uv_fs_open(&loop, &open_req, filename.PtrBefore(),
O_RDONLY, 0, &on_open));
if (return_code != 0) {
return absl::UnavailableError("uv_fs_open returned error " + return_code);

9
oss-internship-2020/libuv/tests/test_callback.cc
View File

@ -48,7 +48,8 @@ class UVTestCallback : public ::testing::Test {
// Check sapi_uv_timer_init
void UVTimerInit(sapi::v::Ptr* loop, sapi::v::Ptr* timer) {
SAPI_ASSERT_OK_AND_ASSIGN(int error_code, api_->sapi_uv_timer_init(loop, timer));
SAPI_ASSERT_OK_AND_ASSIGN(int error_code,
api_->sapi_uv_timer_init(loop, timer));
ASSERT_EQ(error_code, 0);
}
@ -63,15 +64,15 @@ class UVTestCallback : public ::testing::Test {
sapi::v::RemotePtr timer_cb(timer_cb_voidptr);
// Set the timer's callback, timeout and repeat
SAPI_ASSERT_OK_AND_ASSIGN(int error_code,
api_->sapi_uv_timer_start(timer, &timer_cb, 0, 0));
SAPI_ASSERT_OK_AND_ASSIGN(
int error_code, api_->sapi_uv_timer_start(timer, &timer_cb, 0, 0));
ASSERT_EQ(error_code, 0);
}
// Check sapi_uv_run
void UVRun(sapi::v::Ptr* loop) {
SAPI_ASSERT_OK_AND_ASSIGN(int error_code,
api_->sapi_uv_run(loop, UV_RUN_DEFAULT));
api_->sapi_uv_run(loop, UV_RUN_DEFAULT));
ASSERT_EQ(error_code, 0);
}

2
oss-internship-2020/libuv/tests/test_error.cc
View File

@ -62,7 +62,7 @@ class UVTestError : public ::testing::Test {
void UVTranslateSysError(int error) {
// Call sapi_uv_translate_sys_error and get error code
SAPI_ASSERT_OK_AND_ASSIGN(int error_code,
api_->sapi_uv_translate_sys_error(error));
api_->sapi_uv_translate_sys_error(error));
// Check that it is equal to expected error code
ASSERT_EQ(error_code, uv_translate_sys_error(error));

2
oss-internship-2020/libuv/tests/test_loop.cc
View File

@ -54,7 +54,7 @@ class UVTestLoop : public ::testing::Test {
// Check sapi_uv_run
void UVRun(sapi::v::Ptr* loop) {
SAPI_ASSERT_OK_AND_ASSIGN(int error_code,
api_->sapi_uv_run(loop, UV_RUN_DEFAULT));
api_->sapi_uv_run(loop, UV_RUN_DEFAULT));
ASSERT_EQ(error_code, 0);
}

8
oss-internship-2020/lodepng/examples/main_unit_test.cc
View File

@ -84,10 +84,10 @@ TEST(LodePngTest, EncodeDecodeOneStep) {
sapi::v::UInt sapi_width, sapi_height;
sapi::v::IntBase<uint8_t*> sapi_image_ptr(0);
SAPI_ASSERT_OK_AND_ASSIGN(result,
api.lodepng_decode32_file(
sapi_image_ptr.PtrBoth(), sapi_width.PtrBoth(),
sapi_height.PtrBoth(), sapi_filename.PtrBefore()));
SAPI_ASSERT_OK_AND_ASSIGN(
result, api.lodepng_decode32_file(
sapi_image_ptr.PtrBoth(), sapi_width.PtrBoth(),
sapi_height.PtrBoth(), sapi_filename.PtrBefore()));
ASSERT_THAT(result, Eq(0)) << "Unexpected result from decode32_file call";

