StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Added sandbox policy for extract function

Browse Source
This commit is contained in:
Andrei Medar 2020-09-16 15:57:31 +00:00
parent 9ec90b741c
commit 7e24ee2232
6 changed files with 237 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
oss-internship-2020/sapi_libarchive/examples/CMakeLists.txt
View File

@ -23,6 +23,7 @@ target_link_libraries(helpers PUBLIC
sandbox2::fileops
sandbox2::util
sandbox2::file_base
sandbox2::executor
glog::glog
libarchive_sapi
)

30
oss-internship-2020/sapi_libarchive/examples/helpers.cc
View File

@ -2,7 +2,8 @@
#include "helpers.h"
std::string MakeAbsolutePathAtCWD(std::string path) {
std::string result = sandbox2::file_util::fileops::MakeAbsolute(path, sandbox2::file_util::fileops::GetCWD());
std::string result = sandbox2::file_util::fileops::MakeAbsolute(
path, sandbox2::file_util::fileops::GetCWD());
CHECK(result != "") << "Could not create absolute path for: " << path;
return sandbox2::file::CleanPath(result);
}
@ -14,30 +15,33 @@ std::vector<std::string> MakeAbsolutePathsVec(char *argv[]) {
return arr;
}
// std::string GetErrorString(sapi::v::Ptr *archive, LibarchiveSandbox &sandbox, LibarchiveApi &api) {
// std::string GetErrorString(sapi::v::Ptr *archive, LibarchiveSandbox &sandbox,
// LibarchiveApi &api) {
// sapi::StatusOr<char *> ret = api.archive_error_string(archive);
// CHECK(ret.ok() && ret) << "Could not get error message";
// sapi::StatusOr<std::string> ret2 = sandbox.GetCString(sapi::v::RemotePtr(ret.value()));
// CHECK(ret.ok()) << "Could not transfer error message";
// return ret2.value();
// sapi::StatusOr<std::string> ret2 =
// sandbox.GetCString(sapi::v::RemotePtr(ret.value())); CHECK(ret.ok()) <<
// "Could not transfer error message"; return ret2.value();
// }
std::string CheckStatusAndGetString(const sapi::StatusOr<char *> &status, LibarchiveSandbox &sandbox) {
std::string CheckStatusAndGetString(const sapi::StatusOr<char *> &status,
LibarchiveSandbox &sandbox) {
CHECK(status.ok() && status.value() != NULL) << "Could not get error message";
sapi::StatusOr<std::string> ret = sandbox.GetCString(sapi::v::RemotePtr(status.value()));
sapi::StatusOr<std::string> ret =
sandbox.GetCString(sapi::v::RemotePtr(status.value()));
CHECK(ret.ok()) << "Could not transfer error message";
return ret.value();
}
// std::string CallFunctionAndGetString(sapi::v::Ptr *archive, LibarchiveSandbox &sandbox,
// LibarchiveApi *api, sapi::StatusOr<char *> (LibarchiveApi::*func)(sapi::v::Ptr *)) {
// std::string CallFunctionAndGetString(sapi::v::Ptr *archive, LibarchiveSandbox
// &sandbox, LibarchiveApi *api, sapi::StatusOr<char *>
// (LibarchiveApi::*func)(sapi::v::Ptr *)) {
// sapi::StatusOr<char *> ret = (api->*func)(archive);
// CHECK(ret.ok() && ret) << "Could not get error message";
// sapi::StatusOr<std::string> ret2 = sandbox.GetCString(sapi::v::RemotePtr(ret.value()));
// CHECK(ret.ok()) << "Could not transfer error message";
// return ret2.value();
// sapi::StatusOr<std::string> ret2 =
// sandbox.GetCString(sapi::v::RemotePtr(ret.value())); CHECK(ret.ok()) <<
// "Could not transfer error message"; return ret2.value();
// }

