mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Merge branch 'main' into cmake_quote
This commit is contained in:
commit
99f1ce93ba
53
.github/workflows/fedora-cmake.yml
vendored
53
.github/workflows/fedora-cmake.yml
vendored
|
@ -13,36 +13,55 @@ jobs:
|
|||
include:
|
||||
- container: fedora:35
|
||||
compiler: gcc # GCC 11
|
||||
ignore-errors: false
|
||||
# TODO(cblichmann): Add clang-13 build to matrix (currently fails)
|
||||
ignore-errors: true # Stack trace test fails on Fedora (issue #118)
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: ${{ matrix.ignore-errors }}
|
||||
|
||||
container:
|
||||
image: ${{ matrix.container }}
|
||||
env:
|
||||
RUN_CMD: docker exec --tty ${{matrix.compiler}}-build-container
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Prepare container
|
||||
# Note: For the sandbox tests to work, we need a privileged, unconfined
|
||||
# container that retains its capabilities.
|
||||
run: |
|
||||
docker run --name ${{matrix.compiler}}-build-container \
|
||||
--tty \
|
||||
--privileged \
|
||||
--cap-add ALL \
|
||||
--security-opt apparmor:unconfined \
|
||||
-v $GITHUB_WORKSPACE:$GITHUB_WORKSPACE \
|
||||
-e TERM=dumb \
|
||||
-e BUILD_TYPE \
|
||||
-e GITHUB_WORKSPACE \
|
||||
-d ${{matrix.container}} \
|
||||
sleep infinity
|
||||
|
||||
- name: Install build tools
|
||||
run: |
|
||||
dnf update -y
|
||||
dnf install -y git make automake patch glibc-static libstdc++-static \
|
||||
cmake ninja-build python3 python3-pip clang-devel libcap-devel
|
||||
|
||||
- name: Install/configure Clang compiler toolchain
|
||||
if: matrix.compiler == 'clang'
|
||||
run: |
|
||||
echo "CXX=clang++" >> $GITHUB_ENV
|
||||
echo "CC=clang" >> $GITHUB_ENV
|
||||
$RUN_CMD dnf update -y --quiet
|
||||
$RUN_CMD dnf install -y --quiet git make automake patch glibc-static \
|
||||
libstdc++-static cmake ninja-build python3 python3-pip clang-devel \
|
||||
libcap-devel
|
||||
|
||||
- name: Create Build Environment
|
||||
run: |
|
||||
pip3 install absl-py clang
|
||||
cmake -E make_directory $GITHUB_WORKSPACE/build
|
||||
$RUN_CMD pip3 install --progress-bar=off absl-py clang
|
||||
$RUN_CMD cmake -E make_directory $GITHUB_WORKSPACE/build
|
||||
|
||||
- name: Configure CMake
|
||||
run: cmake $GITHUB_WORKSPACE -G Ninja -DCMAKE_BUILD_TYPE=$BUILD_TYPE
|
||||
run: |
|
||||
$RUN_CMD cmake -S $GITHUB_WORKSPACE -B $GITHUB_WORKSPACE/build \
|
||||
-G Ninja -DCMAKE_BUILD_TYPE=$BUILD_TYPE
|
||||
|
||||
- name: Build
|
||||
run: cmake --build $GITHUB_WORKSPACE --config $BUILD_TYPE
|
||||
run: |
|
||||
$RUN_CMD cmake --build $GITHUB_WORKSPACE/build --config $BUILD_TYPE
|
||||
|
||||
- name: Test
|
||||
run: |
|
||||
$RUN_CMD ctest --test-dir $GITHUB_WORKSPACE/build -C $BUILD_TYPE \
|
||||
--output-on-failure \
|
||||
-R SapiTest
|
||||
|
|
18
.github/workflows/ubuntu-cmake.yml
vendored
18
.github/workflows/ubuntu-cmake.yml
vendored
|
@ -62,17 +62,17 @@ jobs:
|
|||
- name: Create Build Environment
|
||||
run: |
|
||||
pip3 install absl-py clang
|
||||
cmake -E make_directory ${{runner.workspace}}/build
|
||||
cmake -E make_directory $GITHUB_WORKSPACE/build
|
||||
|
||||
- name: Configure CMake
|
||||
working-directory: ${{runner.workspace}}/build
|
||||
run: cmake $GITHUB_WORKSPACE -G Ninja -DCMAKE_BUILD_TYPE=$BUILD_TYPE
|
||||
run: |
|
||||
cmake $GITHUB_WORKSPACE -G Ninja -DCMAKE_BUILD_TYPE=$BUILD_TYPE
|
||||
|
||||
- name: Build
|
||||
working-directory: ${{runner.workspace}}/build
|
||||
run: cmake --build . --config $BUILD_TYPE
|
||||
run: |
|
||||
cmake --build $GITHUB_WORKSPACE --config $BUILD_TYPE
|
||||
|
||||
# TODO(cblichmann): Before enabling this, make sure all OSS tests pass
|
||||
#- name: Test
|
||||
# working-directory: ${{runner.workspace}}/build
|
||||
# run: ctest -C $BUILD_TYPE
|
||||
- name: Test
|
||||
run: |
|
||||
ctest $GITHUB_WORKSPACE -C $BUILD_TYPE --output-on-failure \
|
||||
-R SapiTest
|
||||
|
|
3
.gitmodules
vendored
3
.gitmodules
vendored
|
@ -4,9 +4,6 @@
|
|||
[submodule "oss-internship-2020/openjpeg/openjpeg"]
|
||||
path = oss-internship-2020/openjpeg/openjpeg
|
||||
url = https://github.com/uclouvain/openjpeg.git
|
||||
[submodule "oss-internship-2020/pffft/master"]
|
||||
path = oss-internship-2020/pffft/master
|
||||
url = https://bitbucket.org/jpommier/pffft/src/master/
|
||||
[submodule "oss-internship-2020/gdal/gdal"]
|
||||
path = oss-internship-2020/gdal/gdal
|
||||
url = https://github.com/OSGeo/gdal/
|
||||
|
|
|
@ -14,6 +14,10 @@
|
|||
|
||||
cmake_minimum_required(VERSION 3.13..3.22)
|
||||
|
||||
if(POLICY CMP0083)
|
||||
cmake_policy(SET CMP0083 NEW)
|
||||
endif()
|
||||
|
||||
project(SandboxedAPI C CXX ASM)
|
||||
|
||||
# TODO(cblichmann): Enable for Android once support lands
|
||||
|
@ -44,7 +48,18 @@ endif()
|
|||
|
||||
include(CheckCXXCompilerFlag)
|
||||
|
||||
# Sapi CMake modules, order matters
|
||||
# Allow the header generator to auto-configure include paths
|
||||
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
|
||||
|
||||
set(CMAKE_SKIP_BUILD_RPATH ON)
|
||||
|
||||
if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.14)
|
||||
include(CheckPIESupported)
|
||||
check_pie_supported()
|
||||
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
|
||||
endif()
|
||||
|
||||
# SAPI CMake modules, order matters
|
||||
list(APPEND CMAKE_MODULE_PATH "${SAPI_SOURCE_DIR}/cmake"
|
||||
"${SAPI_SOURCE_DIR}/cmake/modules")
|
||||
include(SapiOptions)
|
||||
|
@ -53,9 +68,6 @@ include(SapiUtil)
|
|||
include(SapiBuildDefs)
|
||||
include(GNUInstallDirs)
|
||||
|
||||
# Allow the header generator to auto-configure include paths
|
||||
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
|
||||
|
||||
if(SAPI_HARDENED_SOURCE)
|
||||
add_compile_options(-fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2)
|
||||
add_link_options(-Wl,-z,relro -Wl,-z,now)
|
||||
|
@ -76,7 +88,7 @@ configure_file(cmake/libcap_capability.h.in
|
|||
|
||||
# Library with basic project settings. The empty file is there to be able to
|
||||
# define header-only libraries without cumbersome target_sources() hacks.
|
||||
file(WRITE ${SAPI_BINARY_DIR}/sapi_base_force_cxx_linkage.cc "")
|
||||
file(WRITE "${SAPI_BINARY_DIR}/sapi_base_force_cxx_linkage.cc" "")
|
||||
add_library(sapi_base STATIC
|
||||
"${SAPI_BINARY_DIR}/sapi_base_force_cxx_linkage.cc"
|
||||
)
|
||||
|
@ -85,20 +97,28 @@ target_compile_features(sapi_base PUBLIC
|
|||
cxx_std_${SAPI_CXX_STANDARD}
|
||||
)
|
||||
set_target_properties(sapi_base PROPERTIES
|
||||
SKIP_BUILD_RPATH ON
|
||||
POSITION_INDEPENDENT_CODE ON
|
||||
INTERFACE_POSITION_INDEPENDENT_CODE ON
|
||||
)
|
||||
target_include_directories(sapi_base PUBLIC
|
||||
"${SAPI_BINARY_DIR}"
|
||||
"${SAPI_SOURCE_DIR}"
|
||||
"${Protobuf_INCLUDE_DIR}"
|
||||
)
|
||||
target_compile_options(sapi_base PUBLIC -fno-exceptions)
|
||||
target_compile_options(sapi_base PUBLIC
|
||||
-fno-exceptions
|
||||
)
|
||||
if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
|
||||
target_compile_options(sapi_base PUBLIC
|
||||
# The syscall tables in sandbox2/syscall_defs.cc are `std::array`s using
|
||||
# CTAD and have more entries than the default limit of 256.
|
||||
-fbracket-depth=768
|
||||
)
|
||||
endif()
|
||||
set(_sapi_check_no_deprecated
|
||||
-Wno-deprecated SAPI_HAS_W_NO_DEPRECATED
|
||||
)
|
||||
# For sandbox2/util.cc's CloneAndJump()
|
||||
set(_sapi_check_frame_larger_than
|
||||
# For sandbox2/util.cc's CloneAndJump()
|
||||
-Wframe-larger-than=40960 SAPI_HAS_W_FRAME_LARGER_THAN
|
||||
)
|
||||
set(_sapi_check_no_deprecated_declarations
|
||||
|
|
|
@ -16,6 +16,9 @@
|
|||
set(SAPI_CONTRIB_SANDBOXES
|
||||
hunspell
|
||||
jsonnet
|
||||
libidn2
|
||||
pffft
|
||||
turbojpeg
|
||||
zopfli
|
||||
zstd
|
||||
)
|
||||
|
|
|
@ -6,11 +6,15 @@ libraries.
|
|||
## Projects Sandboxed
|
||||
|
||||
Directory | Project | Home Page | Integration
|
||||
----------- | ------------------------------------------------- | -------------------------------------------------------------------- | -----------
|
||||
`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake
|
||||
------------ | ----------------------------------------------------------------- | ------------------------------------------------------------------------------------ | -----------
|
||||
`c-blosc/` | c-blosc - A blocking, shuffling and loss-less compression library | [github.com/Blosc/c-blosc](https://github.com/Blosc/c-blosc) | CMake
|
||||
`hunspell/` | Hunspell - The most popular spellchecking library | [github.com/hunspell/hunspell](https://github.com/hunspell/hunspell) | CMake
|
||||
`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake
|
||||
`pffft/` | PFFFT - a pretty fast Fourier Transform | [bitbucket.org/jpommier/pffft.git](https://bitbucket.org/jpommier/pffft.git) | CMake
|
||||
`zopfli` | Zopfli - Compression Algorithm | [github.com/google/zopfli](https://github.com/google/zopfli) | CMake
|
||||
`zstd/` | Zstandard - Fast real-time compression algorithm | [github.com/facebook/zstd](https://github.com/facebook/zstd) | CMake
|
||||
`libidn2/` | libidn2 - GNU IDN library | [www.gnu.org/software/libidn/#libidn2](https://www.gnu.org/software/libidn/#libidn2) | CMake
|
||||
`turbojpeg/` | High-level JPEG library | [libjpeg-turbo.org/About/TurboJPEG](https://libjpeg-turbo.org/About/TurboJPEG) | CMake
|
||||
|
||||
## Projects Shipping with Sandboxed API Sandboxes
|
||||
|
||||
|
|
90
contrib/c-blosc/CMakeLists.txt
Normal file
90
contrib/c-blosc/CMakeLists.txt
Normal file
|
@ -0,0 +1,90 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
cmake_minimum_required(VERSION 3.13..3.22)
|
||||
|
||||
project(sapi_blosc CXX)
|
||||
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||
|
||||
if(NOT TARGET sapi::sapi)
|
||||
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||
add_subdirectory(
|
||||
"${SAPI_ROOT}"
|
||||
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||
EXCLUDE_FROM_ALL
|
||||
)
|
||||
endif()
|
||||
|
||||
set(HIDE_SYMBOLS off)
|
||||
FetchContent_Declare(
|
||||
libblosc
|
||||
|
||||
GIT_REPOSITORY https://github.com/Blosc/c-blosc.git
|
||||
GIT_TAG a0e5c18d37db8e6f1003254a574c8062c5b45e00
|
||||
PATCH_COMMAND patch < "${CMAKE_SOURCE_DIR}/patches/c-blosc.cmake.patch" && cd blosc && patch < "${CMAKE_SOURCE_DIR}/patches/c-blosc.blosc.cmake.patch"
|
||||
)
|
||||
FetchContent_MakeAvailable(libblosc)
|
||||
|
||||
add_sapi_library(
|
||||
sapi_blosc
|
||||
|
||||
FUNCTIONS
|
||||
blosc_init
|
||||
blosc_destroy
|
||||
|
||||
blosc_compress
|
||||
blosc_decompress
|
||||
|
||||
blosc_get_nthreads
|
||||
blosc_set_nthreads
|
||||
|
||||
blosc_get_compressor
|
||||
blosc_set_compressor
|
||||
|
||||
blosc_list_compressors
|
||||
|
||||
blosc_get_version_string
|
||||
|
||||
blosc_get_blocksize
|
||||
blosc_set_blocksize
|
||||
|
||||
blosc_set_splitmode
|
||||
|
||||
blosc_cbuffer_sizes
|
||||
blosc_cbuffer_validate
|
||||
blosc_cbuffer_versions
|
||||
|
||||
INPUTS
|
||||
"${libblosc_SOURCE_DIR}/blosc/blosc.h"
|
||||
|
||||
LIBRARY blosc_static
|
||||
LIBRARY_NAME Cblosc
|
||||
NAMESPACE ""
|
||||
)
|
||||
|
||||
add_library(sapi_contrib::blosc ALIAS sapi_blosc)
|
||||
|
||||
target_include_directories(sapi_blosc INTERFACE
|
||||
"${PROJECT_BINARY_DIR}"
|
||||
)
|
||||
|
||||
if (SAPI_ENABLE_EXAMPLES)
|
||||
add_subdirectory(example)
|
||||
endif()
|
||||
|
||||
if (SAPI_ENABLE_TESTS)
|
||||
add_subdirectory(test)
|
||||
endif()
|
32
contrib/c-blosc/example/CMakeLists.txt
Normal file
32
contrib/c-blosc/example/CMakeLists.txt
Normal file
|
@ -0,0 +1,32 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
add_executable(
|
||||
sapi_miniblosc
|
||||
|
||||
main.cc
|
||||
../utils/utils_blosc.cc
|
||||
)
|
||||
|
||||
target_include_directories(sapi_miniblosc INTERFACE
|
||||
"${SAPI_SOURCE_DIR}"
|
||||
)
|
||||
|
||||
target_link_libraries(
|
||||
sapi_miniblosc PRIVATE
|
||||
|
||||
sapi_blosc
|
||||
sapi::sapi
|
||||
absl::flags_parse
|
||||
)
|
94
contrib/c-blosc/example/main.cc
Normal file
94
contrib/c-blosc/example/main.cc
Normal file
|
@ -0,0 +1,94 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <absl/flags/flag.h>
|
||||
#include <absl/flags/parse.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <fstream>
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
|
||||
#include "contrib/c-blosc/sandboxed.h"
|
||||
#include "contrib/c-blosc/utils/utils_blosc.h"
|
||||
|
||||
ABSL_FLAG(bool, decompress, false, "decompress");
|
||||
ABSL_FLAG(int, clevel, 5, "compression level");
|
||||
ABSL_FLAG(uint32_t, nthreads, 5, "number of threads");
|
||||
ABSL_FLAG(std::string, compressor, "blosclz",
|
||||
"compressor engine. Available: blosclz, lz4, lz4hc, zlib, zstd");
|
||||
|
||||
absl::Status Stream(CbloscApi& api, std::string& infile_s,
|
||||
std::string& outfile_s) {
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
if (!infile.is_open()) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
|
||||
}
|
||||
std::ofstream outfile(outfile_s, std::ios::binary);
|
||||
if (!outfile.is_open()) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
|
||||
}
|
||||
|
||||
std::string compressor(absl::GetFlag(FLAGS_compressor));
|
||||
|
||||
if (absl::GetFlag(FLAGS_decompress)) {
|
||||
return Decompress(api, infile, outfile, 5);
|
||||
}
|
||||
|
||||
return Compress(api, infile, outfile, absl::GetFlag(FLAGS_clevel), compressor,
|
||||
absl::GetFlag(FLAGS_nthreads));
|
||||
}
|
||||
|
||||
int main(int argc, char* argv[]) {
|
||||
std::string prog_name(argv[0]);
|
||||
google::InitGoogleLogging(argv[0]);
|
||||
std::vector<char*> args = absl::ParseCommandLine(argc, argv);
|
||||
|
||||
if (args.size() != 3) {
|
||||
std::cerr << "Usage:\n " << prog_name << " INPUT OUTPUT\n";
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
CbloscSapiSandbox sandbox;
|
||||
if (!sandbox.Init().ok()) {
|
||||
std::cerr << "Unable to start sandbox\n";
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
CbloscApi api(&sandbox);
|
||||
|
||||
if (absl::Status status = api.blosc_init(); !status.ok()) {
|
||||
std::cerr << "Unable to init library\n";
|
||||
std::cerr << status << std::endl;
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
std::string infile_s(args[1]);
|
||||
std::string outfile_s(args[2]);
|
||||
|
||||
if (absl::Status status = Stream(api, infile_s, outfile_s); !status.ok()) {
|
||||
std::cerr << "Unable to ";
|
||||
std::cerr << (absl::GetFlag(FLAGS_decompress) ? "de" : "");
|
||||
std::cerr << "compress file\n";
|
||||
std::cerr << status << std::endl;
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
if (absl::Status status = api.blosc_destroy(); !status.ok()) {
|
||||
std::cerr << "Unable to uninitialize library\n";
|
||||
std::cerr << status << std::endl;
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
return EXIT_SUCCESS;
|
||||
}
|
59
contrib/c-blosc/files/text
Normal file
59
contrib/c-blosc/files/text
Normal file
|
@ -0,0 +1,59 @@
|
|||
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam id ultricies neque, id blandit nisl. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas pharetra urna purus, a finibus erat sodales ac. Donec sed convallis felis, ac rutrum velit. Suspendisse dapibus ultrices euismod. Donec non erat scelerisque, pretium dui id, dignissim dolor. Vivamus id orci maximus, maximus sapien sed, tincidunt nunc.