25
sandboxed_api/examples/stringop/main_stringop.cc
View File

@ -27,9 +27,9 @@
#include "sandboxed_api/examples/stringop/lib/stringop-sapi.sapi.h"
#include "sandboxed_api/examples/stringop/lib/stringop_params.pb.h"
#include "sandboxed_api/transaction.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/util/status_matchers.h"
#include "sandboxed_api/vars.h"
#include "sandboxed_api/util/status_macros.h"
using ::sapi::IsOk;
using ::testing::Eq;
@ -48,7 +48,8 @@ TEST(StringopTest, ProtobufStringDuplication) {
proto.set_input("Hello");
sapi::v::Proto<stringop::StringDuplication> pp(proto);
{
SAPI_ASSIGN_OR_RETURN(int return_value, api.pb_duplicate_string(pp.PtrBoth()));
SAPI_ASSIGN_OR_RETURN(int return_value,
api.pb_duplicate_string(pp.PtrBoth()));
TRANSACTION_FAIL_IF_NOT(return_value, "pb_duplicate_string() failed");
}
@ -69,7 +70,8 @@ TEST(StringopTest, ProtobufStringReversal) {
stringop::StringReverse proto;
proto.set_input("Hello");
sapi::v::Proto<stringop::StringReverse> pp(proto);
SAPI_ASSERT_OK_AND_ASSIGN(int return_value, api.pb_reverse_string(pp.PtrBoth()));
SAPI_ASSERT_OK_AND_ASSIGN(int return_value,
api.pb_reverse_string(pp.PtrBoth()));
EXPECT_THAT(return_value, Ne(0)) << "pb_reverse_string() failed";
SAPI_ASSERT_OK_AND_ASSIGN(auto pb_result, pp.GetMessage());
@ -83,7 +85,8 @@ TEST(StringopTest, RawStringDuplication) {
StringopApi api(&sandbox);
sapi::v::LenVal param("0123456789", 10);
SAPI_ASSERT_OK_AND_ASSIGN(int return_value, api.duplicate_string(param.PtrBoth()));
SAPI_ASSERT_OK_AND_ASSIGN(int return_value,
api.duplicate_string(param.PtrBoth()));
EXPECT_THAT(return_value, Eq(1)) << "duplicate_string() failed";
absl::string_view data(reinterpret_cast<const char*>(param.GetData()),
@ -100,7 +103,8 @@ TEST(StringopTest, RawStringReversal) {
sapi::v::LenVal param("0123456789", 10);
{
SAPI_ASSERT_OK_AND_ASSIGN(int return_value, api.reverse_string(param.PtrBoth()));
SAPI_ASSERT_OK_AND_ASSIGN(int return_value,
api.reverse_string(param.PtrBoth()));
EXPECT_THAT(return_value, Eq(1))
<< "reverse_string() returned incorrect value";
absl::string_view data(reinterpret_cast<const char*>(param.GetData()),
@ -120,7 +124,8 @@ TEST(StringopTest, RawStringReversal) {
EXPECT_THAT(data, SizeIs(16)) << "Resize did not behave correctly";
EXPECT_THAT(std::string(data), StrEq("9876543210ABCDEF"));
SAPI_ASSERT_OK_AND_ASSIGN(int return_value, api.reverse_string(param.PtrBoth()));
SAPI_ASSERT_OK_AND_ASSIGN(int return_value,
api.reverse_string(param.PtrBoth()));
EXPECT_THAT(return_value, Eq(1))
<< "reverse_string() returned incorrect value";
data = absl::string_view(reinterpret_cast<const char*>(param.GetData()),
@ -135,7 +140,7 @@ TEST(StringopTest, RawStringLength) {
StringopApi api(&sandbox);
SAPI_ASSERT_OK_AND_ASSIGN(void* target_mem_ptr, api.get_raw_c_string());
SAPI_ASSERT_OK_AND_ASSIGN(size_t len,
sandbox.rpc_channel()->Strlen(target_mem_ptr));
sandbox.rpc_channel()->Strlen(target_mem_ptr));
EXPECT_THAT(len, Eq(10));
}
@ -145,11 +150,11 @@ TEST(StringopTest, RawStringReading) {
StringopApi api(&sandbox);
SAPI_ASSERT_OK_AND_ASSIGN(void* target_mem_ptr, api.get_raw_c_string());
SAPI_ASSERT_OK_AND_ASSIGN(size_t len,
sandbox.rpc_channel()->Strlen(target_mem_ptr));
sandbox.rpc_channel()->Strlen(target_mem_ptr));
EXPECT_THAT(len, Eq(10));
SAPI_ASSERT_OK_AND_ASSIGN(std::string data,
sandbox.GetCString(sapi::v::RemotePtr(target_mem_ptr)));
SAPI_ASSERT_OK_AND_ASSIGN(
std::string data, sandbox.GetCString(sapi::v::RemotePtr(target_mem_ptr)));
EXPECT_THAT(data, StrEq("Ten chars."));
}