24
oss-internship-2020/sapi_libarchive/examples/helpers.h
View File

@ -2,30 +2,30 @@
#define SAPI_LIBARCHIVE_HELPERS_H
#include <glog/logging.h>
#include "libarchive_sapi.sapi.h"
#include "sandboxed_api/sandbox2/util.h"
#include "sandboxed_api/sandbox2/util/fileops.h"
#include "sandboxed_api/sandbox2/util/path.h"
#include "libarchive_sapi.sapi.h"
// Used to convert the paths provided as arguments for the program
// (the paths used) to an array of absolute paths. This allows the user
// to use either relative or absolute paths
std::vector<std::string> MakeAbsolutePathsVec(char *argv[]);
// Converts only one string to an absolute path by prepending the current working
// directory to the relative path
// Converts only one string to an absolute path by prepending the current
// working directory to the relative path
std::string MakeAbsolutePathAtCWD(std::string path);
// Calls the archive_error_string and returns the mesage after it was transferred
// to the client process.
// std::string GetErrorString(sapi::v::Ptr *archive, LibarchiveSandbox &sandbox, LibarchiveApi &api);
// Calls the archive_error_string and returns the mesage after it was
// transferred to the client process. std::string GetErrorString(sapi::v::Ptr
// *archive, LibarchiveSandbox &sandbox, LibarchiveApi &api);
std::string CheckStatusAndGetString(const sapi::StatusOr<char *> &status,
LibarchiveSandbox &sandbox);
std::string CheckStatusAndGetString(const sapi::StatusOr<char *> &status, LibarchiveSandbox &sandbox);
// std::string CallFunctionAndGetString(sapi::v::Ptr *archive, LibarchiveSandbox &sandbox,
// LibarchiveApi *api, sapi::StatusOr<char *> (LibarchiveApi::*func)(sapi::v::Ptr *));
// std::string CallFunctionAndGetString(sapi::v::Ptr *archive, LibarchiveSandbox
// &sandbox, LibarchiveApi *api, sapi::StatusOr<char *>
// (LibarchiveApi::*func)(sapi::v::Ptr *));
#endif // SAPI_LIBARCHIVE_HELPERS_H

17
oss-internship-2020/sapi_libarchive/examples/sandbox.h
View File

@ -20,7 +20,8 @@ class SapiLibarchiveSandboxCreate : public LibarchiveSandbox {
class SapiLibarchiveSandboxExtract : public LibarchiveSandbox {
public:
// TODO
explicit SapiLibarchiveSandboxExtract(const std::string &archive_path, const int do_extract)
explicit SapiLibarchiveSandboxExtract(const std::string& archive_path,
const int do_extract)
: archive_path_(archive_path), do_extract_(do_extract) {}
private:
@ -28,14 +29,19 @@ class SapiLibarchiveSandboxExtract : public LibarchiveSandbox {
// TODO create /output/ + chdir here if do_execute
if (do_extract_) {
// TODO change the directory
std::cout << "inside executor do extract" << std::endl;
} else {
// Do nothing since we do not need to create any files
std::cout << "changing dir" << std::endl;
if (!sandbox2::file_util::fileops::Exists("/output", false)) {
CHECK(sandbox2::util::CreateDirRecursive("/output", 644))
<< "Could not create /output directory";
}
executor = &executor->set_cwd("/output");
}
}
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
sandbox2::PolicyBuilder*) override {
// TODO no auto
auto policy = sandbox2::PolicyBuilder()
.AllowRead()
.AllowWrite()
@ -56,7 +62,8 @@ class SapiLibarchiveSandboxExtract : public LibarchiveSandbox {
if (do_extract_) {
// map "/output/" to cwd
std::cout << "do extract inside policy" << std::endl;
policy = policy.AddDirectoryAt(sandbox2::file_util::fileops::GetCWD(),
"/output", false);
}
return policy.BuildOrDie();
}