|
||||
|
||||
Praesent fringilla lectus lobortis dui posuere, ac mollis neque ultrices. Fusce nec quam eget neque feugiat mollis quis sit amet ipsum. Suspendisse hendrerit elit tincidunt neque tincidunt mattis. Nulla vitae neque sit amet metus consequat ultrices a ac augue. Nunc viverra lacinia ultrices. Vivamus in cursus ex, a sollicitudin purus. Curabitur et consectetur enim. Duis euismod magna eget velit tristique, at varius lorem posuere. Quisque non erat at diam blandit sollicitudin sit amet ac lectus. Maecenas nec consectetur augue, vel dignissim orci. Etiam rutrum ac massa at accumsan.
|
||||
|
||||
Nullam congue lacus et eros ornare, et malesuada nunc varius. Mauris facilisis suscipit nisl non tristique. Proin lobortis diam vel mi tempus, sit amet iaculis eros iaculis. Phasellus a metus ac purus pellentesque fermentum. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Suspendisse venenatis quam vel sapien scelerisque commodo. Donec nec urna feugiat, semper ipsum non, dapibus neque. Aenean egestas tortor sit amet interdum convallis.
|
||||
|
||||
Cras sed enim scelerisque orci hendrerit porta. Duis egestas erat sollicitudin vestibulum convallis. Proin eget eros in neque ultricies posuere. Quisque sodales nisi nulla, non sollicitudin ipsum sodales in. Phasellus feugiat sollicitudin enim, in faucibus massa cursus nec. Donec arcu erat, ultricies eget nisi scelerisque, pharetra fringilla nisl. Maecenas et consectetur neque. Duis vel rhoncus lacus. Nulla nec lorem iaculis, consequat sapien a, semper leo.
|
||||
|
||||
Praesent vehicula sem in tempor pulvinar. Sed porttitor volutpat nulla eget tempor. Phasellus sit amet quam justo. Donec sit amet lacus dolor. Ut finibus sollicitudin dui vitae tincidunt. Mauris commodo nec orci convallis accumsan. In dapibus urna ex, in convallis purus ornare vel.
|
||||
|
||||
Suspendisse potenti. Nulla mi lorem, dictum accumsan mollis vitae, commodo vitae purus. Nullam accumsan lectus elit, vel volutpat lectus varius eget. Sed in condimentum neque. Mauris nibh arcu, dignissim sed ipsum a, imperdiet mattis neque. Nam eu pretium orci, a semper mauris. Proin dui lacus, auctor nec nibh sed, eleifend interdum libero. Vestibulum venenatis gravida risus in pulvinar. Sed sit amet leo vehicula, lacinia nisi et, dignissim ex. Fusce consectetur sollicitudin nisi. Pellentesque nec mauris vitae arcu iaculis semper eu eu odio. Ut facilisis erat a hendrerit egestas. Nullam tristique augue nunc, et ornare risus efficitur et. Quisque placerat risus metus, eu rutrum dui egestas et. Donec elementum sapien leo, vitae porttitor metus pharetra luctus.
|
||||
|
||||
Ut non neque vel nibh accumsan luctus at eu ipsum. Ut vitae lacus vestibulum, sodales purus quis, elementum neque. Pellentesque a justo non massa finibus iaculis in sit amet mi. Nunc vel justo libero. Proin mollis ex quis nulla sollicitudin, quis porttitor justo imperdiet. Aenean vulputate semper consectetur. Aenean nibh tortor, viverra commodo magna sed, condimentum efficitur tellus. Maecenas eros mauris, tempor at porta ut, laoreet quis est. Proin eu purus a dolor aliquet bibendum nec ac velit. Phasellus quis tortor risus. Aliquam non felis quis massa scelerisque ullamcorper. Nulla tristique nunc ligula, quis semper lacus tincidunt ut. Maecenas in aliquet magna. Phasellus sed dolor id felis blandit efficitur a at nulla.
|
||||
|
||||
Curabitur condimentum est non felis luctus, in tempus tellus tempus. Curabitur at quam nec mi vulputate sollicitudin quis a arcu. Phasellus lectus lorem, feugiat sit amet accumsan in, pretium ut leo. Integer vulputate ante ac nunc elementum varius. Nunc interdum tellus auctor, rutrum urna ut, imperdiet quam. Maecenas non accumsan lorem. Donec sem augue, tincidunt vel aliquam in, viverra et tellus. Duis lobortis, arcu quis scelerisque rhoncus, velit enim lacinia sem, sed commodo lorem ex cursus ligula. Integer nec auctor erat. Proin feugiat vel odio a fringilla. Nam dignissim augue elit. Nam sed lectus consequat, lacinia est vel, maximus eros. Aenean egestas ultricies odio. Mauris ut cursus ipsum. Fusce porttitor, eros sed sollicitudin porttitor, quam ipsum blandit nunc, ut sagittis metus diam tristique tortor. In sagittis odio odio, et ullamcorper augue gravida vel.
|
||||
|
||||
Nam vulputate nulla ut faucibus pulvinar. Praesent in purus non orci semper imperdiet. Vivamus vel diam ornare, eleifend tellus sit amet, viverra orci. Proin porttitor ipsum et odio laoreet, quis efficitur nisl dictum. Vestibulum mollis, arcu ut semper iaculis, nulla sapien vehicula enim, quis vulputate dolor leo hendrerit felis. Vestibulum mi purus, tristique vel vulputate et, efficitur ac turpis. Aenean facilisis sed nisl ac iaculis. Proin scelerisque justo a diam commodo, ac volutpat nisi sodales. Aliquam hendrerit blandit sapien, eu pretium risus dictum nec. Aliquam ultrices tincidunt magna nec bibendum. Vivamus dapibus et lectus at suscipit. Phasellus maximus, nibh sed tempor convallis, arcu erat condimentum ex, id laoreet ex leo nec mi. Aenean ultricies eget quam non ultrices. Donec sollicitudin ex non elit mattis rutrum.
|
||||
|
||||
Aliquam feugiat, elit a lobortis aliquam, orci augue rhoncus urna, et condimentum nibh est at est. Morbi eu diam quis nisi tristique tempus id ac tortor. Praesent a aliquet sem. Donec a mollis tellus, in dapibus ligula. Nullam quis dictum leo. Nam turpis diam, imperdiet id felis non, rutrum vehicula dui. Donec eleifend augue eu mauris tristique, non condimentum sapien dapibus. Fusce congue scelerisque suscipit. In in vulputate enim, malesuada mollis augue. Vestibulum tristique tempus ipsum vel venenatis. Quisque mauris urna, congue in lorem sed, dapibus convallis lorem. In eget arcu varius, tempor nisi quis, fermentum ipsum. Cras faucibus lacus sed massa pulvinar, vel viverra felis rhoncus.
|
||||
|
||||
Nulla in nisi fringilla, molestie nisi at, dapibus arcu. Aenean ut justo eget neque tincidunt elementum. Ut varius, neque eu tempor pellentesque, magna turpis fermentum neque, eget pulvinar diam purus sit amet augue. Curabitur suscipit pharetra nisi egestas convallis. Aliquam et ex pulvinar eros malesuada viverra sed in libero. Quisque molestie dictum arcu at ultricies. Nulla id metus non lacus posuere vestibulum vel ut sem. Proin pulvinar nisl nisl, a imperdiet enim ultrices vel. Etiam malesuada posuere dignissim. Donec mollis nulla ut enim sollicitudin, nec commodo ante malesuada. Quisque sit amet augue eu quam malesuada mollis sed at ipsum.
|
||||
|
||||
Aliquam quam est, maximus sed porta ut, placerat eu nunc. Vivamus ultrices ultricies tristique. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. In et mi eu lacus rhoncus condimentum ultrices non velit. Suspendisse imperdiet, ipsum eu commodo euismod, est dolor sollicitudin augue, eu blandit risus tortor sit amet eros. Aliquam rutrum feugiat magna, sit amet aliquam tortor rutrum non. Fusce tempor rhoncus lectus vitae molestie. Sed ut tellus sagittis, congue enim mollis, malesuada ligula. Sed id tellus vel dolor commodo posuere malesuada et felis.
|
||||
|
||||
Morbi quis risus nec lectus maximus tristique vehicula a lectus. Suspendisse ipsum urna, accumsan sit amet dui id, malesuada pellentesque diam. Sed sit amet tellus rutrum, placerat urna nec, tristique libero. Etiam luctus sit amet dui in rutrum. Etiam iaculis, tortor ut vulputate blandit, enim ligula euismod tortor, a porttitor leo ex sit amet lorem. Proin fermentum, est et fermentum laoreet, ante risus aliquam odio, nec consectetur dui leo in est. Etiam dapibus risus sit amet quam viverra gravida. Aenean at libero quis dolor consectetur ultricies. Maecenas rutrum mattis dui, ut auctor elit fringilla vitae. Nulla consequat tincidunt ligula ac dapibus. Vestibulum nisl erat, pharetra ac cursus sed, molestie sit amet justo. Vestibulum lobortis id ligula in elementum. Mauris non purus a magna feugiat tempus et at erat. In tincidunt diam vitae rutrum molestie. Pellentesque ut nisi laoreet, semper mi aliquet, rhoncus dolor.
|
||||
|
||||
Pellentesque lacinia quis felis ac fringilla. Cras ante enim, efficitur non erat in, gravida mollis diam. Aliquam accumsan nulla nec eros aliquam fringilla. Mauris scelerisque aliquam fringilla. Aliquam lacinia mi orci, sit amet dignissim lorem lacinia at. Duis elit arcu, iaculis id risus at, porta sollicitudin sapien. Duis ante eros, consequat vitae massa at, auctor interdum nisi. Vivamus sit amet dui neque. Mauris tincidunt vestibulum arcu, consequat condimentum urna tincidunt vel. Sed a urna magna. Nullam in pharetra nulla.
|
||||
|
||||
Nunc id purus at ipsum blandit consectetur sagittis non lorem. In sit amet aliquam ante. Integer convallis lectus eu lorem finibus vulputate. Morbi feugiat turpis id neque posuere, non elementum turpis volutpat. Nullam gravida, turpis vitae varius placerat, neque nisl bibendum velit, at suscipit eros ipsum et lorem. Integer arcu eros, gravida eu mauris condimentum, tincidunt euismod mi. Sed id elit vitae nulla aliquet laoreet. Sed pulvinar sollicitudin fermentum. Fusce semper ullamcorper mollis. Aenean laoreet, sem non cursus volutpat, metus elit scelerisque nisi, eget maximus neque enim non orci.
|
||||
|
||||
Curabitur lacinia suscipit rutrum. Curabitur convallis eu lorem nec accumsan. Morbi et turpis sit amet erat mollis vehicula et eu risus. Nulla vel urna mollis, laoreet risus vel, auctor risus. Cras rutrum tempor ligula, sed fringilla justo tempor gravida. Nam tincidunt elementum dolor in sollicitudin. Donec pretium diam sed libero varius efficitur. Vivamus non nunc vulputate, accumsan ipsum sit amet, facilisis urna. Suspendisse suscipit, diam et ultrices maximus, enim sapien facilisis ligula, ut lacinia metus nisl eget felis. Proin egestas sollicitudin est ac auctor. Cras sapien turpis, interdum vitae laoreet sed, aliquam sed ex. Sed ullamcorper mi eu nisi varius facilisis. Nam fringilla at augue sit amet finibus. Mauris vitae facilisis purus.
|
||||
|
||||
Suspendisse hendrerit lacus eget nisi bibendum sodales. In scelerisque sem eget est suscipit, in sollicitudin urna ultricies. Aenean ac mi non mauris congue viverra. Nam fermentum, purus ut consectetur volutpat, augue arcu luctus eros, quis efficitur felis mi nec ligula. Nullam eget feugiat ante. Donec rutrum, ex sit amet sodales venenatis, leo nibh euismod lacus, nec auctor purus urna in enim. Aliquam erat volutpat. Ut a ante rhoncus, cursus massa quis, porttitor mi. Nullam non lectus et mauris mollis lacinia. Curabitur euismod euismod nisi vitae malesuada. Donec vel finibus justo. Suspendisse lobortis efficitur ligula sed bibendum.
|
||||
|
||||
Integer mauris nulla, auctor vel imperdiet vitae, commodo vel arcu. Nulla sit amet tempor ante, ac elementum dolor. Nam fermentum euismod est nec pulvinar. Etiam eleifend blandit nisl non mollis. Vestibulum porta sed nunc at aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Interdum et malesuada fames ac ante ipsum primis in faucibus. Donec id sem eu eros lobortis malesuada. Maecenas cursus neque a purus rhoncus, fermentum sagittis enim viverra. Proin blandit laoreet est eget feugiat.
|
||||
|
||||
Nulla nec nulla pellentesque, ullamcorper felis eget, bibendum augue. Sed lectus felis, tempor ac est non, commodo viverra augue. Ut bibendum arcu eget dapibus consectetur. Morbi id lectus vulputate, maximus leo sed, tincidunt leo. Nunc id nibh a lacus sagittis tristique at ac dolor. Nunc sed iaculis dolor. Cras maximus vulputate metus, a finibus magna sagittis non. Morbi porta fringilla enim, non pellentesque elit pellentesque eu. Vivamus pharetra dictum fermentum. Etiam consequat iaculis consequat. Morbi pharetra ante quam, quis efficitur purus finibus quis. Nulla at volutpat arcu. Curabitur augue lorem, lacinia eget augue vel, dignissim fringilla augue. Duis facilisis nulla turpis, ut fringilla quam efficitur ut. Cras tincidunt, tellus et dignissim ultricies, ligula ex pulvinar enim, vitae convallis erat ex ac neque.
|
||||
|
||||
Mauris sed auctor lorem. Vestibulum non ligula viverra, rhoncus quam at, pulvinar tellus. Phasellus dictum tellus eu nisl dignissim, id vulputate odio tincidunt. Mauris ornare ipsum nec maximus maximus. Nulla non sagittis turpis, in blandit magna. Donec at leo gravida, cursus diam ac, ornare velit. Praesent ipsum lorem, fermentum id lacinia ac, ultrices ac lectus. Vestibulum efficitur eget ipsum vitae vulputate. Aenean placerat magna sed ligula efficitur, ut consequat eros vestibulum. Proin placerat sapien sed arcu pharetra volutpat. Nunc diam lectus, tincidunt id eleifend vel, lobortis a lectus. In id orci sed purus venenatis pulvinar quis eget odio. Praesent quis nisi porta, blandit nisi a, hendrerit lacus. Morbi mollis libero non commodo consequat. Nullam id erat mi.
|
||||
|
||||
Vestibulum sit amet ante turpis. Duis in cursus eros. Praesent luctus eget augue tristique porttitor. Sed scelerisque facilisis sem sed interdum. Donec tristique augue ex, sit amet auctor ex elementum id. Sed lacinia ultrices dui, vitae scelerisque leo fringilla quis. Proin condimentum facilisis justo. Integer nulla mi, laoreet vel magna elementum, dignissim volutpat turpis. Aliquam erat volutpat.