6
sandboxed_api/examples/sum/main_sum.cc
View File

@ -157,13 +157,15 @@ absl::Status SumTransaction::Main() {
char buffer[1024] = {0};
sapi::v::Array<char> buf(buffer, sizeof(buffer));
sapi::v::UInt size(128);
SAPI_RETURN_IF_ERROR(sandbox()->Call("read", &ret, &fd2, buf.PtrBoth(), &size));
SAPI_RETURN_IF_ERROR(
sandbox()->Call("read", &ret, &fd2, buf.PtrBoth(), &size));
LOG(INFO) << "Read from /proc/self/comm = [" << buffer << "]";
// Close test.
SAPI_RETURN_IF_ERROR(fd2.CloseRemoteFd(sandbox()->rpc_channel()));
memset(buffer, 0, sizeof(buffer));
SAPI_RETURN_IF_ERROR(sandbox()->Call("read", &ret, &fd2, buf.PtrBoth(), &size));
SAPI_RETURN_IF_ERROR(
sandbox()->Call("read", &ret, &fd2, buf.PtrBoth(), &size));
LOG(INFO) << "Read from closed /proc/self/comm = [" << buffer << "]";
// Pass fd as function arg example.

2
sandboxed_api/sandbox2/BUILD.bazel
View File

@ -601,7 +601,7 @@ cc_library(
":util",
"//sandboxed_api/util:raw_logging",
"//sandboxed_api/util:status",
"//sandboxed_api/util:status_proto",
"//sandboxed_api/util:status_cc_proto",
"//sandboxed_api/util:strerror",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/memory",

4
sandboxed_api/sandbox2/buffer_test.cc
View File

@ -111,7 +111,7 @@ TEST(BufferTest, TestWithSandboxeeMapFd) {
auto policy = BufferTestcasePolicy();
SAPI_ASSERT_OK_AND_ASSIGN(auto buffer,
Buffer::CreateWithSize(1ULL << 20 /* 1MiB */));
Buffer::CreateWithSize(1ULL << 20 /* 1MiB */));
// buffer() uses the internal fd to mmap the buffer.
uint8_t* buf = buffer->data();
// Test that we can write data to the sandboxee.
@ -149,7 +149,7 @@ TEST(BufferTest, TestWithSandboxeeSendRecv) {
ASSERT_THAT(s2.RunAsync(), IsTrue());
SAPI_ASSERT_OK_AND_ASSIGN(auto buffer,
Buffer::CreateWithSize(1ULL << 20 /* 1MiB */));
Buffer::CreateWithSize(1ULL << 20 /* 1MiB */));
uint8_t* buf = buffer->data();
// Test that we can write data to the sandboxee.
buf[0] = 'A';

1
sandboxed_api/sandbox2/comms.cc
View File

@ -44,7 +44,6 @@
#include "sandboxed_api/util/raw_logging.h"
#include "sandboxed_api/util/status.h"
#include "sandboxed_api/util/strerror.h"
#include "sandboxed_api/util/status_macros.h"
#ifdef MEMORY_SANITIZER
#include "base/dynamic_annotations.h"

2
sandboxed_api/sandbox2/comms.h
View File

@ -38,7 +38,7 @@
namespace proto2 {
class Message;
}
} // namespace proto2
namespace sandbox2 {

2
sandboxed_api/sandbox2/examples/custom_fork/BUILD.bazel
View File

@ -31,9 +31,7 @@ cc_binary(
"//sandboxed_api/sandbox2:comms",
"//sandboxed_api/sandbox2:forkserver",
"//sandboxed_api/util:flags",
"//sandboxed_api/util:raw_logging",
"//sandboxed_api/util:runfiles",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/memory",
],
)

2
sandboxed_api/sandbox2/examples/network_proxy/networkproxy_bin.cc
View File

@ -20,8 +20,8 @@
#include "sandboxed_api/sandbox2/comms.h"
#include "sandboxed_api/sandbox2/network_proxy/client.h"
#include "sandboxed_api/util/fileops.h"
#include "sandboxed_api/util/strerror.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/util/strerror.h"
ABSL_FLAG(bool, connect_with_handler, true, "Connect using automatic mode.");