1
oss-internship-2020/sapi_libarchive/examples/sapi_example.cc
View File

@ -13,6 +13,5 @@ int main() {
std::cout << "OK" << std::endl;
}
return 0;
}

117
oss-internship-2020/sapi_libarchive/examples/sapi_minitar.cc
View File

@ -125,7 +125,8 @@ static void create(const char *filename, int compress, const char **argv);
#endif
static void errmsg(const char *);
static void extract(const char *filename, int do_extract, int flags);
static int copy_data(struct archive *, struct archive *);
static int copy_data(sapi::v::RemotePtr *ar, sapi::v::RemotePtr *aw,
LibarchiveApi &api, SapiLibarchiveSandboxExtract &sandbox);
static void msg(const char *);
static void usage(void);
@ -259,71 +260,78 @@ static void extract(const char *filename, int do_extract, int flags) {
sapi::StatusOr<int> ret2;
ret2 = api.archive_write_disk_set_options(&ext_ptr, flags);
CHECK(ret2.ok()) << "write_disk_set_options call failed";
CHECK(ret2.value() != ARCHIVE_FATAL) << "Unexpected result from write_disk_set_options call";
CHECK(ret2.value() != ARCHIVE_FATAL)
<< "Unexpected result from write_disk_set_options call";
#ifndef NO_BZIP2_EXTRACT
ret2 = api.archive_read_support_filter_bzip2(&a_ptr);
CHECK(ret2.ok()) << "read_support_filter_bzip2 call failed";
CHECK(ret2.value() != ARCHIVE_FATAL) << "Unexpected result from read_support_filter_bzip2 call";
CHECK(ret2.value() != ARCHIVE_FATAL)
<< "Unexpected result from read_support_filter_bzip2 call";
#endif
#ifndef NO_GZIP_EXTRACT
ret2 = api.archive_read_support_filter_gzip(&a_ptr);
CHECK(ret2.ok()) << "read_suppport_filter_gzip call failed";
CHECK(ret2.value() != ARCHIVE_FATAL) << "Unexpected result from read_suppport_filter_gzip call";
CHECK(ret2.value() != ARCHIVE_FATAL)
<< "Unexpected result from read_suppport_filter_gzip call";
#endif
#ifndef NO_COMPRESS_EXTRACT
ret2 = api.archive_read_support_filter_compress(&a_ptr);
CHECK(ret2.ok()) << "read_support_filter_compress call failed";
CHECK(ret2.value() != ARCHIVE_FATAL) << "Unexpected result from read_support_filter_compress call";
CHECK(ret2.value() != ARCHIVE_FATAL)
<< "Unexpected result from read_support_filter_compress call";
#endif
#ifndef NO_TAR_EXTRACT
ret2 = api.archive_read_support_format_tar(&a_ptr);
CHECK(ret2.ok()) << "read_support_format_tar call failed";
CHECK(ret2.value() != ARCHIVE_FATAL) << "Unexpected result fromread_support_format_tar call";
CHECK(ret2.value() != ARCHIVE_FATAL)
<< "Unexpected result fromread_support_format_tar call";
#endif
#ifndef NO_CPIO_EXTRACT
ret2 = api.archive_read_support_format_cpio(&a_ptr);
CHECK(ret2.ok()) << "read_support_format_cpio call failed";
CHECK(ret2.value() != ARCHIVE_FATAL) << "Unexpected result from read_support_format_tar call";
CHECK(ret2.value() != ARCHIVE_FATAL)
<< "Unexpected result from read_support_format_tar call";
#endif
#ifndef NO_LOOKUP
ret2 = api.archive_write_disk_set_standard_lookup(&ext_ptr);
CHECK(ret2.ok()) << "write_disk_set_standard_lookup call failed";
CHECK(ret2.value() != ARCHIVE_FATAL) << "Unexpected result from write_disk_set_standard_lookup call";
CHECK(ret2.value() != ARCHIVE_FATAL)
<< "Unexpected result from write_disk_set_standard_lookup call";
#endif
if (filename != NULL && strcmp(filename, "-") == 0)
filename = NULL;
if (filename != NULL && strcmp(filename, "-") == 0) filename = NULL;
sapi::v::ConstCStr sapi_filename(filename_absolute.c_str());
std::cout << "opening filename" << std::endl;
ret2 = api.archive_read_open_filename(&a_ptr, sapi_filename.PtrBefore(), 10240);
ret2 =
api.archive_read_open_filename(&a_ptr, sapi_filename.PtrBefore(), 10240);
CHECK(ret2.ok()) << "read_open_filename call failed";
// CHECK(!ret2.value()) << GetErrorString(&a_ptr, sandbox, api);
CHECK(!ret2.value()) << CheckStatusAndGetString(api.archive_error_string(&a_ptr), sandbox);