|
||||
|
||||
Ut at quam nulla. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam maximus felis quis tincidunt fringilla. Fusce hendrerit pharetra pharetra. Nullam venenatis augue eget neque venenatis varius. Aenean posuere posuere nibh, sed vulputate purus tristique a. Sed nec lacus egestas, rhoncus nunc varius, euismod metus.
|
||||
|
||||
Aliquam pellentesque vel turpis ut aliquam. Fusce aliquam fermentum eros, gravida finibus arcu lacinia ut. Morbi vehicula nulla vitae viverra imperdiet. Curabitur eu euismod dui. Nullam congue congue odio, vel varius libero volutpat ut. Curabitur ante urna, vehicula nec sodales vel, lacinia eget arcu. Ut mollis rhoncus orci et facilisis. Aenean feugiat, purus a porttitor feugiat, ex nunc convallis leo, vel semper metus dolor id neque. Proin placerat orci ut purus cursus vehicula. Praesent molestie gravida ipsum, ac sagittis augue viverra vitae. Donec mi purus, congue vitae blandit ut, sollicitudin eu lorem. Vivamus dapibus nibh sed placerat mollis. Fusce egestas nunc lorem, sed interdum turpis gravida eget. Pellentesque enim ante, accumsan pulvinar dignissim ut, faucibus ac orci.
|
||||
|
||||
Fusce tempor fringilla bibendum. Nulla eu suscipit dui. In hac habitasse platea dictumst. Vivamus at lobortis orci, sit amet aliquet nunc. Nunc lacus mauris, sagittis in ornare sit amet, venenatis et dolor. Donec pellentesque nisl blandit, facilisis urna ac, dapibus nisl. Integer sollicitudin commodo euismod. Maecenas vulputate consequat ligula a accumsan. Nunc id risus magna. Nullam pulvinar blandit ante quis elementum.
|
||||
|
||||
Aliquam cursus lectus dui, facilisis tincidunt libero euismod id. Integer id placerat ligula, sit amet mattis mi. Nullam sed nunc orci. Etiam ac dolor sit amet purus consectetur hendrerit. Sed facilisis venenatis ullamcorper. Maecenas tincidunt nunc scelerisque vehicula eleifend. Nullam tincidunt tristique felis sed tempus. Donec nec fermentum dui, in tempus libero. Nam viverra mauris ornare mi finibus, sit amet convallis dui aliquam. Cras ut ultrices tellus. Pellentesque scelerisque placerat vehicula. Quisque cursus malesuada nunc, ut ultricies metus imperdiet eget.
|
||||
|
||||
Proin tristique gravida justo eget hendrerit. Donec id tincidunt sapien. Fusce elementum metus eget risus fermentum, eget venenatis purus rutrum. Maecenas rhoncus pharetra eros a iaculis. Aliquam vestibulum ipsum sed vehicula tempor. Sed convallis tellus sed augue pellentesque, eget suscipit ex iaculis. Integer nisl sapien, vulputate vel congue eget, viverra id ante. Interdum et malesuada fames ac ante ipsum primis in faucibus. Nunc blandit aliquet ex nec vehicula. Sed tristique gravida tellus eget egestas. Quisque bibendum ligula velit, sed egestas diam rutrum in. Maecenas hendrerit augue nec elit lacinia mattis.
|
||||
|
||||
Phasellus ultrices ex augue, vel venenatis turpis laoreet in. Suspendisse a imperdiet lectus. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nulla quis nisl finibus, dictum urna eget, fermentum purus. Nam fermentum magna id nisi semper, nec tempor lorem blandit. Sed dignissim fringilla dui id lacinia. Phasellus vitae viverra erat. Interdum et malesuada fames ac ante ipsum primis in faucibus. Pellentesque vel malesuada lorem, pharetra consequat diam. Quisque tempor dui eu quam aliquam porta. Donec tortor tortor, tristique vitae sem eget, euismod viverra justo. Morbi id mollis ex. Suspendisse potenti. Donec rutrum, orci id molestie malesuada, massa ex fermentum nisi, vitae facilisis nisi turpis eget enim. Sed eu mi at augue maximus rhoncus. Cras vehicula tellus non gravida efficitur.
|
||||
|
||||
Mauris eros justo, finibus lacinia sodales ut, tempus a ligula. Nulla sit amet sagittis mauris, non fermentum magna. Quisque tristique sagittis porta. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In ultricies, lectus in rutrum lobortis, elit nisi bibendum turpis, a gravida ligula mi id dolor. In rhoncus suscipit lectus ac maximus. Nunc vulputate aliquam laoreet. Morbi eget purus sit amet odio suscipit rutrum. Suspendisse id enim eget justo fringilla fringilla. Maecenas et nulla consectetur, feugiat orci ac, scelerisque est. Pellentesque iaculis justo dui, nec volutpat elit tincidunt eget. Curabitur finibus est a nisl interdum, ut rutrum lorem luctus.
|
||||
|
||||
Nam dolor ipsum, egestas eget luctus nec, congue vitae eros. Donec libero massa, molestie nec augue lacinia, auctor iaculis tortor. Proin tellus mi, vestibulum in lacus at, fringilla commodo nulla. Ut ullamcorper, quam at blandit congue, mauris purus volutpat nisl, quis fermentum justo ipsum id mi. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Etiam vestibulum augue eget sagittis porta. Curabitur eget purus placerat, fringilla lorem non, pretium mauris. Suspendisse potenti. Ut cursus erat augue, quis laoreet felis posuere sit amet. Suspendisse potenti. Sed aliquet semper quam quis ultrices. Lorem ipsum dolor sit amet, consectetur adipiscing elit.
|
||||
|
||||
Donec placerat massa et ipsum malesuada, in fringilla mi mollis. Curabitur vel condimentum enim. Donec luctus libero eget dapibus sagittis. Cras vulputate nibh non mauris accumsan, vel lobortis elit hendrerit. Praesent hendrerit ligula purus, non consequat libero accumsan sed. Suspendisse fringilla, tortor in fermentum congue, arcu tellus mollis sem, ut tempus enim dui non leo. Sed in augue diam. Maecenas vel neque eget mi lacinia ornare. Maecenas pharetra consectetur erat non feugiat. Aliquam lacinia augue eget elit maximus fringilla. Suspendisse risus lorem, porta eget nunc a, porta lobortis sapien.
|
BIN
contrib/c-blosc/files/text.blosclz
Normal file
BIN
contrib/c-blosc/files/text.blosclz
Normal file
Binary file not shown.
BIN
contrib/c-blosc/files/text.lz4
Normal file
BIN
contrib/c-blosc/files/text.lz4
Normal file
Binary file not shown.
BIN
contrib/c-blosc/files/text.lz4hc
Normal file
BIN
contrib/c-blosc/files/text.lz4hc
Normal file
Binary file not shown.
BIN
contrib/c-blosc/files/text.zlib
Normal file
BIN
contrib/c-blosc/files/text.zlib
Normal file
Binary file not shown.
BIN
contrib/c-blosc/files/text.zstd
Normal file
BIN
contrib/c-blosc/files/text.zstd
Normal file
Binary file not shown.
19
contrib/c-blosc/patches/c-blosc.blosc.cmake.patch
Normal file
19
contrib/c-blosc/patches/c-blosc.blosc.cmake.patch
Normal file
|
@ -0,0 +1,19 @@
|
|||
# This is patch has a pending PR: https://github.com/Blosc/c-blosc/pull/329
|
||||
|
||||
--- CMakeLists.txt
|
||||
+++ CMakeLists.txt
|
||||
@@ -3,10 +3,9 @@ add_definitions(-DUSING_CMAKE)
|
||||
|
||||
set(INTERNAL_LIBS ${PROJECT_SOURCE_DIR}/internal-complibs)
|
||||
|
||||
-# Hide symbols by default unless they're specifically exported.
|
||||
-# This makes it easier to keep the set of exported symbols the
|
||||
-# same across all compilers/platforms.
|
||||
-set(CMAKE_C_VISIBILITY_PRESET hidden)
|
||||
+if(HIDE_SYMBOLS)
|
||||
+ set(CMAKE_C_VISIBILITY_PRESET hidden)
|
||||
+endif(HIDE_SYMBOLS)
|
||||
|
||||
# includes
|
||||
set(BLOSC_INCLUDE_DIRS ${BLOSC_INCLUDE_DIRS} ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
|
25
contrib/c-blosc/patches/c-blosc.cmake.patch
Normal file
25
contrib/c-blosc/patches/c-blosc.cmake.patch
Normal file
|
@ -0,0 +1,25 @@
|
|||
# This is patch has a pending PR: https://github.com/Blosc/c-blosc/pull/329
|
||||
|
||||
--- CMakeLists.txt
|
||||
+++ CMakeLists.txt
|
||||
@@ -13,6 +13,8 @@
|
||||
# build fuzz test programs and generates the "test" target
|
||||
# BUILD_BENCHMARKS: default ON
|
||||
# build the benchmark program
|
||||
+# HIDE_SYMBOLS: default ON
|
||||
+# hide the symols that aren't specifically exported
|
||||
# DEACTIVATE_SSE2: default OFF
|
||||
# do not attempt to build with SSE2 instructions
|
||||
# DEACTIVATE_AVX2: default OFF
|
||||
@@ -98,6 +100,11 @@ option(BUILD_TESTS
|
||||
"Build test programs from the blosc compression library" ON)
|
||||
option(BUILD_FUZZERS
|
||||
"Build fuzzer programs from the blosc compression library" ${BUILD_STATIC})
|
||||
+# Hide symbols by default unless they're specifically exported.
|
||||
+# This makes it easier to keep the set of exported symbols the
|
||||
+# same across all compilers/platforms.
|
||||
+option(HIDE_SYMBOLS
|
||||
+ "Build a libraries with hidden symbols unless they're specifically exported" ON)
|
||||
option(BUILD_BENCHMARKS
|
||||
"Build benchmark programs from the blosc compression library" ON)
|
||||
option(DEACTIVATE_SSE2
|
42
contrib/c-blosc/sandboxed.h
Normal file
42
contrib/c-blosc/sandboxed.h
Normal file
|
@ -0,0 +1,42 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef CONTRIB_CBLOSC_SANDBOXED_H_
|
||||
#define CONTRIB_CBLOSC_SANDBOXED_H_
|
||||
|
||||
#include <libgen.h>
|
||||
#include <syscall.h>
|
||||
|
||||
#include <memory>
|
||||
|
||||
#include "sapi_blosc.sapi.h" // NOLINT(build/include)
|
||||
|
||||
class CbloscSapiSandbox : public CbloscSandbox {
|
||||
public:
|
||||
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
|
||||
sandbox2::PolicyBuilder*) override {
|
||||
return sandbox2::PolicyBuilder()
|
||||
.AllowStaticStartup()
|
||||
.AllowRead()
|
||||
.AllowWrite()
|
||||
.AllowExit()
|
||||
.AllowSystemMalloc()
|
||||
.AllowSyscalls({
|
||||
__NR_sysinfo,
|
||||
})
|
||||
.BuildOrDie();
|
||||
}
|
||||
};
|
||||
|
||||
#endif // CONTRIB_CBLOSC_SANDBOXED_
|
33
contrib/c-blosc/test/CMakeLists.txt
Normal file
33
contrib/c-blosc/test/CMakeLists.txt
Normal file
|
@ -0,0 +1,33 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
include(GoogleTest)
|
||||
|
||||
add_executable(
|
||||
sapi_blosc_test
|
||||
|
||||
test_blosc.cc
|
||||
../utils/utils_blosc.cc
|
||||
)
|
||||
|
||||
|
||||
target_link_libraries(
|
||||
sapi_blosc_test PRIVATE
|
||||
|
||||
sapi_blosc
|
||||
sapi::temp_file
|
||||
sapi::test_main
|
||||
)
|
||||
|
||||
gtest_discover_tests(sapi_blosc_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files")
|
325
contrib/c-blosc/test/test_blosc.cc
Normal file
325
contrib/c-blosc/test/test_blosc.cc
Normal file
|
@ -0,0 +1,325 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <fstream>
|
||||
|
||||
#include "contrib/c-blosc/sandboxed.h"
|
||||
#include "contrib/c-blosc/utils/utils_blosc.h"
|
||||
#include "sandboxed_api/util/path.h"
|
||||
#include "sandboxed_api/util/status_matchers.h"
|
||||
#include "sandboxed_api/util/temp_file.h"
|
||||
|
||||
namespace {
|
||||
|
||||
using ::sapi::IsOk;
|
||||
|
||||
constexpr size_t kDefaultBlockSize = 19059;
|
||||
|
||||
bool CompareFiles(const std::string& name1, const std::string& name2) {
|
||||
std::ifstream f1(name1, std::ios::binary);
|
||||
if (!f1.is_open()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
std::ifstream f2(name2, std::ios::binary);
|
||||
if (!f2.is_open()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
while (!f1.eof() && !f2.eof()) {
|
||||
char buf1[128];
|
||||
char buf2[128];
|
||||
|
||||
f1.read(buf1, sizeof(buf1));
|
||||
f2.read(buf2, sizeof(buf2));
|
||||
|
||||
if (f1.gcount() != f2.gcount()) {
|
||||
return false;
|
||||
}
|
||||
if (memcmp(&buf1, &buf2, f2.gcount()) != 0) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return f1.eof() == f2.eof();
|
||||
}
|
||||
|
||||
std::string GetTestFilePath(const std::string& filename) {
|
||||
return sapi::file::JoinPath(getenv("TEST_FILES_DIR"), filename);
|
||||
}
|
||||
|
||||
std::string GetTemporaryFile(const std::string& filename) {
|
||||
absl::StatusOr<std::string> tmp_file =
|
||||
sapi::CreateNamedTempFileAndClose(filename);
|
||||
if (!tmp_file.ok()) {
|
||||
return "";
|
||||
}
|
||||
|
||||
return sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *tmp_file);
|
||||
}
|
||||
|
||||
std::streamsize GetStreamSize(std::ifstream& stream) {
|
||||
stream.seekg(0, std::ios_base::end);
|
||||
std::streamsize ssize = stream.tellg();
|
||||
stream.seekg(0, std::ios_base::beg);
|
||||
|
||||
return ssize;
|
||||
}
|
||||
|
||||
class TestText : public testing::TestWithParam<std::string> {};
|
||||
|
||||
TEST(SandboxTest, CheckInit) {
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
ASSERT_THAT(api.blosc_init(), IsOk());
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckDestroy) {
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
ASSERT_THAT(api.blosc_init(), IsOk());
|
||||
ASSERT_THAT(api.blosc_destroy(), IsOk());
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckGetNThreads) {
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(int nthreads, api.blosc_get_nthreads());
|
||||
|
||||
ASSERT_GT(nthreads, 0);
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckSetNThreads) {
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
int nthreads;
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(nthreads, api.blosc_get_nthreads());
|
||||
ASSERT_NE(nthreads, 3);
|
||||
ASSERT_THAT(api.blosc_set_nthreads(3), IsOk());
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(nthreads, api.blosc_get_nthreads());
|
||||
ASSERT_EQ(nthreads, 3);
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckGetBlocksize) {
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(size_t blocksize, api.blosc_get_blocksize());
|
||||
ASSERT_NE(blocksize, kDefaultBlockSize);
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckSetBlocksize) {
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
size_t blocksize;
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(blocksize, api.blosc_get_blocksize());
|
||||
ASSERT_NE(blocksize, 1337);
|
||||
ASSERT_THAT(api.blosc_set_blocksize(1337), IsOk());
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(blocksize, api.blosc_get_blocksize());
|
||||
ASSERT_EQ(blocksize, 1337);
|
||||
}
|
||||
|
||||
TEST_P(TestText, CheckSizes) {
|
||||
absl::Status status;
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
std::string compressor(GetParam());
|
||||
|
||||
std::string origfile_s = GetTestFilePath("text");
|
||||
std::string infile_s = GetTestFilePath(absl::StrCat("text.", compressor));
|
||||
|
||||
std::ifstream origfile(origfile_s, std::ios::binary);
|
||||
ASSERT_TRUE(origfile.is_open());
|
||||
ssize_t origsize = GetStreamSize(origfile);
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
||||
std::streamsize insize = GetStreamSize(infile);