33
sandboxed_api/sandbox2/ipc_test.cc
View File

@ -45,11 +45,12 @@ TEST(IPCTest, MapFDByNamePreExecve) {
auto executor = absl::make_unique<Executor>(path, args);
Comms comms(executor->ipc()->ReceiveFd(kPreferredIpcFd, "ipc_test"));
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 s2(std::move(executor), std::move(policy));
s2.RunAsync();
@ -76,11 +77,12 @@ TEST(IPCTest, MapFDByNamePostExecve) {
executor->set_enable_sandbox_before_exec(false);
Comms comms(executor->ipc()->ReceiveFd(kPreferredIpcFd, "ipc_test"));
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 s2(std::move(executor), std::move(policy));
s2.RunAsync();
@ -103,11 +105,12 @@ TEST(IPCTest, NoMappedFDsPreExecve) {
std::vector<std::string> args = {path, "3"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();

55
sandboxed_api/sandbox2/limits_test.cc
View File

@ -44,11 +44,12 @@ TEST(LimitsTest, RLimitASMmapUnderLimit) {
auto executor = absl::make_unique<sandbox2::Executor>(path, args);
executor->limits()->set_rlimit_as(100ULL << 20); // 100 MiB
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();
@ -62,11 +63,12 @@ TEST(LimitsTest, RLimitASMmapAboveLimit) {
auto executor = absl::make_unique<sandbox2::Executor>(path, args);
executor->limits()->set_rlimit_as(100ULL << 20); // 100 MiB
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();
@ -80,11 +82,12 @@ TEST(LimitsTest, RLimitASAllocaSmallUnderLimit) {
auto executor = absl::make_unique<sandbox2::Executor>(path, args);
executor->limits()->set_rlimit_as(100ULL << 20); // 100 MiB
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();
@ -98,11 +101,12 @@ TEST(LimitsTest, RLimitASAllocaBigUnderLimit) {
auto executor = absl::make_unique<sandbox2::Executor>(path, args);
executor->limits()->set_rlimit_as(100ULL << 20); // 100 MiB
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();
@ -116,11 +120,12 @@ TEST(LimitsTest, RLimitASAllocaBigAboveLimit) {
auto executor = absl::make_unique<sandbox2::Executor>(path, args);
executor->limits()->set_rlimit_as(100ULL << 20); // 100 MiB
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
sandbox2::PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();

9
sandboxed_api/sandbox2/mounts.cc
View File

@ -39,8 +39,8 @@
#include "sandboxed_api/util/fileops.h"
#include "sandboxed_api/util/path.h"
#include "sandboxed_api/util/raw_logging.h"
#include "sandboxed_api/util/strerror.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/util/strerror.h"
namespace sandbox2 {
namespace {
@ -306,9 +306,10 @@ void LogContainer(const std::vector<std::string>& container) {
absl::Status Mounts::AddMappingsForBinary(const std::string& path,
absl::string_view ld_library_path) {
SAPI_ASSIGN_OR_RETURN(auto elf, ElfFile::ParseFromFile(
path, ElfFile::kGetInterpreter |
ElfFile::kLoadImportedLibraries));
SAPI_ASSIGN_OR_RETURN(
auto elf,
ElfFile::ParseFromFile(
path, ElfFile::kGetInterpreter | ElfFile::kLoadImportedLibraries));
const std::string& interpreter = elf.interpreter();
if (interpreter.empty()) {

17
sandboxed_api/sandbox2/mounts_test.cc
View File

@ -94,11 +94,11 @@ TEST(MountTreeTest, TestMultipleInsertionFileSymlink) {
Mounts mounts;
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
CreateNamedTempFileAndClose(
file::JoinPath(GetTestTempPath(), "testdir_")));
CreateNamedTempFileAndClose(
file::JoinPath(GetTestTempPath(), "testdir_")));
SAPI_ASSERT_OK_AND_ASSIGN(std::string symlink_path,
CreateNamedTempFileAndClose(
file::JoinPath(GetTestTempPath(), "testdir_")));
CreateNamedTempFileAndClose(
file::JoinPath(GetTestTempPath(), "testdir_")));
ASSERT_THAT(unlink(symlink_path.c_str()), Eq(0));
ASSERT_THAT(symlink(path.c_str(), symlink_path.c_str()), Eq(0));
@ -111,11 +111,12 @@ TEST(MountTreeTest, TestMultipleInsertionFileSymlink) {
TEST(MountTreeTest, TestMultipleInsertionDirSymlink) {
Mounts mounts;
SAPI_ASSERT_OK_AND_ASSIGN(std::string path, CreateTempDir(file::JoinPath(
GetTestTempPath(), "testdir_")));
SAPI_ASSERT_OK_AND_ASSIGN(
std::string path,
CreateTempDir(file::JoinPath(GetTestTempPath(), "testdir_")));
SAPI_ASSERT_OK_AND_ASSIGN(std::string symlink_path,
CreateNamedTempFileAndClose(
file::JoinPath(GetTestTempPath(), "testdir_")));
CreateNamedTempFileAndClose(
file::JoinPath(GetTestTempPath(), "testdir_")));
ASSERT_THAT(unlink(symlink_path.c_str()), Eq(0));
ASSERT_THAT(symlink(path.c_str(), symlink_path.c_str()), Eq(0));