// CHECK(!ret2.value()) << CallFunctionAndGetString(&a_ptr, sandbox, &api, &api.archive_error_string);
sapi::v::IntBase<struct archive_entry *> entry_ptr_tmp(0);
CHECK(!ret2.value()) << CheckStatusAndGetString(
api.archive_error_string(&a_ptr), sandbox);
// CHECK(!ret2.value()) << CallFunctionAndGetString(&a_ptr, sandbox, &api,
// &api.archive_error_string);
for (;;) {
int needcr = 0;
std::cout << "================reading headers==============" << std::endl;
sapi::v::IntBase<struct archive_entry *> entry_ptr_tmp(0);
ret2 = api.archive_read_next_header(&a_ptr, entry_ptr_tmp.PtrBoth());
// std::cout << "val = " << ret2.value() << std::endl;
CHECK(ret2.ok()) << "read_next_header call failed";
// CHECK(ret2.value() != ARCHIVE_OK) << GetErrorString(&a_ptr, sandbox, api);
// CHECK(ret2.value() != ARCHIVE_OK) << GetErrorString(&a_ptr, sandbox,
// api);
if (ret2.value() == ARCHIVE_EOF) {
break;
}
CHECK(ret2.value() == ARCHIVE_OK) << CheckStatusAndGetString(api.archive_error_string(&a_ptr), sandbox);
CHECK(ret2.value() == ARCHIVE_OK)
<< CheckStatusAndGetString(api.archive_error_string(&a_ptr), sandbox);
sapi::v::RemotePtr entry_ptr(entry_ptr_tmp.GetValue());
@ -331,17 +339,34 @@ static void extract(const char *filename, int do_extract, int flags) {
std::cout << "x ";
}
if (verbose || !do_extract) {
std::cout << CheckStatusAndGetString(api.archive_entry_pathname(&entry_ptr), sandbox) << " ";
std::cout << CheckStatusAndGetString(
api.archive_entry_pathname(&entry_ptr), sandbox)
<< " ";
needcr = 1;
}
std::cout << "qqqqq" << std::endl;
if (do_extract) {
std::cout << "EXTRACT HERE";
std::cout << "EXTRACT HERE" << std::endl;
ret2 = api.archive_write_header(&ext_ptr, &entry_ptr);
CHECK(ret2.ok()) << "write_header call faield";
std::cout << "val = " << ret2.value() << std::endl;
if (ret2.value() != ARCHIVE_OK) {
std::cout << CheckStatusAndGetString(api.archive_error_string(&a_ptr),
sandbox);
needcr = 1;
} else if (copy_data(&a_ptr, &ext_ptr, api, sandbox) != ARCHIVE_OK) {
needcr = 1;
}
}
// use the needcr stuff here TODO
if (needcr) {
std::cout << std::endl;
}
}
std::cout << "out of loop" << std::endl;
@ -354,20 +379,52 @@ static void extract(const char *filename, int do_extract, int flags) {
CHECK(ret2.ok()) << "read_free call failed";
CHECK(!ret2.value()) << "Unexpected result from read_free call";
ret2 = api.archive_write_close(&ext_ptr);
CHECK(ret2.ok()) << "write_close call failed";
CHECK(!ret2.value()) << "Unexpected result from write_close call";
ret2 = api.archive_write_free(&ext_ptr);
CHECK(ret2.ok()) << "write_free call failed";
CHECK(!ret2.value()) << "Unexpected result from write_free call";
}
static int copy_data(struct archive *ar, struct archive *aw) {
return 0;
static int copy_data(sapi::v::RemotePtr *ar, sapi::v::RemotePtr *aw,
LibarchiveApi &api,
SapiLibarchiveSandboxExtract &sandbox) {
std::cout << "CALL COPY_DATA XXXXXXXXXXXX\n";
sapi::StatusOr<int> ret;
sapi::v::IntBase<struct archive_entry *> buff_ptr_tmp(0);
sapi::v::ULLong size;
sapi::v::SLLong offset;
for (;;) {
ret = api.archive_read_data_block(ar, buff_ptr_tmp.PtrBoth(),
size.PtrBoth(), offset.PtrBoth());
CHECK(ret.ok()) << "read_data_block call failed";
if (ret.value() == ARCHIVE_EOF) {
return ARCHIVE_OK;
}
if (ret.value() != ARCHIVE_OK) {
std::cout << CheckStatusAndGetString(api.archive_error_string(ar),
sandbox);
return ret.value();
}
sapi::v::RemotePtr buff_ptr(buff_ptr_tmp.GetValue());
ret = api.archive_write_data_block(aw, &buff_ptr, size.GetValue(),
offset.GetValue());
CHECK(ret.ok()) << "write_data_block call failed";
if (ret.value() != ARCHIVE_OK) {
std::cout << CheckStatusAndGetString(api.archive_error_string(ar),
sandbox);
return ret.value();
}
}
}
static void msg(const char *m) { write(1, m, strlen(m)); }