|
||||
sapi::v::Array<uint8_t> inbuf(insize);
|
||||
infile.read(reinterpret_cast<char*>(inbuf.GetData()), insize);
|
||||
|
||||
sapi::v::IntBase<size_t> nbytes;
|
||||
sapi::v::IntBase<size_t> cbytes;
|
||||
sapi::v::IntBase<size_t> blocksize;
|
||||
|
||||
ASSERT_THAT(api.blosc_cbuffer_sizes(inbuf.PtrBefore(), nbytes.PtrAfter(),
|
||||
cbytes.PtrAfter(), blocksize.PtrAfter()),
|
||||
IsOk());
|
||||
|
||||
ASSERT_EQ(nbytes.GetValue(), origsize);
|
||||
ASSERT_EQ(cbytes.GetValue(), insize);
|
||||
ASSERT_EQ(blocksize.GetValue(), kDefaultBlockSize);
|
||||
}
|
||||
|
||||
TEST_P(TestText, CheckValidate) {
|
||||
absl::Status status;
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
std::string compressor(GetParam());
|
||||
|
||||
std::string origfile_s = GetTestFilePath("text");
|
||||
std::string infile_s = GetTestFilePath(absl::StrCat("text.", compressor));
|
||||
|
||||
std::ifstream origfile(origfile_s, std::ios::binary);
|
||||
ASSERT_TRUE(origfile.is_open());
|
||||
ssize_t origsize = GetStreamSize(origfile);
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
||||
std::streamsize insize = GetStreamSize(infile);
|
||||
sapi::v::Array<uint8_t> inbuf(insize);
|
||||
infile.read(reinterpret_cast<char*>(inbuf.GetData()), insize);
|
||||
|
||||
sapi::v::IntBase<size_t> nbytes;
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(
|
||||
int ret, api.blosc_cbuffer_validate(inbuf.PtrBefore(), inbuf.GetSize(),
|
||||
nbytes.PtrAfter()));
|
||||
|
||||
ASSERT_GE(ret, 0);
|
||||
ASSERT_EQ(nbytes.GetValue(), origsize);
|
||||
}
|
||||
|
||||
TEST_P(TestText, SetCompress) {
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
std::string compressor(GetParam());
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(
|
||||
int ret, api.blosc_set_compressor(
|
||||
sapi::v::ConstCStr(compressor.c_str()).PtrBefore()));
|
||||
ASSERT_GE(ret, 0);
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(char* c_compressor_ret, api.blosc_get_compressor());
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(
|
||||
std::string compressor_ret,
|
||||
api.GetSandbox()->GetCString(sapi::v::RemotePtr(c_compressor_ret)));
|
||||
|
||||
EXPECT_EQ(compressor_ret, compressor);
|
||||
}
|
||||
|
||||
TEST_P(TestText, Compress) {
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
std::string compressor(GetParam());
|
||||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
std::string outfile_s = GetTemporaryFile(absl::StrCat("out", compressor));
|
||||
ASSERT_FALSE(outfile_s.empty());
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
||||
std::ofstream outfile(outfile_s, std::ios::binary);
|
||||
ASSERT_TRUE(outfile.is_open());
|
||||
|
||||
absl::Status status = Compress(api, infile, outfile, 5, compressor, 5);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
|
||||
|
||||
ASSERT_LT(outfile.tellp(), infile.tellg());
|
||||
}
|
||||
|
||||
TEST_P(TestText, Decompress) {
|
||||
absl::Status status;
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
std::string compressor(GetParam());
|
||||
|
||||
std::string origfile_s = GetTestFilePath("text");
|
||||
std::string infile_s = GetTestFilePath(absl::StrCat("text.", compressor));
|
||||
std::string outfile_s = GetTemporaryFile(absl::StrCat("middle", compressor));
|
||||
ASSERT_FALSE(outfile_s.empty());
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
||||
std::ofstream outfile(outfile_s, std::ios::binary);
|
||||
ASSERT_TRUE(outfile.is_open());
|
||||
|
||||
status = Decompress(api, infile, outfile, 5);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
|
||||
|
||||
ASSERT_GT(outfile.tellp(), infile.tellg());
|
||||
|
||||
ASSERT_TRUE(CompareFiles(origfile_s, outfile_s));
|
||||
}
|
||||
|
||||
TEST_P(TestText, CompressDecompress) {
|
||||
absl::Status status;
|
||||
CbloscSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
CbloscApi api = CbloscApi(&sandbox);
|
||||
|
||||
std::string compressor(GetParam());
|
||||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
std::string middlefile_s =
|
||||
GetTemporaryFile(absl::StrCat("middle", compressor));
|
||||
ASSERT_FALSE(middlefile_s.empty());
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
||||
std::ofstream outmiddlefile(middlefile_s, std::ios::binary);
|
||||
ASSERT_TRUE(outmiddlefile.is_open());
|
||||
|
||||
status = Compress(api, infile, outmiddlefile, 5, compressor, 5);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
|
||||
|
||||
ASSERT_LT(outmiddlefile.tellp(), infile.tellg());
|
||||
|
||||
std::string outfile_s = GetTemporaryFile(absl::StrCat("out", compressor));
|
||||
ASSERT_FALSE(outfile_s.empty());
|
||||
|
||||
std::ifstream inmiddlefile(middlefile_s, std::ios::binary);
|
||||
ASSERT_TRUE(inmiddlefile.is_open());
|
||||
|
||||
std::ofstream outfile(outfile_s, std::ios::binary);
|
||||
ASSERT_TRUE(outfile.is_open());
|
||||
|
||||
status = Decompress(api, inmiddlefile, outfile, 5);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
|
||||
|
||||
ASSERT_GT(outfile.tellp(), inmiddlefile.tellg());
|
||||
|
||||
ASSERT_TRUE(CompareFiles(infile_s, outfile_s));
|
||||
}
|
||||
|
||||
INSTANTIATE_TEST_SUITE_P(SandboxTest, TestText,
|
||||
testing::Values("blosclz", "lz4", "lz4hc", "zlib",
|
||||
"zstd"));
|
||||
|
||||
} // namespace
|
122
contrib/c-blosc/utils/utils_blosc.cc
Normal file
122
contrib/c-blosc/utils/utils_blosc.cc
Normal file
|
@ -0,0 +1,122 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "contrib/c-blosc/utils/utils_blosc.h"
|
||||
|
||||
#include <fstream>
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
|
||||
#include "contrib/c-blosc/sandboxed.h"
|
||||
|
||||
static const size_t kFileMaxSize = 1024 * 1024 * 1024; // 1GB
|
||||
|
||||
std::streamsize GetStreamSize(std::ifstream& stream) {
|
||||
stream.seekg(0, std::ios_base::end);
|
||||
std::streamsize ssize = stream.tellg();
|
||||
stream.seekg(0, std::ios_base::beg);
|
||||
|
||||
return ssize;
|
||||
}
|
||||
|
||||
absl::Status Compress(CbloscApi& api, std::ifstream& in_stream,
|
||||
std::ofstream& out_stream, int clevel,
|
||||
std::string& compressor, int nthreads) {
|
||||
std::streamsize ssize = GetStreamSize(in_stream);
|
||||
sapi::v::Array<uint8_t> inbuf(ssize);
|
||||
sapi::v::Array<uint8_t> outbuf(ssize);
|
||||
|
||||
in_stream.read(reinterpret_cast<char*>(inbuf.GetData()), ssize);
|
||||
if (in_stream.gcount() != ssize) {
|
||||
return absl::UnavailableError("Unable to read file");
|
||||
}
|
||||
|
||||
int ret;
|
||||
SAPI_ASSIGN_OR_RETURN(
|
||||
ret, api.blosc_set_compressor(
|
||||
sapi::v::ConstCStr(compressor.c_str()).PtrBefore()));
|
||||
if (ret < 0) {
|
||||
return absl::UnavailableError("Unable to set compressor");
|
||||
}
|
||||
|
||||
SAPI_ASSIGN_OR_RETURN(ret, api.blosc_set_nthreads(nthreads));
|
||||
if (ret < 0) {
|
||||
return absl::UnavailableError("Unable to set nthreads");
|
||||
}
|
||||
|
||||
SAPI_ASSIGN_OR_RETURN(
|
||||
ssize_t outsize, api.blosc_compress(clevel, 1, sizeof(uint8_t),
|
||||
inbuf.GetSize(), inbuf.PtrBefore(),
|
||||
outbuf.PtrAfter(), outbuf.GetSize()));
|
||||
if (outsize <= 0) {
|
||||
return absl::UnavailableError("Unable to compress file.");
|
||||
}
|
||||
|
||||
out_stream.write(reinterpret_cast<char*>(outbuf.GetData()), outsize);
|
||||
if (!out_stream.good()) {
|
||||
return absl::UnavailableError("Unable to write file");
|
||||
}
|
||||
|
||||
return absl::OkStatus();
|
||||
}
|
||||
|
||||
absl::Status Decompress(CbloscApi& api, std::ifstream& in_stream,
|
||||
std::ofstream& out_stream, int nthreads) {
|
||||
std::streamsize ssize = GetStreamSize(in_stream);
|
||||
sapi::v::Array<uint8_t> inbuf(ssize);
|
||||
|
||||
in_stream.read(reinterpret_cast<char*>(inbuf.GetData()), ssize);
|
||||
if (in_stream.gcount() != ssize) {
|
||||
return absl::UnavailableError("Unable to read file");
|
||||
}
|
||||
|
||||
int ret;
|
||||
SAPI_ASSIGN_OR_RETURN(ret, api.blosc_set_nthreads(nthreads));
|
||||
if (ret < 0) {
|
||||
return absl::UnavailableError("Unable to set nthreads");
|
||||
}
|
||||
|
||||
// To not transfer memory twice (for blosc_cbuffer_sizes and decopmress),
|
||||
// tranfer memory before using it.
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->Allocate(&inbuf, true));
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&inbuf));
|
||||
|
||||
sapi::v::IntBase<size_t> nbytes;
|
||||
sapi::v::IntBase<size_t> cbytes;
|
||||
sapi::v::IntBase<size_t> blocksize;
|
||||
SAPI_RETURN_IF_ERROR(
|
||||
api.blosc_cbuffer_sizes(inbuf.PtrNone(), nbytes.PtrAfter(),
|
||||
cbytes.PtrAfter(), blocksize.PtrAfter()));
|
||||
if (nbytes.GetValue() == 0) {
|
||||
return absl::UnavailableError("Unable to get size");
|
||||
}
|
||||
if (nbytes.GetValue() > kFileMaxSize) {
|
||||
return absl::UnavailableError("The file is to large");
|
||||
}
|
||||
|
||||
sapi::v::Array<uint8_t> outbuf(nbytes.GetValue());
|
||||
SAPI_ASSIGN_OR_RETURN(ssize_t outsize,
|
||||
api.blosc_decompress(inbuf.PtrNone(), outbuf.PtrAfter(),
|
||||
outbuf.GetSize()));
|
||||
if (outsize <= 0) {
|
||||
return absl::UnavailableError("Unable to decompress file");
|
||||
}
|
||||
|
||||
out_stream.write(reinterpret_cast<char*>(outbuf.GetData()), outsize);
|
||||
if (!out_stream.good()) {
|
||||
return absl::UnavailableError("Unable to write file");
|
||||
}
|
||||
|
||||
return absl::OkStatus();
|
||||
}
|
29
contrib/c-blosc/utils/utils_blosc.h
Normal file
29
contrib/c-blosc/utils/utils_blosc.h
Normal file
|
@ -0,0 +1,29 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_
|
||||
#define CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_
|
||||
|
||||
#include <fstream>
|
||||
#include <string>
|
||||
|
||||
#include "absl/status/status.h"
|
||||
|
||||
absl::Status Compress(CbloscApi& api, std::ifstream& in_stream,
|
||||
std::ofstream& out_stream, int clevel,
|
||||
std::string& compress, int nthreads);
|
||||
absl::Status Decompress(CbloscApi& api, std::ifstream& in_stream,
|
||||
std::ofstream& out_stream, int nthreads);
|
||||
|
||||
#endif // CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_
|
|
@ -12,50 +12,48 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
cmake_minimum_required(VERSION 3.10)
|
||||
|
||||
cmake_minimum_required(VERSION 3.13..3.22)
|
||||
project(pffft CXX C)
|
||||
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||
|
||||
if(NOT TARGET sapi::sapi)
|
||||
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||
add_subdirectory("${SAPI_ROOT}"
|
||||
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||
EXCLUDE_FROM_ALL)
|
||||
endif()
|
||||
|
||||
include(CheckLibraryExists)
|
||||
|
||||
FetchContent_Declare(pffft
|
||||
GIT_REPOSITORY https://bitbucket.org/jpommier/pffft.git
|
||||
GIT_TAG 988259a41d1522047a9420e6265a6ba8289c1654 # 2021-12-02
|
||||
)
|
||||
FetchContent_MakeAvailable(pffft)
|
||||
|
||||
add_library(pffft STATIC
|
||||
master/pffft.c
|
||||
master/pffft.h
|
||||
master/fftpack.c
|
||||
master/fftpack.h
|
||||
"${pffft_SOURCE_DIR}/pffft.c"
|
||||
"${pffft_SOURCE_DIR}/pffft.h"
|
||||
"${pffft_SOURCE_DIR}/fftpack.c"
|
||||
"${pffft_SOURCE_DIR}/fftpack.h"
|
||||
)
|
||||
|
||||
add_executable(pffft_main
|
||||
master/test_pffft.c
|
||||
"${pffft_SOURCE_DIR}/test_pffft.c"
|
||||
)
|
||||
|
||||
target_link_libraries(pffft_main PRIVATE
|
||||
pffft
|
||||
)
|
||||
|
||||
set(MATH_LIBS "")
|
||||
include(CheckLibraryExists)
|
||||
check_library_exists(m sin "" LIBM)
|
||||
if(LIBM)
|
||||
list(APPEND MATH_LIBS "m")
|
||||
check_library_exists(m sin "" _sapi_HAVE_LIBM)
|
||||
if(_sapi_HAVE_LIBM)
|
||||
target_link_libraries(pffft PUBLIC
|
||||
m
|
||||
)
|
||||
endif()
|
||||
|
||||
target_link_libraries(pffft PUBLIC ${MATH_LIBS})
|
||||
|
||||
# Adding dependencies
|
||||
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||
# Then configure:
|
||||
# mkdir -p build && cd build
|
||||
# cmake .. -G Ninja -DSAPI_ROOT=$HOME/sapi_root
|
||||
|
||||
set(SAPI_ENABLE_EXAMPLES OFF CACHE BOOL "")
|
||||
set(SAPI_ENABLE_TESTS OFF CACHE BOOL "")
|
||||
add_subdirectory("${SAPI_ROOT}"
|
||||
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||
# Omit this to have the full Sandboxed API in IDE
|
||||
EXCLUDE_FROM_ALL)
|
||||
|
||||
add_sapi_library(pffft_sapi
|
||||
FUNCTIONS pffft_new_setup
|
||||
pffft_destroy_setup
|
||||
|
@ -83,22 +81,23 @@ add_sapi_library(pffft_sapi
|
|||
sinti
|
||||
sint
|
||||
|
||||
INPUTS master/pffft.h master/fftpack.h
|
||||
INPUTS "${pffft_SOURCE_DIR}/pffft.h"
|
||||
"${pffft_SOURCE_DIR}/fftpack.h"
|
||||
LIBRARY pffft
|
||||
LIBRARY_NAME Pffft
|
||||
|
||||
NAMESPACE ""
|
||||
)
|
||||
|
||||
add_library(sapi_contrib::pffft ALIAS pffft_sapi)
|
||||
target_include_directories(pffft_sapi INTERFACE
|
||||
"${PROJECT_BINARY_DIR}"
|
||||
"${SAPI_SOURCE_DIR}"
|
||||
)
|
||||
|
||||
add_executable(pffft_sandboxed
|
||||
main_pffft_sandboxed.cc
|
||||
)
|
||||
|
||||
target_link_libraries(pffft_sandboxed PRIVATE
|
||||
pffft_sapi
|
||||
sapi_contrib::pffft
|
||||
sapi::sapi
|
||||
)
|
|
@ -1,16 +1,35 @@
|
|||
# Sandboxing PFFFT library
|
||||
|
||||
This library was sandboxed as part of Google's summer 2020 internship program
|
||||
([blog post](https://security.googleblog.com/2020/12/improving-open-source-security-during.html)).
|
||||
|
||||
Build System: CMake
|
||||
OS: Linux
|
||||
|
||||
### Check out the PFFFT library & CMake set up
|
||||
```
|
||||
git submodule update --init --recursive
|
||||
### How to use from an existing Project
|
||||
|
||||
mkdir -p build && cd build
|
||||
cmake .. -G Ninja -DPFFFT_ROOT_DIR=$PWD
|
||||
ninjas
|
||||
If your project does not include Sandboxed API as a dependency yet, add the
|
||||
following lines to the main `CMakeLists.txt`:
|
||||
|
||||
```cmake
|
||||
include(FetchContent)
|
||||
|
||||
FetchContent_Declare(sandboxed-api
|
||||
GIT_REPOSITORY https://github.com/google/sandboxed-api
|
||||
GIT_TAG main # Or pin a specific commit/tag
|
||||
)
|
||||
FetchContent_MakeAvailable(sandboxed-api) # CMake 3.14 or higher
|
||||
|
||||
add_sapi_subdirectory(contrib/pffft)
|
||||
```
|
||||
|
||||
The `add_sapi_subdirectory()` macro sets up the source and binary directories
|
||||
for the sandboxed jsonnet targets.