126
sandboxed_api/sandbox2/namespace_test.cc
View File

@ -53,11 +53,12 @@ TEST(NamespaceTest, FileNamespaceWorks) {
const std::string path = GetTestSourcePath("sandbox2/testcases/namespace");
std::vector<std::string> args = {path, "0", "/binary_path", "/etc/passwd"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.AddFileAt(path, "/binary_path")
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.AddFileAt(path, "/binary_path")
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -76,11 +77,12 @@ TEST(NamespaceTest, ReadOnlyIsRespected) {
// First check that it is readable
std::vector<std::string> args = {path, "0", "/temp_file"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.AddFileAt(name, "/temp_file")
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.AddFileAt(name, "/temp_file")
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -92,11 +94,12 @@ TEST(NamespaceTest, ReadOnlyIsRespected) {
// Then check that it is not writeable
std::vector<std::string> args = {path, "1", "/temp_file"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.AddFileAt(name, "/temp_file")
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.AddFileAt(name, "/temp_file")
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -112,10 +115,11 @@ TEST(NamespaceTest, UserNamespaceWorks) {
std::vector<std::string> args = {path, "2"};
{
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -127,11 +131,12 @@ TEST(NamespaceTest, UserNamespaceWorks) {
// Validate that getpid() does not return 2 when outside of an pid NS.
{
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -148,10 +153,11 @@ TEST(NamespaceTest, UserNamespaceIDMapWritten) {
{
std::vector<std::string> args = {path, "3", "1000", "1000"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -166,11 +172,12 @@ TEST(NamespaceTest, UserNamespaceIDMapWritten) {
const std::string gid = absl::StrCat(getgid());
std::vector<std::string> args = {path, "3", uid, gid};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -186,11 +193,12 @@ TEST(NamespaceTest, RootReadOnly) {
const std::string path = GetTestSourcePath("sandbox2/testcases/namespace");
std::vector<std::string> args = {path, "4", "/tmp/testfile", "/testfile"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.AddTmpfs("/tmp")
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.AddTmpfs("/tmp")
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -204,11 +212,12 @@ TEST(NamespaceTest, RootWritable) {
const std::string path = GetTestSourcePath("sandbox2/testcases/namespace");
std::vector<std::string> args = {path, "4", "/testfile"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.SetRootWritable()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.SetRootWritable()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -233,30 +242,33 @@ class HostnameTest : public testing::Test {
};
TEST_F(HostnameTest, None) {
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
Try("sandbox2", std::move(policy));
EXPECT_EQ(code_, 1);
}
TEST_F(HostnameTest, Default) {
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.TryBuild());
Try("sandbox2", std::move(policy));
EXPECT_EQ(code_, 0);
}
TEST_F(HostnameTest, Configured) {
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.SetHostname("configured")
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all
.DangerDefaultAllowAll()
.SetHostname("configured")
.TryBuild());
Try("configured", std::move(policy));
EXPECT_EQ(code_, 0);
}

2
sandboxed_api/sandbox2/network_proxy/client.cc
View File

@ -28,8 +28,8 @@
#include "absl/status/status.h"
#include "absl/strings/str_cat.h"
#include "sandboxed_api/config.h"
#include "sandboxed_api/util/strerror.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/util/strerror.h"
namespace sandbox2 {

2
sandboxed_api/sandbox2/network_proxy/filtering.cc
View File

@ -22,8 +22,8 @@
#include "absl/strings/numbers.h"
#include "absl/strings/str_cat.h"
#include "absl/strings/str_split.h"
#include "sandboxed_api/util/strerror.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/util/strerror.h"
namespace sandbox2 {

