Move abort into ExecuteProcess and mark it noreturn

PiperOrigin-RevId: 518528953
Change-Id: Ieaa03af484188bb35f9734d69d987eabbdcc23ab

sandboxed_api/sandbox2/BUILD.bazel

@@ -602,13 +602,13 @@ cc_library(
         "//sandboxed_api/util:fileops",
         "//sandboxed_api/util:raw_logging",
         "//sandboxed_api/util:strerror",
+        "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/container:flat_hash_map",
         "@com_google_absl//absl/container:flat_hash_set",
         "@com_google_absl//absl/log",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/status:statusor",
         "@com_google_absl//absl/strings",
-        "@com_google_absl//absl/strings:str_format",
         "@org_kernel_libcap//:libcap",
     ],
 )

sandboxed_api/sandbox2/CMakeLists.txt

@@ -543,29 +543,30 @@ add_library(sandbox2_forkserver ${SAPI_LIB_TYPE}
   forkserver.h
 )
 add_library(sandbox2::forkserver ALIAS sandbox2_forkserver)
-target_link_libraries(sandbox2_forkserver PRIVATE
+target_link_libraries(sandbox2_forkserver
-  absl::flat_hash_map
+  PRIVATE absl::flat_hash_map
-  absl::flat_hash_set
+          absl::flat_hash_set
-  absl::status
+          absl::status
-  absl::statusor
+          absl::statusor
-  absl::str_format
+          absl::strings
-  absl::strings
+          libcap::libcap
-  libcap::libcap
+          sandbox2::bpf_helper
-  sandbox2::bpf_helper
+          sandbox2::client
-  sandbox2::client
+          sandbox2::comms
-  sandbox2::comms
+          sapi::fileops
-  sapi::fileops
+          sandbox2::fork_client
-  sandbox2::fork_client
+          sandbox2::forkserver_proto
-  sandbox2::forkserver_proto
+          sandbox2::namespace
-  sandbox2::namespace
+          sandbox2::policy
-  sandbox2::policy
+          sapi::strerror
-  sapi::strerror
+          sandbox2::sanitizer
-  sandbox2::sanitizer
+          sandbox2::syscall
-  sandbox2::syscall
+          sandbox2::unwind
-  sandbox2::unwind
+          sandbox2::util
-  sandbox2::util
+          sapi::base
-  sapi::base
+          sapi::raw_logging
-  sapi::raw_logging
+  PUBLIC absl::core_headers
+         absl::log
 )
 
 # sandboxed_api/sandbox2:fork_client

sandboxed_api/sandbox2/forkserver.cc

@@ -43,7 +43,6 @@
 #include "absl/status/statusor.h"
 #include "absl/strings/match.h"
 #include "absl/strings/str_cat.h"
-#include "absl/strings/str_format.h"
 #include "absl/strings/str_join.h"
 #include "absl/strings/str_split.h"
 #include "libcap/include/sys/capability.h"
@@ -378,13 +377,11 @@ void ForkServer::LaunchChild(const ForkRequest& request, int execve_fd,
     } else {
       ExecuteProcess(execve_fd, argv.data(), envp.data());
     }
-    abort();
   }
 
   if (will_execve) {
     ExecuteProcess(execve_fd, util::CharPtrArray::FromStringVector(args).data(),
                    util::CharPtrArray::FromStringVector(envs).data());
-    abort();
   }
 }
 
@@ -643,6 +640,7 @@ void ForkServer::ExecuteProcess(int execve_fd, const char* const* argv,
   }
 
   util::Syscall(__NR_exit_group, EXIT_FAILURE);
+  abort();
 }
 
 void ForkServer::InitializeNamespaces(const ForkRequest& request, uid_t uid,

sandboxed_api/sandbox2/forkserver.h

@@ -23,6 +23,7 @@
 #include <string>
 #include <vector>
 
+#include "absl/base/attributes.h"
 #include "absl/log/log.h"
 
 namespace sandbox2 {
@@ -73,7 +74,7 @@ class ForkServer {
 
   // Executes the sandboxee, or exit with Executor::kFailedExecve.
   static void ExecuteProcess(int execve_fd, const char* const* argv,
-                             const char* const* envp);
+                             const char* const* envp) ABSL_ATTRIBUTE_NORETURN;
 
   // Runs namespace initializers for a sandboxee.
   static void InitializeNamespaces(const ForkRequest& request, uid_t uid,