|
||||
|
||||
Afterwards your project's code can link to `sapi_contrib::pffft` and use the
|
||||
generated header `pffft_sapi.sapi.h`. An example sandbox policy can be found
|
||||
in `main_pffft_sandboxed.cc`.
|
||||
|
||||
### For testing:
|
||||
`cd build`, then `./pffft_sandboxed`
|
||||
|
||||
|
@ -19,14 +38,15 @@ display custom info with
|
|||
`./pffft_sandboxed --logtostderr`
|
||||
|
||||
## ***About the project***
|
||||
*PFFFT library is concerned with 1D Fast-Fourier Transformations finding a
|
||||
|
||||
PFFFT library is concerned with 1D Fast-Fourier Transformations finding a
|
||||
compromise between accuracy and speed. It deals with real and complex
|
||||
vectors, both cases being illustrated in the testing part (`test_pffft.c`
|
||||
for initially and original version, `main_pffft_sandboxed.cc` for our
|
||||
currently implemented sandboxed version).
|
||||
The original files can be found at: https://bitbucket.org/jpommier/pffft/src.*
|
||||
|
||||
*The purpose of sandboxing is to limit the permissions and capabilities of
|
||||
The purpose of sandboxing is to limit the permissions and capabilities of
|
||||
library’s methods, in order to secure the usage of them.
|
||||
After obtaining the sandbox, the functions will be called through an
|
||||
Sandbox API (being called `api` in the current test) and so, the
|
||||
|
@ -50,10 +70,12 @@ Without using this type of argument when running, the output format is set
|
|||
by default.*
|
||||
|
||||
#### CMake observations resume:
|
||||
|
||||
* linking pffft and fftpack (which contains necessary functions for pffft)
|
||||
* set math library
|
||||
|
||||
#### Sandboxed main observations resume:
|
||||
|
||||
* containing two testing parts (fft / pffft benchmarks)
|
||||
* showing the performance of the transformations implies
|
||||
testing them through various FFT dimenstions.
|
|
@ -12,7 +12,7 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <gflags/gflags.h>
|
||||
#include <syscall.h>
|
||||
|
||||
#include <cmath>
|
||||
#include <cstdio>
|
||||
|
@ -21,6 +21,7 @@
|
|||
#include <ctime>
|
||||
|
||||
#include <glog/logging.h>
|
||||
#include "gflags/gflags.h"
|
||||
#include "pffft_sapi.sapi.h" // NOLINT(build/include)
|
||||
#include "sandboxed_api/util/flag.h"
|
||||
#include "sandboxed_api/vars.h"
|
44
contrib/turbojpeg/CMakeLists.txt
Normal file
44
contrib/turbojpeg/CMakeLists.txt
Normal file
|
@ -0,0 +1,44 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
cmake_minimum_required(VERSION 3.13..3.22)
|
||||
project(turbojpeg-sapi CXX C)
|
||||
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||
|
||||
if(NOT TARGET sapi::sapi)
|
||||
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||
add_subdirectory("${SAPI_ROOT}"
|
||||
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||
EXCLUDE_FROM_ALL)
|
||||
endif()
|
||||
|
||||
find_package(PkgConfig REQUIRED)
|
||||
pkg_check_modules(TURBOJPEG REQUIRED IMPORTED_TARGET libturbojpeg)
|
||||
|
||||
add_sapi_library(turbojpeg_sapi
|
||||
INPUTS "${TURBOJPEG_INCLUDEDIR}/turbojpeg.h"
|
||||
LIBRARY turbojpeg
|
||||
LIBRARY_NAME TurboJPEG
|
||||
NAMESPACE "turbojpeg_sapi"
|
||||
)
|
||||
add_library(sapi_contrib::turbojpeg ALIAS turbojpeg_sapi)
|
||||
target_include_directories(turbojpeg_sapi INTERFACE
|
||||
"${PROJECT_BINARY_DIR}"
|
||||
)
|
||||
|
||||
if(SAPI_ENABLE_TESTS)
|
||||
add_subdirectory(tests)
|
||||
endif()
|
26
contrib/turbojpeg/tests/CMakeLists.txt
Normal file
26
contrib/turbojpeg/tests/CMakeLists.txt
Normal file
|
@ -0,0 +1,26 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
include(GoogleTest)
|
||||
|
||||
add_executable(turbojpeg_sapi_test turbojpeg_sapi_test.cc)
|
||||
|
||||
target_link_libraries(turbojpeg_sapi_test PRIVATE
|
||||
turbojpeg_sapi
|
||||
sapi::base
|
||||
gtest
|
||||
gmock
|
||||
)
|
||||
|
||||
gtest_discover_tests(turbojpeg_sapi_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/tests")
|
BIN
contrib/turbojpeg/tests/sample.jpeg
Normal file
BIN
contrib/turbojpeg/tests/sample.jpeg
Normal file
Binary file not shown.
After Width: | Height: | Size: 257 B |
BIN
contrib/turbojpeg/tests/sample.rgb
Normal file
BIN
contrib/turbojpeg/tests/sample.rgb
Normal file
Binary file not shown.
181
contrib/turbojpeg/tests/turbojpeg_sapi_test.cc
Normal file
181
contrib/turbojpeg/tests/turbojpeg_sapi_test.cc
Normal file
|
@ -0,0 +1,181 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#define _GNU_SOURCE 1
|
||||
#include "../turbojpeg_sapi.h" // NOLINT(build/include)
|
||||
|
||||
#include <turbojpeg.h>
|
||||
|
||||
#include <cerrno>
|
||||
#include <cstdlib>
|
||||
#include <fstream>
|
||||
#include <iostream>
|
||||
|
||||
#include "gflags/gflags.h"
|
||||
#include "glog/logging.h"
|
||||
#include "gmock/gmock.h"
|
||||
#include "gtest/gtest.h"
|
||||
#include "sandboxed_api/testing.h"
|
||||
#include "sandboxed_api/util/fileops.h"
|
||||
#include "sandboxed_api/util/path.h"
|
||||
#include "sandboxed_api/util/status_matchers.h"
|
||||
#include "turbojpeg_sapi.sapi.h" // NOLINT(build/include)
|
||||
|
||||
namespace {
|
||||
|
||||
using ::sapi::IsOk;
|
||||
using ::testing::Eq;
|
||||
using ::testing::Gt;
|
||||
using ::testing::Not;
|
||||
using ::testing::NotNull;
|
||||
using ::testing::StrEq;
|
||||
|
||||
class TurboJpegSapiSandboxTest : public testing::Test {
|
||||
protected:
|
||||
static void SetUpTestSuite() {
|
||||
ASSERT_THAT(getenv("TEST_FILES_DIR"), NotNull());
|
||||
sandbox_ = new TurboJpegSapiSandbox();
|
||||
ASSERT_THAT(sandbox_->Init(), IsOk());
|
||||
api_ = new turbojpeg_sapi::TurboJPEGApi(sandbox_);
|
||||
}
|
||||
static void TearDownTestSuite() {
|
||||
delete api_;
|
||||
delete sandbox_;
|
||||
}
|
||||
|
||||
static std::string GetTurboJpegErrorStr(sapi::v::Ptr* handle) {
|
||||
auto errmsg_ptr = api_->tjGetErrorStr2(handle);
|
||||
if (!errmsg_ptr.ok()) return "Error getting error message";
|
||||
auto errmsg =
|
||||
sandbox_->GetCString(sapi::v::RemotePtr(errmsg_ptr.value()), 256);
|
||||
if (!errmsg.ok()) return "Error getting error message";
|
||||
return errmsg.value();
|
||||
}
|
||||
static turbojpeg_sapi::TurboJPEGApi* api_;
|
||||
static TurboJpegSapiSandbox* sandbox_;
|
||||
};
|
||||
|
||||
turbojpeg_sapi::TurboJPEGApi* TurboJpegSapiSandboxTest::api_;
|
||||
TurboJpegSapiSandbox* TurboJpegSapiSandboxTest::sandbox_;
|
||||
|
||||
std::string GetTestFilePath(const std::string& filename) {
|
||||
return sapi::file::JoinPath(getenv("TEST_FILES_DIR"), filename);
|
||||
}
|
||||
|
||||
std::streamsize GetStreamSize(std::ifstream& stream) {
|
||||
stream.seekg(0, std::ios_base::end);
|
||||
std::streamsize ssize = stream.tellg();
|
||||
stream.seekg(0, std::ios_base::beg);
|
||||
|
||||
return ssize;
|
||||
}
|
||||
|
||||
absl::StatusOr<std::vector<uint8_t>> ReadFile(const std::string& in_file,
|
||||
size_t expected_size = SIZE_MAX) {
|
||||
std::ifstream f(GetTestFilePath(in_file));
|
||||
if (!f.is_open()) {
|
||||
return absl::UnavailableError("File could not be opened");
|
||||
}
|
||||
std::streamsize ssize = GetStreamSize(f);
|
||||
if (expected_size != SIZE_MAX && ssize != expected_size) {
|
||||
return absl::UnavailableError("Incorrect size of file");
|
||||
}
|
||||
std::vector<uint8_t> inbuf(ssize);
|
||||
f.read(reinterpret_cast<char*>(inbuf.data()), ssize);
|
||||
if (ssize != f.gcount()) {
|
||||
return absl::UnavailableError("Premature end of file");
|
||||
}
|
||||
if (f.fail() || f.eof()) {
|
||||
return absl::UnavailableError("Error reading file");
|
||||
}
|
||||
return inbuf;
|
||||
}
|
||||
|
||||
TEST_F(TurboJpegSapiSandboxTest, Compressor) {
|
||||
absl::StatusOr<void*> compression_handle_raw = api_->tjInitCompress();
|
||||
ASSERT_THAT(compression_handle_raw, IsOk());
|
||||
ASSERT_THAT(compression_handle_raw.value(), NotNull());
|
||||
sapi::v::RemotePtr compression_handle{compression_handle_raw.value()};
|
||||
auto result = ReadFile("sample.rgb", 12 * 67 * 3);
|
||||
ASSERT_THAT(result, IsOk());
|
||||
sapi::v::Array array(result->data(), result->size());
|
||||
|
||||
sapi::v::GenericPtr buffer;
|
||||
{
|
||||
sapi::v::ULong length{0};
|
||||
auto result = api_->tjCompress2(&compression_handle, array.PtrBefore(), 12,
|
||||
36, 67, TJPF_RGB, buffer.PtrAfter(),
|
||||
length.PtrBoth(), TJSAMP_444, 10, 0);
|
||||
ASSERT_THAT(result, IsOk());
|
||||
ASSERT_THAT(result.value(), Eq(0))
|
||||
<< "Error from sandboxee: "
|
||||
<< GetTurboJpegErrorStr(&compression_handle);
|
||||
ASSERT_TRUE(buffer.GetValue());
|
||||
ASSERT_TRUE(buffer.GetRemote());
|
||||
ASSERT_THAT(length.GetValue(), Gt(0));
|
||||
}
|
||||
auto value = buffer.GetValue();
|
||||
|
||||
auto destroy_result = api_->tjDestroy(&compression_handle);
|
||||
ASSERT_THAT(destroy_result, IsOk());
|
||||
ASSERT_THAT(destroy_result.value(), Eq(0));
|
||||
}
|
||||
|
||||
TEST_F(TurboJpegSapiSandboxTest, Decompressor) {
|
||||
absl::StatusOr<void*> decompression_handle_raw = api_->tjInitDecompress();
|
||||
ASSERT_THAT(decompression_handle_raw, IsOk());
|
||||
ASSERT_THAT(decompression_handle_raw.value(), NotNull());
|
||||
sapi::v::RemotePtr decompression_handle{decompression_handle_raw.value()};
|
||||
auto result = ReadFile("sample.jpeg");
|
||||
ASSERT_THAT(result, IsOk());
|
||||
sapi::v::Array array(result->data(), result->size());
|
||||
|
||||
sapi::v::Int width{0};
|
||||
sapi::v::Int height{0};
|
||||
sapi::v::Int subsamp{0};
|
||||
sapi::v::Int colorspace{0};
|
||||
auto decompress_result = api_->tjDecompressHeader3(
|
||||
&decompression_handle, array.PtrBefore(), result->size(),
|
||||
width.PtrAfter(), height.PtrAfter(), subsamp.PtrAfter(),
|
||||
colorspace.PtrAfter());
|
||||
ASSERT_THAT(decompress_result, IsOk());
|
||||
ASSERT_THAT(decompress_result.value(), Eq(0))
|
||||
<< "Error from sandboxee: "
|
||||
<< GetTurboJpegErrorStr(&decompression_handle);
|
||||
|
||||
ASSERT_THAT(width.GetValue(), Eq(67));
|
||||
ASSERT_THAT(height.GetValue(), Eq(12));
|
||||
ASSERT_THAT(subsamp.GetValue(), Eq(TJSAMP_GRAY));
|
||||
ASSERT_THAT(colorspace.GetValue(), Eq(TJCS_GRAY));
|
||||
|
||||
auto arr = sapi::v::Array<unsigned char>(12 * 67 * 3);
|
||||
decompress_result = api_->tjDecompress2(
|
||||
&decompression_handle, array.PtrBefore(), result->size(), arr.PtrAfter(),
|
||||
12, 36, 67, TJCS_RGB, 0);
|
||||
ASSERT_THAT(decompress_result, IsOk());
|
||||
EXPECT_THAT(decompress_result.value(), Eq(0))
|
||||
<< "Error from sandboxee: "
|
||||
<< GetTurboJpegErrorStr(&decompression_handle);
|
||||
|
||||
decompress_result = api_->tjDestroy(&decompression_handle);
|
||||
ASSERT_THAT(decompress_result, IsOk());
|
||||
ASSERT_THAT(decompress_result.value(), Eq(0));
|
||||
}
|
||||
} // namespace
|
||||
|
||||
int main(int argc, char* argv[]) {
|
||||
::google::InitGoogleLogging(program_invocation_short_name);
|
||||
::testing::InitGoogleTest(&argc, argv);
|
||||
return RUN_ALL_TESTS();
|
||||
}
|
44
contrib/turbojpeg/turbojpeg_sapi.h
Normal file
44
contrib/turbojpeg/turbojpeg_sapi.h
Normal file
|
@ -0,0 +1,44 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
||||
#define CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
||||
|
||||
#include <syscall.h>
|
||||
|
||||
#include "sandboxed_api/util/fileops.h"
|
||||
#include "turbojpeg_sapi.sapi.h" // NOLINT(build/include)
|
||||
class TurboJpegSapiSandbox : public turbojpeg_sapi::TurboJPEGSandbox {
|
||||
public:
|
||||
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
|
||||
sandbox2::PolicyBuilder*) override {
|
||||
return sandbox2::PolicyBuilder()
|
||||
.AllowSystemMalloc()
|
||||
.AllowRead()
|
||||
.AllowStat()
|
||||
.AllowWrite()
|
||||
.AllowExit()
|
||||
.AllowSyscalls({
|
||||
__NR_futex,
|
||||
__NR_close,
|
||||
__NR_lseek,
|
||||
__NR_getpid,
|
||||
__NR_clock_gettime,
|
||||
})
|
||||
.AllowLlvmSanitizers()
|
||||
.BuildOrDie();
|
||||
}
|
||||
};
|
||||
|
||||
#endif // CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
|
@ -32,6 +32,8 @@ FetchContent_Declare(zopfli
|
|||
)
|
||||
FetchContent_MakeAvailable(zopfli)
|
||||
|
||||
add_subdirectory(wrapper)
|
||||
|
||||
add_sapi_library(
|
||||
sapi_zopfli
|
||||
|
||||
|
@ -44,12 +46,14 @@ add_sapi_library(
|
|||
ZopfliZlibCompress
|
||||
ZopfliGzipCompress
|
||||
|
||||
ZopfliCompressFD
|
||||
INPUTS
|
||||
"${zopfli_SOURCE_DIR}/src/zopfli/deflate.h"
|
||||
"${zopfli_SOURCE_DIR}/src/zopfli/gzip_container.h"
|
||||
"${zopfli_SOURCE_DIR}/src/zopfli/zlib_container.h"
|
||||
wrapper/wrapper_zopfli.h
|
||||
|
||||
LIBRARY Zopfli::libzopfli
|
||||
LIBRARY wrapper_zopfli
|
||||
LIBRARY_NAME Zopfli
|
||||
NAMESPACE ""
|
||||
)
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <fstream>
|
||||
|
@ -23,9 +24,39 @@
|
|||
#include "contrib/zopfli/sandboxed.h"
|
||||
#include "contrib/zopfli/utils/utils_zopfli.h"
|
||||
|
||||
ABSL_FLAG(bool, stream, false, "stream memory to sandbox");
|
||||
ABSL_FLAG(bool, zlib, false, "zlib compression");
|
||||
ABSL_FLAG(bool, gzip, false, "gzip compression");
|
||||
|
||||
absl::Status CompressMain(ZopfliApi& api, std::string& infile_s,
|
||||
std::string& outfile_s, ZopfliFormat format) {
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
if (!infile.is_open()) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
|
||||
}
|
||||
std::ofstream outfile(outfile_s, std::ios::binary);
|
||||
if (!outfile.is_open()) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
|
||||
}
|
||||
|
||||
return Compress(api, infile, outfile, format);
|
||||
}
|
||||
|
||||
absl::Status CompressMainFD(ZopfliApi& api, std::string& infile_s,
|
||||
std::string& outfile_s, ZopfliFormat format) {
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
if (infd.GetValue() < 0) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
|
||||
}
|
||||
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY | O_CREAT));
|
||||
if (outfd.GetValue() < 0) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
|
||||
}
|
||||
|
||||
return (CompressFD(api, infd, outfd, format));
|
||||
}
|
||||
|
||||
int main(int argc, char* argv[]) {
|
||||
std::string prog_name(argv[0]);
|
||||
google::InitGoogleLogging(argv[0]);
|
||||
|
@ -36,22 +67,13 @@ int main(int argc, char* argv[]) {
|
|||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
std::ifstream infile(args[1], std::ios::binary);
|
||||
if (!infile.is_open()) {
|
||||
std::cerr << "Unable to open " << args[1] << std::endl;
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
std::ofstream outfile(args[2], std::ios::binary);
|
||||
if (!outfile.is_open()) {
|
||||
std::cerr << "Unable to open " << args[2] << std::endl;
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
ZopfliSapiSandbox sandbox;
|
||||
if (!sandbox.Init().ok()) {
|
||||
std::cerr << "Unable to start sandbox\n";
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
std::string infile_s(args[1]);
|
||||
std::string outfile_s(args[2]);