30
sandboxed_api/sandbox2/policybuilder_test.cc
View File

@ -24,6 +24,7 @@
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "absl/memory/memory.h"
#include "absl/status/status.h"
#include "absl/status/statusor.h"
#include "absl/strings/match.h"
#include "absl/strings/str_cat.h"
@ -36,19 +37,6 @@
#include "sandboxed_api/sandbox2/util/bpf_helper.h"
#include "sandboxed_api/testing.h"
#include "sandboxed_api/util/status_matchers.h"
#include "absl/status/status.h"
using ::sapi::GetTestSourcePath;
using ::testing::AllOf;
using ::testing::AnyOf;
using ::testing::Eq;
using ::testing::Gt;
using ::testing::HasSubstr;
using ::testing::Lt;
using ::testing::NotNull;
using ::testing::StartsWith;
using ::testing::StrEq;
using ::sapi::StatusIs;
namespace sandbox2 {
@ -69,6 +57,18 @@ class PolicyBuilderPeer {
namespace {
using ::sapi::GetTestSourcePath;
using ::testing::AllOf;
using ::testing::AnyOf;
using ::testing::Eq;
using ::testing::Gt;
using ::testing::HasSubstr;
using ::testing::Lt;
using ::testing::NotNull;
using ::testing::StartsWith;
using ::testing::StrEq;
using ::sapi::StatusIs;
class PolicyBuilderTest : public testing::Test {
protected:
static std::string Run(std::vector<std::string> args, bool network = false);
@ -149,8 +149,8 @@ TEST_F(PolicyBuilderTest, TestValidateAbsolutePath) {
for (auto const& good_path :
{"/", "/a/b/c/d", "/a/b/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}) {
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
PolicyBuilderPeer::ValidateAbsolutePath(good_path));
SAPI_ASSERT_OK_AND_ASSIGN(
std::string path, PolicyBuilderPeer::ValidateAbsolutePath(good_path));
EXPECT_THAT(path, StrEq(good_path));
}
}

72
sandboxed_api/sandbox2/sandbox2_test.cc
View File

@ -55,11 +55,12 @@ TEST(SandboxCoreDumpTest, AbortWithoutCoreDumpReturnsSignaled) {
};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -77,11 +78,12 @@ TEST(TsyncTest, TsyncNoMemoryChecks) {
auto executor = absl::make_unique<Executor>(path, args);
executor->set_enable_sandbox_before_exec(false);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -104,11 +106,12 @@ TEST(ExecutorTest, ExecutorFdConstructor) {
std::vector<std::string> envs;
auto executor = absl::make_unique<Executor>(fd, args, envs);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -124,10 +127,11 @@ TEST(RunAsyncTest, SandboxeeExternalKill) {
std::vector<std::string> envs;
auto executor = absl::make_unique<Executor>(path, args, envs);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
ASSERT_TRUE(sandbox.RunAsync());
sleep(1);
@ -146,10 +150,11 @@ TEST(RunAsyncTest, SandboxeeTimeoutWithStacktraces) {
std::vector<std::string> envs;
auto executor = absl::make_unique<Executor>(path, args, envs);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
ASSERT_TRUE(sandbox.RunAsync());
sandbox.set_walltime_limit(absl::Seconds(1));
@ -166,11 +171,12 @@ TEST(RunAsyncTest, SandboxeeTimeoutDisabledStacktraces) {
std::vector<std::string> envs;
auto executor = absl::make_unique<Executor>(path, args, envs);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.CollectStacktracesOnTimeout(false)
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.CollectStacktracesOnTimeout(false)
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
ASSERT_TRUE(sandbox.RunAsync());
sandbox.set_walltime_limit(absl::Seconds(1));
@ -187,11 +193,11 @@ TEST(RunAsyncTest, SandboxeeViolationDisabledStacktraces) {
std::vector<std::string> envs;
auto executor = absl::make_unique<Executor>(path, args, envs);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't allow anything - Make sure that we'll crash.
.CollectStacktracesOnViolation(false)
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(
auto policy, PolicyBuilder()
// Don't allow anything - Make sure that we'll crash.
.CollectStacktracesOnViolation(false)
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
ASSERT_TRUE(sandbox.RunAsync());
auto result = sandbox.AwaitResult();

11
sandboxed_api/sandbox2/sanitizer_test.cc
View File

@ -120,11 +120,12 @@ TEST(SanitizerTest, TestSandboxedBinary) {
};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
.DisableNamespaces()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();

12
sandboxed_api/sandbox2/stack_trace_test.cc
View File

@ -181,12 +181,12 @@ TEST(StackTraceTest, SymbolizationTrustedFilesOnly) {
const std::string path = GetTestSourcePath("sandbox2/testcases/symbolize");
std::vector<std::string> args = {path, "2"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, PolicyBuilder{}
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.AddFile(path)
.AddLibrariesForBinary(path)
.TryBuild());
SAPI_ASSERT_OK_AND_ASSIGN(
auto policy, PolicyBuilder{} // Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.AddFile(path)
.AddLibrariesForBinary(path)
.TryBuild());
Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();