|
||||
|
||||
ZopfliApi api(&sandbox);
|
||||
|
||||
|
@ -62,7 +84,13 @@ int main(int argc, char* argv[]) {
|
|||
format = ZOPFLI_FORMAT_GZIP;
|
||||
}
|
||||
|
||||
absl::Status status = Compress(api, infile, outfile, format);
|
||||
absl::Status status;
|
||||
if (absl::GetFlag(FLAGS_stream)) {
|
||||
status = CompressMain(api, infile_s, outfile_s, format);
|
||||
} else {
|
||||
status = CompressMainFD(api, infile_s, outfile_s, format);
|
||||
}
|
||||
|
||||
if (!status.ok()) {
|
||||
std::cerr << "Unable to compress file.\n";
|
||||
std::cerr << status << std::endl;
|
||||
|
|
|
@ -28,12 +28,13 @@ class ZopfliSapiSandbox : public ZopfliSandbox {
|
|||
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
|
||||
sandbox2::PolicyBuilder *) override {
|
||||
return sandbox2::PolicyBuilder()
|
||||
.AllowStaticStartup()
|
||||
.AllowDynamicStartup()
|
||||
.AllowWrite()
|
||||
.AllowExit()
|
||||
.AllowMmap()
|
||||
.AllowSystemMalloc()
|
||||
.AllowSyscalls({
|
||||
__NR_recvmsg,
|
||||
__NR_sysinfo,
|
||||
})
|
||||
#ifdef __NR_open
|
||||
|
|
|
@ -12,6 +12,8 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <fcntl.h>
|
||||
|
||||
#include <fstream>
|
||||
|
||||
#include "contrib/zopfli/sandboxed.h"
|
||||
|
@ -41,8 +43,9 @@ std::string GetTemporaryFile(const std::string& filename) {
|
|||
}
|
||||
|
||||
class TestText : public testing::TestWithParam<ZopfliFormat> {};
|
||||
|
||||
class TestBinary : public testing::TestWithParam<ZopfliFormat> {};
|
||||
class TestTextFD : public testing::TestWithParam<ZopfliFormat> {};
|
||||
class TestBinaryFD : public testing::TestWithParam<ZopfliFormat> {};
|
||||
|
||||
TEST_P(TestText, Compress) {
|
||||
ZopfliSapiSandbox sandbox;
|
||||
|
@ -95,4 +98,68 @@ INSTANTIATE_TEST_SUITE_P(SandboxTest, TestBinary,
|
|||
testing::Values(ZOPFLI_FORMAT_DEFLATE,
|
||||
ZOPFLI_FORMAT_GZIP,
|
||||
ZOPFLI_FORMAT_ZLIB));
|
||||
|
||||
TEST_P(TestTextFD, Compress) {
|
||||
ZopfliSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
ZopfliApi api = ZopfliApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
std::string outfile_s = GetTemporaryFile("text.out");
|
||||
ASSERT_THAT(outfile_s, Not(IsEmpty()));
|
||||
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(infd.GetValue(), 0);
|
||||
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outfd.GetValue(), 0);
|
||||
|
||||
absl::Status status = CompressFD(api, infd, outfd, GetParam());
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
|
||||
|
||||
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(inpos, 0);
|
||||
|
||||
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(outpos, 0);
|
||||
|
||||
EXPECT_LT(outpos, inpos);
|
||||
}
|
||||
|
||||
INSTANTIATE_TEST_SUITE_P(SandboxTest, TestTextFD,
|
||||
testing::Values(ZOPFLI_FORMAT_DEFLATE,
|
||||
ZOPFLI_FORMAT_GZIP,
|
||||
ZOPFLI_FORMAT_ZLIB));
|
||||
|
||||
TEST_P(TestBinaryFD, Compress) {
|
||||
ZopfliSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
ZopfliApi api = ZopfliApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("binary");
|
||||
std::string outfile_s = GetTemporaryFile("binary.out");
|
||||
ASSERT_THAT(outfile_s, Not(IsEmpty()));
|
||||
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(infd.GetValue(), 0);
|
||||
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outfd.GetValue(), 0);
|
||||
|
||||
absl::Status status = CompressFD(api, infd, outfd, GetParam());
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
|
||||
|
||||
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(inpos, 0);
|
||||
|
||||
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(outpos, 0);
|
||||
|
||||
EXPECT_LT(outpos, inpos);
|
||||
}
|
||||
|
||||
INSTANTIATE_TEST_SUITE_P(SandboxTest, TestBinaryFD,
|
||||
testing::Values(ZOPFLI_FORMAT_DEFLATE,
|
||||
ZOPFLI_FORMAT_GZIP,
|
||||
ZOPFLI_FORMAT_ZLIB));
|
||||
} // namespace
|
||||
|
|
|
@ -54,3 +54,25 @@ absl::Status Compress(ZopfliApi& api, std::ifstream& instream,
|
|||
}
|
||||
return absl::OkStatus();
|
||||
}
|
||||
|
||||
absl::Status CompressFD(ZopfliApi& api, sapi::v::Fd& infd, sapi::v::Fd& outfd,
|
||||
ZopfliFormat format) {
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
|
||||
|
||||
sapi::v::Struct<ZopfliOptions> options;
|
||||
SAPI_RETURN_IF_ERROR(api.ZopfliInitOptions(options.PtrAfter()));
|
||||
|
||||
SAPI_ASSIGN_OR_RETURN(
|
||||
int ret, api.ZopfliCompressFD(options.PtrBefore(), format,
|
||||
infd.GetRemoteFd(), outfd.GetRemoteFd()));
|
||||
|
||||
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
|
||||
if (ret == -1) {
|
||||
return absl::UnavailableError("Unable to compress file");
|
||||
}
|
||||
|
||||
return absl::OkStatus();
|
||||
}
|
||||
|
|
|
@ -23,4 +23,7 @@
|
|||
absl::Status Compress(ZopfliApi& api, std::ifstream& instream,
|
||||
std::ofstream& outstream, ZopfliFormat format);
|
||||
|
||||
absl::Status CompressFD(ZopfliApi& api, sapi::v::Fd& infd, sapi::v::Fd& outfd,
|
||||
ZopfliFormat format);
|
||||
|
||||
#endif // CONTRIB_ZOPFLI_UTILS_UTILS_ZOPFLI_H_
|
||||
|
|
28
contrib/zopfli/wrapper/CMakeLists.txt
Normal file
28
contrib/zopfli/wrapper/CMakeLists.txt
Normal file
|
@ -0,0 +1,28 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
add_library(
|
||||
wrapper_zopfli STATIC
|
||||
|
||||
wrapper_zopfli.cc
|
||||
)
|
||||
|
||||
target_link_libraries(wrapper_zopfli PUBLIC
|
||||
Zopfli::libzopfli
|
||||
)
|
||||
|
||||
target_include_directories(wrapper_zopfli PUBLIC
|
||||
${SAPI_SOURCE_DIR}
|
||||
${libzopfli_SOURCE_DIR}/src/zopfli
|
||||
)
|
50
contrib/zopfli/wrapper/wrapper_zopfli.cc
Normal file
50
contrib/zopfli/wrapper/wrapper_zopfli.cc
Normal file
|
@ -0,0 +1,50 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "contrib/zopfli/wrapper/wrapper_zopfli.h"
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <cstdio>
|
||||
#include <cstdlib>
|
||||
#include <memory>
|
||||
|
||||
int ZopfliCompressFD(const ZopfliOptions* options, ZopfliFormat output_type,
|
||||
int infd, int outfd) {
|
||||
off_t insize = lseek(infd, 0, SEEK_END);
|
||||
if (insize < 0) {
|
||||
return -1;
|
||||
}
|
||||
if (lseek(infd, 0, SEEK_SET) < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
auto inbuf = std::make_unique<uint8_t[]>(insize);
|
||||
if (read(infd, inbuf.get(), insize) != insize) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
size_t outsize = 0;
|
||||
uint8_t* outbuf = nullptr;
|
||||
ZopfliCompress(options, output_type, inbuf.get(), insize, &outbuf, &outsize);
|
||||
size_t retsize = write(outfd, outbuf, outsize);
|
||||
free(outbuf);
|
||||
|
||||
if (outsize != retsize) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
25
contrib/zopfli/wrapper/wrapper_zopfli.h
Normal file
25
contrib/zopfli/wrapper/wrapper_zopfli.h
Normal file
|
@ -0,0 +1,25 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_
|
||||
#define CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_
|
||||
|
||||
#include "zopfli.h" // NOLINT(build/include)
|
||||
|
||||
extern "C" {
|
||||
int ZopfliCompressFD(const ZopfliOptions* options, ZopfliFormat output_type,
|
||||
int infd, int outfd);
|
||||
};
|
||||
|
||||
#endif // CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_
|
|
@ -34,6 +34,8 @@ FetchContent_Declare(libzstd
|
|||
FetchContent_MakeAvailable(libzstd)
|
||||
|
||||
set(libzstd_INCLUDE_DIR "${libzstd_SOURCE_DIR}/lib")
|
||||
add_subdirectory(wrapper)
|
||||
|
||||
add_sapi_library(
|
||||
sapi_zstd
|
||||
|
||||
|
@ -70,10 +72,16 @@ add_sapi_library(
|
|||
|
||||
ZSTD_getFrameContentSize
|
||||
|
||||
ZSTD_compress_fd
|
||||
ZSTD_compressStream_fd
|
||||
|
||||
ZSTD_decompress_fd
|
||||
ZSTD_decompressStream_fd
|
||||
INPUTS
|
||||
"${libzstd_INCLUDE_DIR}/zstd.h"
|
||||
wrapper/wrapper_zstd.h
|
||||
|
||||
LIBRARY libzstd_static
|
||||
LIBRARY wrapper_zstd
|
||||
LIBRARY_NAME Zstd
|
||||
NAMESPACE ""
|
||||
)
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <cstdlib>
|
||||
|
@ -25,10 +26,56 @@
|
|||
#include "contrib/zstd/sandboxed.h"
|
||||
#include "contrib/zstd/utils/utils_zstd.h"
|
||||
|
||||
ABSL_FLAG(bool, stream, false, "stream data to sandbox");
|
||||
ABSL_FLAG(bool, decompress, false, "decompress");
|
||||
ABSL_FLAG(bool, memory_mode, false, "in memory operations");
|
||||
ABSL_FLAG(uint32_t, level, 0, "compression level");
|
||||
|
||||
absl::Status Stream(ZstdApi& api, std::string infile_s, std::string outfile_s) {
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
if (!infile.is_open()) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
|
||||
}
|
||||
std::ofstream outfile(outfile_s, std::ios::binary);
|
||||
if (!outfile.is_open()) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
|
||||
}
|
||||
|
||||
if (absl::GetFlag(FLAGS_memory_mode)) {
|
||||
if (absl::GetFlag(FLAGS_decompress)) {
|
||||
return DecompressInMemory(api, infile, outfile);
|
||||
}
|
||||
return CompressInMemory(api, infile, outfile, absl::GetFlag(FLAGS_level));
|
||||
}
|
||||
if (absl::GetFlag(FLAGS_decompress)) {
|
||||
return DecompressStream(api, infile, outfile);
|
||||
}
|
||||
return CompressStream(api, infile, outfile, absl::GetFlag(FLAGS_level));
|
||||
}
|
||||
|
||||
absl::Status FileDescriptor(ZstdApi& api, std::string infile_s,
|
||||
std::string outfile_s) {
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
if (infd.GetValue() < 0) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
|
||||
}
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY | O_CREAT));
|
||||
if (outfd.GetValue() < 0) {
|
||||
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
|
||||
}
|
||||
|
||||
if (absl::GetFlag(FLAGS_memory_mode)) {
|
||||
if (absl::GetFlag(FLAGS_decompress)) {
|
||||
return DecompressInMemoryFD(api, infd, outfd);
|
||||
}
|
||||
return CompressInMemoryFD(api, infd, outfd, absl::GetFlag(FLAGS_level));
|
||||
}
|
||||
if (absl::GetFlag(FLAGS_decompress)) {
|
||||
return DecompressStreamFD(api, infd, outfd);
|
||||
}
|
||||
return CompressStreamFD(api, infd, outfd, absl::GetFlag(FLAGS_level));
|
||||
}
|
||||
|
||||
int main(int argc, char* argv[]) {
|
||||
std::string prog_name(argv[0]);
|
||||
google::InitGoogleLogging(argv[0]);
|
||||
|
@ -39,17 +86,6 @@ int main(int argc, char* argv[]) {
|
|||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
std::ifstream infile(args[1], std::ios::binary);
|
||||
if (!infile.is_open()) {
|
||||
std::cerr << "Unable to open " << args[1] << std::endl;
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
std::ofstream outfile(args[2], std::ios::binary);
|
||||
if (!outfile.is_open()) {
|
||||
std::cerr << "Unable to open " << args[2] << std::endl;
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
ZstdSapiSandbox sandbox;
|
||||
if (!sandbox.Init().ok()) {
|
||||
std::cerr << "Unable to start sandbox\n";
|
||||
|
@ -59,16 +95,10 @@ int main(int argc, char* argv[]) {
|
|||
ZstdApi api(&sandbox);
|
||||
|
||||
absl::Status status;
|
||||
if (absl::GetFlag(FLAGS_memory_mode) && absl::GetFlag(FLAGS_decompress)) {
|
||||
status = DecompressInMemory(api, infile, outfile);
|
||||
} else if (absl::GetFlag(FLAGS_memory_mode) &&
|
||||
!absl::GetFlag(FLAGS_decompress)) {
|
||||
status = CompressInMemory(api, infile, outfile, absl::GetFlag(FLAGS_level));
|
||||
} else if (!absl::GetFlag(FLAGS_memory_mode) &&
|
||||
absl::GetFlag(FLAGS_decompress)) {
|
||||
status = DecompressStream(api, infile, outfile);
|
||||
if (absl::GetFlag(FLAGS_stream)) {
|
||||
status = Stream(api, argv[1], argv[2]);
|
||||
} else {
|
||||
status = CompressStream(api, infile, outfile, absl::GetFlag(FLAGS_level));
|
||||
status = FileDescriptor(api, argv[1], argv[2]);
|
||||
}
|
||||
|
||||
if (!status.ok()) {
|
||||
|
|
|
@ -27,10 +27,12 @@ class ZstdSapiSandbox : public ZstdSandbox {
|
|||
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
|
||||
sandbox2::PolicyBuilder*) override {
|
||||
return sandbox2::PolicyBuilder()
|
||||
.AllowDynamicStartup()
|
||||
.AllowRead()
|
||||
.AllowWrite()
|
||||
.AllowSystemMalloc()
|
||||
.AllowExit()
|
||||
.AllowSyscalls({__NR_recvmsg})
|
||||
.BuildOrDie();
|
||||
}
|
||||
};
|
||||
|
|
|
@ -12,6 +12,9 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <fstream>
|
||||
#include <string>
|
||||
|
||||
|
@ -101,11 +104,10 @@ TEST(SandboxTest, CheckCompressInMemory) {
|
|||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
|
||||
absl::StatusOr<std::string> path =
|
||||
sapi::CreateNamedTempFileAndClose("out.zstd");
|
||||
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out.zstd"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
@ -126,10 +128,10 @@ TEST(SandboxTest, CheckDecompressInMemory) {
|
|||
|
||||
std::string infile_s = GetTestFilePath("text.blob.zstd");
|
||||
|
||||
absl::StatusOr<std::string> path = sapi::CreateNamedTempFileAndClose("out");
|
||||
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
@ -153,16 +155,15 @@ TEST(SandboxTest, CheckCompressAndDecompressInMemory) {
|
|||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
|
||||
absl::StatusOr<std::string> path_middle =
|
||||
sapi::CreateNamedTempFileAndClose("middle.zstd");
|
||||
ASSERT_THAT(path_middle, IsOk()) << "Could not create temp output file";
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path_middle,
|
||||
sapi::CreateNamedTempFileAndClose("middle.zstd"));
|
||||
std::string middle_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path_middle);
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path_middle);
|
||||
|
||||
absl::StatusOr<std::string> path = sapi::CreateNamedTempFileAndClose("out");
|
||||
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
@ -193,12 +194,10 @@ TEST(SandboxTest, CheckCompressStream) {
|
|||
ZstdApi api = ZstdApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
|
||||
absl::StatusOr<std::string> path =
|
||||
sapi::CreateNamedTempFileAndClose("out.zstd");
|
||||
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out.zstd"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
@ -220,11 +219,10 @@ TEST(SandboxTest, CheckDecompressStream) {
|
|||
ZstdApi api = ZstdApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text.stream.zstd");
|
||||
|
||||
absl::StatusOr<std::string> path = sapi::CreateNamedTempFileAndClose("out");
|
||||
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
@ -248,16 +246,15 @@ TEST(SandboxTest, CheckCompressAndDecompressStream) {
|
|||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
|
||||
absl::StatusOr<std::string> path_middle =
|
||||
sapi::CreateNamedTempFileAndClose("middle.zstd");
|
||||
ASSERT_THAT(path_middle, IsOk()) << "Could not create temp output file";
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path_middle,
|
||||
sapi::CreateNamedTempFileAndClose("middle.zstd"));
|
||||
std::string middle_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path_middle);
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path_middle);
|
||||
|
||||
absl::StatusOr<std::string> path = sapi::CreateNamedTempFileAndClose("out");
|
||||
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
std::ifstream infile(infile_s, std::ios::binary);
|
||||
ASSERT_TRUE(infile.is_open());
|
||||
|
@ -278,8 +275,235 @@ TEST(SandboxTest, CheckCompressAndDecompressStream) {
|
|||
ASSERT_TRUE(outfile.is_open());
|
||||
|
||||
status = DecompressStream(api, inmiddle, outfile);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to decompress";
|
||||
|
||||
ASSERT_TRUE(CompareFiles(infile_s, outfile_s));
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckCompressInMemoryFD) {
|
||||
ZstdSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
ZstdApi api = ZstdApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out.zstd"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(infd.GetValue(), 0);
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outfd.GetValue(), 0);
|
||||
|
||||
absl::Status status = CompressInMemoryFD(api, infd, outfd, 0);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file in memory";
|
||||
|
||||
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(inpos, 0);
|
||||
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(outpos, 0);
|
||||
|
||||
EXPECT_LT(outpos, inpos);
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckDecompressInMemoryFD) {
|
||||
ZstdSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
ZstdApi api = ZstdApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text.blob.zstd");
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(infd.GetValue(), 0);
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outfd.GetValue(), 0);
|
||||
|
||||
absl::Status status = DecompressInMemoryFD(api, infd, outfd);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file in memory";
|
||||
|
||||
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(inpos, 0);
|
||||
|
||||
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(outpos, 0);
|
||||
|
||||
EXPECT_GT(outpos, inpos);
|
||||
|
||||
ASSERT_TRUE(CompareFiles(GetTestFilePath("text"), outfile_s));
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckCompressAndDecompressInMemoryFD) {
|
||||
ZstdSapiSandbox sandbox;
|
||||
absl::Status status;
|
||||
int ret;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
ZstdApi api = ZstdApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path_middle,
|
||||
sapi::CreateNamedTempFileAndClose("middle.zstd"));
|
||||
std::string middle_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path_middle);
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(infd.GetValue(), 0);
|
||||
|
||||
sapi::v::Fd outmiddlefd(open(middle_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outmiddlefd.GetValue(), 0);
|
||||
|
||||
status = CompressInMemoryFD(api, infd, outmiddlefd, 0);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress file in memory";
|
||||
|
||||
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(inpos, 0);
|
||||
|
||||
off_t outpos = lseek(outmiddlefd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(outpos, 0);
|
||||
|
||||
EXPECT_LT(outpos, inpos);
|
||||
|
||||
infd.CloseLocalFd();
|
||||
outmiddlefd.CloseLocalFd();
|
||||
|
||||
sapi::v::Fd inmiddlefd(open(middle_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(inmiddlefd.GetValue(), 0);
|
||||
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outfd.GetValue(), 0);
|
||||
|
||||
status = DecompressInMemoryFD(api, inmiddlefd, outfd);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to decompress file in memory";
|
||||
|
||||
outfd.CloseLocalFd();
|
||||
inmiddlefd.CloseLocalFd();
|
||||
|
||||
ASSERT_TRUE(CompareFiles(infile_s, outfile_s));
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckCompressStreamFD) {
|
||||
absl::Status status;
|
||||
ZstdSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
ZstdApi api = ZstdApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out.zstd"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(infd.GetValue(), 0);
|
||||
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outfd.GetValue(), 0);
|
||||
|
||||
status = CompressStreamFD(api, infd, outfd, 0);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress stream";
|
||||
|
||||
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(inpos, 0);
|
||||
|
||||
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(outpos, 0);
|
||||
|
||||
EXPECT_LT(outpos, inpos);
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckDecompressStreamFD) {
|
||||
absl::Status status;
|
||||
ZstdSapiSandbox sandbox;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
ZstdApi api = ZstdApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text.stream.zstd");
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(infd.GetValue(), 0);
|
||||
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outfd.GetValue(), 0);
|
||||
|
||||
status = DecompressStreamFD(api, infd, outfd);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to decompress stream";
|
||||
|
||||
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(inpos, 0);
|
||||
|
||||
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(outpos, 0);
|
||||
|
||||
EXPECT_GT(outpos, inpos);
|
||||
|
||||
ASSERT_TRUE(CompareFiles(GetTestFilePath("text"), outfile_s));
|
||||
}
|
||||
|
||||
TEST(SandboxTest, CheckCompressAndDecompressStreamFD) {
|
||||
ZstdSapiSandbox sandbox;
|
||||
absl::Status status;
|
||||
int ret;
|
||||
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
|
||||
ZstdApi api = ZstdApi(&sandbox);
|
||||
|
||||
std::string infile_s = GetTestFilePath("text");
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path_middle,
|
||||
sapi::CreateNamedTempFileAndClose("middle.zstd"));
|
||||
std::string middle_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path_middle);
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
|
||||
sapi::CreateNamedTempFileAndClose("out"));
|
||||
std::string outfile_s =
|
||||
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
|
||||
|
||||
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(infd.GetValue(), 0);
|
||||
|
||||
sapi::v::Fd outmiddlefd(open(middle_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outmiddlefd.GetValue(), 0);
|
||||
|
||||
status = CompressStreamFD(api, infd, outmiddlefd, 0);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to compress stream";
|
||||
|
||||
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(inpos, 0);
|
||||
|
||||
off_t outmiddlepos = lseek(outmiddlefd.GetValue(), 0, SEEK_END);
|
||||
EXPECT_GE(outmiddlepos, 0);
|
||||
|
||||
EXPECT_LT(outmiddlepos, inpos);
|
||||
|
||||
infd.CloseLocalFd();
|
||||
outmiddlefd.CloseLocalFd();
|
||||
|
||||
sapi::v::Fd inmiddlefd(open(middle_s.c_str(), O_RDONLY));
|
||||
ASSERT_GE(inmiddlefd.GetValue(), 0);
|
||||
|
||||
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
|
||||
ASSERT_GE(outfd.GetValue(), 0);
|
||||
|
||||
status = DecompressStreamFD(api, inmiddlefd, outfd);
|
||||
ASSERT_THAT(status, IsOk()) << "Unable to decompress stream";
|
||||
|
||||
ASSERT_TRUE(CompareFiles(infile_s, outfile_s));
|
||||
}
|
||||
|
||||
|
|
|
@ -241,3 +241,95 @@ absl::Status DecompressStream(ZstdApi& api, std::ifstream& in_stream,
|
|||
|
||||
return absl::OkStatus();
|
||||
}
|
||||
|
||||
absl::Status CompressInMemoryFD(ZstdApi& api, sapi::v::Fd& infd,
|
||||
sapi::v::Fd& outfd, int level) {
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
|
||||
|
||||
SAPI_ASSIGN_OR_RETURN(
|
||||
int iserr,
|
||||
api.ZSTD_compress_fd(infd.GetRemoteFd(), outfd.GetRemoteFd(), 0));
|
||||
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_isError(iserr))
|
||||
if (iserr) {
|
||||
return absl::UnavailableError("Unable to compress file");
|
||||
}
|
||||
|
||||
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
|
||||
return absl::OkStatus();
|
||||
}
|
||||
|
||||
absl::Status DecompressInMemoryFD(ZstdApi& api, sapi::v::Fd& infd,
|
||||
sapi::v::Fd& outfd) {
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
|
||||
|
||||
SAPI_ASSIGN_OR_RETURN(int iserr, api.ZSTD_decompress_fd(infd.GetRemoteFd(),
|
||||
outfd.GetRemoteFd()));
|
||||
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_isError(iserr))
|
||||
if (iserr) {
|
||||
return absl::UnavailableError("Unable to compress file");
|
||||
}
|
||||
|
||||
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
|
||||
return absl::OkStatus();
|
||||
}
|
||||
|
||||
absl::Status CompressStreamFD(ZstdApi& api, sapi::v::Fd& infd,
|
||||
sapi::v::Fd& outfd, int level) {
|
||||
SAPI_ASSIGN_OR_RETURN(ZSTD_CCtx * cctx, api.ZSTD_createCCtx());
|
||||
sapi::v::RemotePtr rcctx(cctx);
|
||||
|
||||
int iserr;
|
||||
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_CCtx_setParameter(
|
||||
&rcctx, ZSTD_c_compressionLevel, level));
|
||||
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_isError(iserr));
|
||||
if (iserr) {
|
||||
return absl::UnavailableError("Unable to set parameter l");
|
||||
}
|
||||
SAPI_ASSIGN_OR_RETURN(
|
||||
iserr, api.ZSTD_CCtx_setParameter(&rcctx, ZSTD_c_checksumFlag, 1));
|
||||
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_isError(iserr));
|
||||
if (iserr) {
|
||||
return absl::UnavailableError("Unable to set parameter c");
|
||||
}
|
||||
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
|
||||
|
||||
SAPI_ASSIGN_OR_RETURN(iserr,
|
||||
api.ZSTD_compressStream_fd(&rcctx, infd.GetRemoteFd(),
|
||||
outfd.GetRemoteFd()));
|
||||
if (iserr) {
|
||||
return absl::UnavailableError("Unable to compress");
|
||||
}
|
||||
|
||||
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
|
||||
return absl::OkStatus();
|
||||
}
|
||||
|
||||
absl::Status DecompressStreamFD(ZstdApi& api, sapi::v::Fd& infd,
|
||||
sapi::v::Fd& outfd) {
|
||||
SAPI_ASSIGN_OR_RETURN(ZSTD_DCtx * dctx, api.ZSTD_createDCtx());
|
||||
sapi::v::RemotePtr rdctx(dctx);
|
||||
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
|
||||
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
|
||||
|
||||
SAPI_ASSIGN_OR_RETURN(int iserr,
|
||||
api.ZSTD_decompressStream_fd(&rdctx, infd.GetRemoteFd(),
|
||||
outfd.GetRemoteFd()));
|
||||
if (iserr) {
|
||||
return absl::UnavailableError("Unable to decompress");
|
||||
}
|
||||
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
|
||||
|
||||
return absl::OkStatus();
|
||||
}
|
||||
|
|
|
@ -24,10 +24,18 @@ absl::Status CompressInMemory(ZstdApi& api, std::ifstream& in_stream,
|
|||
std::ofstream& out_stream, int level);
|
||||
absl::Status DecompressInMemory(ZstdApi& api, std::ifstream& in_stream,
|
||||
std::ofstream& out_stream);
|
||||
absl::Status CompressInMemoryFD(ZstdApi& api, sapi::v::Fd& infd,
|
||||
sapi::v::Fd& outfd, int level);
|
||||
absl::Status DecompressInMemoryFD(ZstdApi& api, sapi::v::Fd& infd,
|
||||
sapi::v::Fd& outfd);
|
||||
|
||||
absl::Status CompressStream(ZstdApi& api, std::ifstream& in_stream,
|
||||
std::ofstream& out_stream, int level);
|
||||
absl::Status DecompressStream(ZstdApi& api, std::ifstream& in_stream,
|
||||
std::ofstream& out_stream);
|
||||
absl::Status CompressStreamFD(ZstdApi& api, sapi::v::Fd& infd,
|
||||
sapi::v::Fd& outfd, int level);
|
||||
absl::Status DecompressStreamFD(ZstdApi& api, sapi::v::Fd& infd,
|
||||
sapi::v::Fd& outfd);
|
||||
|
||||
#endif // CONTRIB_ZSTD_UTILS_UTILS_ZSTD_H_
|
||||
|
|
24
contrib/zstd/wrapper/CMakeLists.txt
Normal file
24
contrib/zstd/wrapper/CMakeLists.txt
Normal file
|
@ -0,0 +1,24 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
add_library(wrapper_zstd STATIC
|
||||
wrapper_zstd.cc
|
||||
)
|
||||
target_link_libraries(wrapper_zstd PUBLIC
|
||||
libzstd_static
|
||||
)
|
||||
target_include_directories(wrapper_zstd PUBLIC
|
||||
"${SAPI_SOURCE_DIR}"
|
||||
"${libzstd_INCLUDE_DIR}"
|
||||
)
|
182
contrib/zstd/wrapper/wrapper_zstd.cc
Normal file
182
contrib/zstd/wrapper/wrapper_zstd.cc
Normal file
|
@ -0,0 +1,182 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "contrib/zstd/wrapper/wrapper_zstd.h"
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <cstdio>
|
||||
#include <cstdlib>
|
||||
#include <iostream>
|
||||
#include <memory>
|
||||
|
||||
constexpr size_t kFileMaxSize = 1024 * 1024 * 1024; // 1GB
|
||||
|
||||
off_t FDGetSize(int fd) {
|
||||
off_t size = lseek(fd, 0, SEEK_END);
|
||||
if (size < 0) {
|
||||
return -1;
|
||||
}
|
||||
if (lseek(fd, 0, SEEK_SET) < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return size;
|
||||
}
|
||||
|
||||
int ZSTD_compress_fd(int fdin, int fdout, int level) {
|
||||
off_t sizein = FDGetSize(fdin);
|
||||
if (sizein <= 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
size_t sizeout = ZSTD_compressBound(sizein);
|
||||
|
||||
auto bufin = std::make_unique<int8_t[]>(sizein);
|
||||
auto bufout = std::make_unique<int8_t[]>(sizeout);
|
||||
|
||||
if (read(fdin, bufin.get(), sizein) != sizein) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
int retsize =
|
||||
ZSTD_compress(bufout.get(), sizeout, bufin.get(), sizein, level);
|
||||
if (ZSTD_isError(retsize)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (write(fdout, bufout.get(), retsize) != retsize) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ZSTD_compressStream_fd(ZSTD_CCtx* cctx, int fdin, int fdout) {
|
||||
size_t sizein = ZSTD_CStreamInSize();
|
||||
size_t sizeout = ZSTD_CStreamOutSize();
|
||||
|
||||
auto bufin = std::make_unique<int8_t[]>(sizein);
|
||||
auto bufout = std::make_unique<int8_t[]>(sizeout);
|
||||
|
||||
ssize_t size;
|
||||
while ((size = read(fdin, bufin.get(), sizein)) > 0) {
|
||||
ZSTD_inBuffer_s struct_in;
|
||||
struct_in.src = bufin.get();
|
||||
struct_in.pos = 0;
|
||||
struct_in.size = size;
|
||||
|
||||
ZSTD_EndDirective mode = ZSTD_e_continue;
|
||||
if (size < sizein) {
|
||||
mode = ZSTD_e_end;
|
||||
}
|
||||
|
||||
bool isdone = false;
|
||||
while (!isdone) {
|
||||
ZSTD_outBuffer_s struct_out;
|
||||
struct_out.dst = bufout.get();
|
||||
struct_out.pos = 0;
|
||||
struct_out.size = sizeout;
|
||||
|
||||
size_t remaining =
|
||||
ZSTD_compressStream2(cctx, &struct_out, &struct_in, mode);
|
||||
if (ZSTD_isError(remaining)) {
|
||||
return -1;
|
||||
}
|
||||
if (write(fdout, bufout.get(), struct_out.pos) != struct_out.pos) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (mode == ZSTD_e_continue) {
|
||||
isdone = (struct_in.pos == size);
|
||||
} else {
|
||||
isdone = (remaining == 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (size != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ZSTD_decompress_fd(int fdin, int fdout) {
|
||||
off_t sizein = FDGetSize(fdin);
|
||||
if (sizein <= 0) {
|
||||
return -1;
|
||||
}
|
||||
auto bufin = std::make_unique<int8_t[]>(sizein);
|
||||
if (read(fdin, bufin.get(), sizein) != sizein) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
size_t sizeout = ZSTD_getFrameContentSize(bufin.get(), sizein);