2
sandboxed_api/sandbox2/util/maps_parser_test.cc
View File

@ -62,7 +62,7 @@ TEST(MapsParserTest, ParsesValidFileCorrectly) {
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]
)ValidMapsFile"; // NOLINT
SAPI_ASSERT_OK_AND_ASSIGN(std::vector<MapsEntry> entries,
ParseProcMaps(kValidMapsFile));
ParseProcMaps(kValidMapsFile));
EXPECT_THAT(entries.size(), Eq(32));
EXPECT_THAT(entries[0].start, Eq(0x555555554000));
EXPECT_THAT(entries[1].start, Eq(0x55555575b000));

8
sandboxed_api/sandbox2/util/minielf.cc
View File

@ -27,8 +27,8 @@
#include "sandboxed_api/config.h"
#include "sandboxed_api/sandbox2/util.h"
#include "sandboxed_api/util/raw_logging.h"
#include "sandboxed_api/util/strerror.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/util/strerror.h"
namespace host_cpu = ::sapi::host_cpu;
using ::sapi::StrError;
@ -370,7 +370,8 @@ absl::Status ElfParser::ReadSymbolsFromSymtab(const ElfShdr& symtab) {
absl::StrCat("invalid symtab's strtab reference: ", symtab.sh_link));
}
SAPI_RAW_VLOG(1, "Symbol table with %zu entries found", symbol_entries);
SAPI_ASSIGN_OR_RETURN(std::string strtab, ReadSectionContents(symtab.sh_link));
SAPI_ASSIGN_OR_RETURN(std::string strtab,
ReadSectionContents(symtab.sh_link));
SAPI_ASSIGN_OR_RETURN(std::string symbols, ReadSectionContents(symtab));
result_.symbols_.reserve(result_.symbols_.size() + symbol_entries);
for (absl::string_view src = symbols; !src.empty();
@ -441,7 +442,8 @@ absl::Status ElfParser::ReadImportedLibrariesFromDynamic(
absl::StrCat("symtab's strtab too big: ", strtab_section.sh_size));
}
auto strtab_end = strtab_section.sh_offset + strtab_section.sh_size;
SAPI_ASSIGN_OR_RETURN(std::string dynamic_entries, ReadSectionContents(dynamic));
SAPI_ASSIGN_OR_RETURN(std::string dynamic_entries,
ReadSectionContents(dynamic));
for (absl::string_view src = dynamic_entries; !src.empty();
src = src.substr(dynamic.sh_entsize)) {
ElfDyn dyn;

3
sandboxed_api/sandbox2/util/minielf_test.cc
View File

@ -61,7 +61,8 @@ TEST(MinielfTest, SymbolResolutionWorks) {
ASSERT_THAT(
file::GetContents("/proc/self/maps", &maps_buffer, file::Defaults()),
IsOk());
SAPI_ASSERT_OK_AND_ASSIGN(std::vector<MapsEntry> maps, ParseProcMaps(maps_buffer));
SAPI_ASSERT_OK_AND_ASSIGN(std::vector<MapsEntry> maps,
ParseProcMaps(maps_buffer));
// Find maps entry that covers this entry.
uint64_t function_address = reinterpret_cast<uint64_t>(ExportedFunctionName);

11
sandboxed_api/tools/clang_generator/emitter.cc
View File

@ -54,8 +54,8 @@ constexpr absl::string_view kHeaderProlog =
#include "absl/status/status.h"
#include "absl/status/statusor.h"
#include "sandboxed_api/sandbox.h"
#include "sandboxed_api/vars.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/vars.h"
)";
constexpr absl::string_view kHeaderEpilog =
@ -299,8 +299,8 @@ absl::StatusOr<std::string> EmitFunction(const clang::FunctionDecl* decl) {
");\n");
}
}
absl::StrAppend(&out, "\nSAPI_RETURN_IF_ERROR(sandbox_->Call(\"", function_name,
"\", &v_ret_");
absl::StrAppend(&out, "\nSAPI_RETURN_IF_ERROR(sandbox_->Call(\"",
function_name, "\", &v_ret_");
for (const auto& [qual, name] : params) {
absl::StrAppend(&out, ", ", IsPointerOrReference(qual) ? "" : "&v_", name);
}
@ -412,8 +412,9 @@ void Emitter::CollectFunction(clang::FunctionDecl* decl) {
absl::StatusOr<std::string> Emitter::EmitHeader(
const GeneratorOptions& options) {
SAPI_ASSIGN_OR_RETURN(const std::string header,
::sapi::EmitHeader(functions_, rendered_types_, options));
SAPI_ASSIGN_OR_RETURN(
const std::string header,
::sapi::EmitHeader(functions_, rendered_types_, options));
return internal::ReformatGoogleStyle(options.out_file, header);
}

2
sandboxed_api/tools/clang_generator/generator_tool.cc
View File

@ -134,7 +134,7 @@ absl::Status GeneratorMain(int argc, const char** argv) {
SAPI_ASSIGN_OR_RETURN(std::string header, emitter.EmitHeader(options));
SAPI_RETURN_IF_ERROR(sapi::file::SetContents(options.out_file, header,
sapi::file::Defaults()));
sapi::file::Defaults()));
return absl::OkStatus();
}

4
sandboxed_api/transaction.cc
View File

@ -13,6 +13,7 @@
// limitations under the License.
#include "sandboxed_api/transaction.h"
#include "sandboxed_api/util/status_macros.h"
namespace sapi {
@ -26,7 +27,8 @@ absl::Status TransactionBase::RunTransactionFunctionInSandbox(
// Set the wall-time limit for this transaction run, and clean it up
// afterwards, no matter what the result.
SAPI_RETURN_IF_ERROR(sandbox_->SetWallTimeLimit(absl::Seconds(GetTimeLimit())));
SAPI_RETURN_IF_ERROR(
sandbox_->SetWallTimeLimit(absl::Seconds(GetTimeLimit())));
struct TimeCleanup {
~TimeCleanup() {
capture->sandbox_->SetWallTimeLimit(absl::ZeroDuration()).IgnoreError();

1
sandboxed_api/transaction.h
View File

@ -22,7 +22,6 @@
#include "absl/strings/str_cat.h"
#include "absl/time/time.h"
#include "sandboxed_api/sandbox.h"
#include "sandboxed_api/util/status_macros.h"
#define TRANSACTION_FAIL_IF_NOT(x, y) \
if (!(x)) { \

2
sandboxed_api/var_abstract.cc
View File

@ -19,9 +19,9 @@
#include <sys/uio.h>
#include <glog/logging.h>
#include "sandboxed_api/sandbox2/comms.h"
#include "absl/strings/str_cat.h"
#include "sandboxed_api/rpcchannel.h"
#include "sandboxed_api/sandbox2/comms.h"
#include "sandboxed_api/util/status_macros.h"
namespace sapi::v {

2
sandboxed_api/var_array.h
View File

@ -25,10 +25,10 @@
#include "absl/strings/str_cat.h"
#include "absl/strings/string_view.h"
#include "sandboxed_api/rpcchannel.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/var_abstract.h"
#include "sandboxed_api/var_pointable.h"
#include "sandboxed_api/var_ptr.h"
#include "sandboxed_api/util/status_macros.h"
namespace sapi::v {

1
sandboxed_api/var_int.cc
View File

@ -13,6 +13,7 @@
// limitations under the License.
#include "sandboxed_api/var_int.h"
#include "sandboxed_api/rpcchannel.h"
#include "sandboxed_api/util/status_macros.h"

5
sandboxed_api/var_lenval.cc
View File

@ -12,15 +12,14 @@
// See the License for the specific language governing permissions and
// limitations under the License.
// Implementation of sapi::v::LenVal.
#include "sandboxed_api/var_lenval.h"
#include <sys/uio.h>
#include <glog/logging.h>
#include "sandboxed_api/sandbox2/comms.h"
#include "sandboxed_api/rpcchannel.h"
#include "sandboxed_api/sandbox2/comms.h"
#include "sandboxed_api/util/status_macros.h"
namespace sapi::v {

2
sandboxed_api/var_proto.h
View File

@ -25,10 +25,10 @@
#include "absl/memory/memory.h"
#include "absl/status/statusor.h"
#include "sandboxed_api/proto_helper.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/var_lenval.h"
#include "sandboxed_api/var_pointable.h"
#include "sandboxed_api/var_ptr.h"
#include "sandboxed_api/util/status_macros.h"
namespace sapi::v {