|
||||
if (ZSTD_isError(sizeout) || sizeout > kFileMaxSize) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
auto bufout = std::make_unique<int8_t[]>(sizeout);
|
||||
|
||||
size_t desize = ZSTD_decompress(bufout.get(), sizeout, bufin.get(), sizein);
|
||||
if (ZSTD_isError(desize) || desize != sizeout) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (write(fdout, bufout.get(), sizeout) != sizeout) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ZSTD_decompressStream_fd(ZSTD_DCtx* dctx, int fdin, int fdout) {
|
||||
size_t sizein = ZSTD_CStreamInSize();
|
||||
size_t sizeout = ZSTD_CStreamOutSize();
|
||||
|
||||
auto bufin = std::make_unique<int8_t[]>(sizein);
|
||||
auto bufout = std::make_unique<int8_t[]>(sizeout);
|
||||
|
||||
ssize_t size;
|
||||
while ((size = read(fdin, bufin.get(), sizein)) > 0) {
|
||||
ZSTD_inBuffer_s struct_in;
|
||||
struct_in.src = bufin.get();
|
||||
struct_in.pos = 0;
|
||||
struct_in.size = size;
|
||||
|
||||
while (struct_in.pos < size) {
|
||||
ZSTD_outBuffer_s struct_out;
|
||||
struct_out.dst = bufout.get();
|
||||
struct_out.pos = 0;
|
||||
struct_out.size = sizeout;
|
||||
|
||||
size_t ret = ZSTD_decompressStream(dctx, &struct_out, &struct_in);
|
||||
if (ZSTD_isError(ret)) {
|
||||
return -1;
|
||||
}
|
||||
if (write(fdout, bufout.get(), struct_out.pos) != struct_out.pos) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (size != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
28
contrib/zstd/wrapper/wrapper_zstd.h
Normal file
28
contrib/zstd/wrapper/wrapper_zstd.h
Normal file
|
@ -0,0 +1,28 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_
|
||||
#define CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_
|
||||
|
||||
#include <zstd.h>
|
||||
|
||||
extern "C" {
|
||||
int ZSTD_compress_fd(int fdin, int fdout, int level);
|
||||
int ZSTD_compressStream_fd(ZSTD_CCtx* cctx, int fdin, int fdout);
|
||||
|
||||
int ZSTD_decompress_fd(int fdin, int fdout);
|
||||
int ZSTD_decompressStream_fd(ZSTD_DCtx* dctx, int fdin, int fdout);
|
||||
};
|
||||
|
||||
#endif // CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_
|
|
@ -4,7 +4,7 @@
|
|||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http:#www.apache.org/licenses/LICENSE-2.0
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http:#www.apache.org/licenses/LICENSE-2.0
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
|
3
oss-internship-2020/pffft/.gitignore
vendored
3
oss-internship-2020/pffft/.gitignore
vendored
|
@ -1,3 +0,0 @@
|
|||
*.o
|
||||
*.a
|
||||
pffft_main
|
|
@ -413,7 +413,7 @@ void ServeRequest(sandbox2::Comms* comms) {
|
|||
} // namespace client
|
||||
} // namespace sapi
|
||||
|
||||
extern "C" ABSL_ATTRIBUTE_WEAK int main(int argc, char** argv) {
|
||||
ABSL_ATTRIBUTE_WEAK int main(int argc, char* argv[]) {
|
||||
gflags::SetCommandLineOptionWithMode("userspace_coredumper", "false",
|
||||
gflags::SET_FLAG_IF_DEFAULT);
|
||||
gflags::ParseCommandLineFlags(&argc, &argv, true);
|
||||
|
|
|
@ -24,19 +24,21 @@ sapi_proto_library(
|
|||
name = "stringop_params_proto",
|
||||
srcs = ["stringop_params.proto"],
|
||||
visibility = ["//visibility:public"],
|
||||
alwayslink = True,
|
||||
)
|
||||
|
||||
cc_library(
|
||||
name = "stringop",
|
||||
srcs = ["stringop.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
linkstatic = True,
|
||||
visibility = ["//visibility:public"],
|
||||
deps = [
|
||||
":stringop_params_cc_proto",
|
||||
"//sandboxed_api:lenval_core",
|
||||
"@com_google_absl//absl/base:core_headers",
|
||||
],
|
||||
alwayslink = 1, # All functions are linked into dependent binaries
|
||||
alwayslink = True,
|
||||
)
|
||||
|
||||
sapi_library(
|
||||
|
|
|
@ -36,7 +36,7 @@ sapi_library(
|
|||
cc_binary(
|
||||
name = "main_zlib",
|
||||
srcs = ["main_zlib.cc"],
|
||||
copts = sapi_platform_copts(["-Wframe-larger-than=65536"]),
|
||||
copts = sapi_platform_copts(),
|
||||
deps = [
|
||||
":zlib-sapi",
|
||||
":zlib-sapi_embed",
|
||||
|
|
|
@ -17,7 +17,7 @@ add_sapi_library(zlib-sapi
|
|||
FUNCTIONS deflateInit_
|
||||
deflate
|
||||
deflateEnd
|
||||
INPUTS ${ZLIB_INCLUDE_DIRS}/zlib.h
|
||||
INPUTS "${ZLIB_INCLUDE_DIRS}/zlib.h"
|
||||
LIBRARY ZLIB::ZLIB
|
||||
LIBRARY_NAME Zlib
|
||||
NAMESPACE "sapi::zlib"
|
||||
|
|
|
@ -842,6 +842,7 @@ cc_test(
|
|||
"//sandboxed_api/util:flags",
|
||||
"//sandboxed_api/util:status_matchers",
|
||||
"//sandboxed_api/util:temp_file",
|
||||
"@com_google_absl//absl/cleanup",
|
||||
"@com_google_absl//absl/memory",
|
||||
"@com_google_absl//absl/status:statusor",
|
||||
"@com_google_absl//absl/strings",
|
||||
|
|
|
@ -946,6 +946,7 @@ if(SAPI_ENABLE_TESTS)
|
|||
sandbox2::testcase_symbolize
|
||||
)
|
||||
target_link_libraries(sandbox2_stack_trace_test PRIVATE
|
||||
absl::cleanup
|
||||
absl::memory
|
||||
absl::status
|
||||
absl::strings
|
||||
|
|
|
@ -66,7 +66,7 @@ TEST(BufferTest, TestImplementation) {
|
|||
std::unique_ptr<Policy> BufferTestcasePolicy() {
|
||||
auto s2p = PolicyBuilder()
|
||||
.DisableNamespaces()
|
||||
.AllowStaticStartup()
|
||||
.AllowDynamicStartup()
|
||||
.AllowExit()
|
||||
.AllowSafeFcntl()
|
||||
.AllowTime()
|
||||
|
@ -75,6 +75,7 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
|
|||
.AllowWrite()
|
||||
.AllowMmap()
|
||||
.AllowStat()
|
||||
.AllowOpen()
|
||||
.AllowSyscalls({
|
||||
__NR_dup,
|
||||
__NR_futex,
|
||||
|
@ -88,10 +89,6 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
|
|||
})
|
||||
.BlockSyscallsWithErrno(
|
||||
{
|
||||
#ifdef __NR_open
|
||||
__NR_open,
|
||||
#endif
|
||||
__NR_openat,
|
||||
#ifdef __NR_access
|
||||
// On Debian, even static binaries check existence of
|
||||
// /etc/ld.so.nohwcap.
|
||||
|
|
|
@ -555,9 +555,11 @@ bool Comms::Recv(void* data, size_t len) {
|
|||
// Internal helper method (low level).
|
||||
bool Comms::RecvTL(uint32_t* tag, size_t* length) {
|
||||
if (!Recv(reinterpret_cast<uint8_t*>(tag), sizeof(*tag))) {
|
||||
SAPI_RAW_VLOG(2, "RecvTL: Can't read tag");
|
||||
return false;
|
||||
}
|
||||
if (!Recv(reinterpret_cast<uint8_t*>(length), sizeof(*length))) {
|
||||
SAPI_RAW_VLOG(2, "RecvTL: Can't read length for tag %u", *tag);
|
||||
return false;
|
||||
}
|
||||
if (*length > GetMaxMsgSize()) {
|
||||
|
|
|
@ -37,9 +37,6 @@ cc_binary(
|
|||
name = "zpipe",
|
||||
srcs = ["zpipe.c"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = [
|
||||
"fully_static_link", # link libc statically
|
||||
],
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
deps = ["@net_zlib//:zlib"],
|
||||
)
|
||||
|
|
|
@ -24,7 +24,6 @@ target_link_libraries(sandbox2_zpipe_sandbox PRIVATE
|
|||
absl::memory
|
||||
sandbox2::bpf_helper
|
||||
sandbox2::comms
|
||||
# sandbox2::ipc
|
||||
sapi::runfiles
|
||||
sandbox2::sandbox2
|
||||
sapi::base
|
||||
|
@ -38,5 +37,6 @@ add_executable(sandbox2_zpipe
|
|||
set_target_properties(sandbox2_zpipe PROPERTIES OUTPUT_NAME zpipe)
|
||||
add_executable(sandbox2::zpipe ALIAS sandbox2_zpipe)
|
||||
target_link_libraries(sandbox2_zpipe PRIVATE
|
||||
-static
|
||||
ZLIB::ZLIB
|
||||
)
|
||||
|
|
|
@ -54,7 +54,7 @@ std::unique_ptr<sandbox2::Policy> GetPolicy() {
|
|||
// Allow write on STDOUT / STDERR.
|
||||
.AddPolicyOnSyscall(__NR_write,
|
||||
{ARG_32(0), JEQ32(1, ALLOW), JEQ32(2, ALLOW)})
|
||||
.AllowSyscall(__NR_fstat)
|
||||
.AllowStat()
|
||||
.AllowStaticStartup()
|
||||
.AllowSystemMalloc()
|
||||
.AllowExit()
|
||||
|
|
|
@ -39,6 +39,7 @@ namespace sandbox2 {
|
|||
namespace {
|
||||
|
||||
using ::sapi::GetTestSourcePath;
|
||||
using ::testing::Eq;
|
||||
|
||||
// Allow typical syscalls and call SECCOMP_RET_TRACE for personality syscall,
|
||||
// chosen because unlikely to be called by a regular program.
|
||||
|
@ -46,6 +47,7 @@ std::unique_ptr<Policy> NotifyTestcasePolicy() {
|
|||
return PolicyBuilder()
|
||||
.DisableNamespaces()
|
||||
.AllowStaticStartup()
|
||||
.AllowDynamicStartup() // For PrintPidAndComms
|
||||
.AllowExit()
|
||||
.AllowRead()
|
||||
.AllowWrite()
|
||||
|
@ -106,16 +108,12 @@ TEST(NotifyTest, AllowPersonality) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/personality");
|
||||
std::vector<std::string> args = {path};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
auto policy = NotifyTestcasePolicy();
|
||||
ASSERT_THAT(policy, testing::Not(testing::IsNull()));
|
||||
auto notify = absl::make_unique<PersonalityNotify>(true);
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy), std::move(notify));
|
||||
Sandbox2 s2(absl::make_unique<Executor>(path, args), NotifyTestcasePolicy(),
|
||||
absl::make_unique<PersonalityNotify>(/*allow=*/true));
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_EQ(result.final_status(), Result::OK);
|
||||
ASSERT_EQ(result.reason_code(), 22);
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::OK));
|
||||
EXPECT_THAT(result.reason_code(), Eq(22));
|
||||
}
|
||||
|
||||
// Test EventSyscallTrap on personality syscall and disallow it.
|
||||
|
@ -123,16 +121,12 @@ TEST(NotifyTest, DisallowPersonality) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/personality");
|
||||
std::vector<std::string> args = {path};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
auto policy = NotifyTestcasePolicy();
|
||||
ASSERT_THAT(policy, testing::Not(testing::IsNull()));
|
||||
auto notify = absl::make_unique<PersonalityNotify>(false);
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy), std::move(notify));
|
||||
Sandbox2 s2(absl::make_unique<Executor>(path, args), NotifyTestcasePolicy(),
|
||||
absl::make_unique<PersonalityNotify>(/*allow=*/false));
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_EQ(result.final_status(), Result::VIOLATION);
|
||||
ASSERT_EQ(result.reason_code(), __NR_personality);
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
|
||||
EXPECT_THAT(result.reason_code(), Eq(__NR_personality));
|
||||
}
|
||||
|
||||
// Test EventStarted by exchanging data after started but before sandboxed.
|
||||
|
@ -142,15 +136,13 @@ TEST(NotifyTest, PrintPidAndComms) {
|
|||
std::vector<std::string> args = {path};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
executor->set_enable_sandbox_before_exec(false);
|
||||
auto policy = NotifyTestcasePolicy();
|
||||
ASSERT_THAT(policy, testing::Not(testing::IsNull()));
|
||||
auto notify = absl::make_unique<PidCommsNotify>();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy), std::move(notify));
|
||||
Sandbox2 s2(std::move(executor), NotifyTestcasePolicy(),
|
||||
absl::make_unique<PidCommsNotify>());
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_EQ(result.final_status(), Result::OK);
|
||||
ASSERT_EQ(result.reason_code(), 33);
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::OK));
|
||||
EXPECT_THAT(result.reason_code(), Eq(33));
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
|
|
@ -79,11 +79,7 @@ TEST(PolicyTest, AMD64Syscall32PolicyAllowed) {
|
|||
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
|
||||
|
||||
std::vector<std::string> args = {path, "1"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyTestcasePolicy();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
|
||||
|
@ -96,11 +92,7 @@ TEST(PolicyTest, AMD64Syscall32FsAllowed) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
|
||||
std::vector<std::string> args = {path, "2"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyTestcasePolicy();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
|
||||
|
@ -115,11 +107,7 @@ TEST(PolicyTest, PtraceDisallowed) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
|
||||
std::vector<std::string> args = {path, "3"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyTestcasePolicy();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
|
||||
|
@ -131,11 +119,7 @@ TEST(PolicyTest, CloneUntracedDisallowed) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
|
||||
std::vector<std::string> args = {path, "4"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyTestcasePolicy();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
|
||||
|
@ -147,11 +131,7 @@ TEST(PolicyTest, BpfDisallowed) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
|
||||
std::vector<std::string> args = {path, "5"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyTestcasePolicy();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
|
||||
|
@ -163,13 +143,12 @@ TEST(PolicyTest, BpfPermissionDenied) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
|
||||
std::vector<std::string> args = {path, "7"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = CreatePolicyTestPolicyBuilder()
|
||||
.BlockSyscallWithErrno(__NR_bpf, EPERM)
|
||||
.BuildOrDie();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), std::move(policy));
|
||||
auto result = s2.Run();
|
||||
|
||||
// bpf(2) is not a violation due to explicit policy. EPERM is expected.
|
||||
|
@ -181,11 +160,7 @@ TEST(PolicyTest, IsattyAllowed) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
|
||||
std::vector<std::string> args = {path, "6"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyTestcasePolicy();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::OK));
|
||||
|
@ -209,11 +184,7 @@ TEST(MinimalTest, MinimalBinaryWorks) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/minimal");
|
||||
std::vector<std::string> args = {path};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = MinimalTestcasePolicy();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), MinimalTestcasePolicy());
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::OK));
|
||||
|
@ -226,7 +197,6 @@ TEST(MinimalTest, MinimalSharedBinaryWorks) {
|
|||
const std::string path =
|
||||
GetTestSourcePath("sandbox2/testcases/minimal_dynamic");
|
||||
std::vector<std::string> args = {path};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyBuilder()
|
||||
.AllowDynamicStartup()
|
||||
|
@ -241,7 +211,7 @@ TEST(MinimalTest, MinimalSharedBinaryWorks) {
|
|||
.AddLibrariesForBinary(path)
|
||||
.BuildOrDie();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), std::move(policy));
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::OK));
|
||||
|
@ -254,7 +224,6 @@ TEST(MallocTest, SystemMallocWorks) {
|
|||
const std::string path =
|
||||
GetTestSourcePath("sandbox2/testcases/malloc_system");
|
||||
std::vector<std::string> args = {path};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyBuilder()
|
||||
.AllowStaticStartup()
|
||||
|
@ -266,7 +235,7 @@ TEST(MallocTest, SystemMallocWorks) {
|
|||
#endif
|
||||
.BuildOrDie();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), std::move(policy));
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::OK));
|
||||
|
@ -283,7 +252,6 @@ TEST(MultipleSyscalls, AddPolicyOnSyscallsWorks) {
|
|||
const std::string path =
|
||||
GetTestSourcePath("sandbox2/testcases/add_policy_on_syscalls");
|
||||
std::vector<std::string> args = {path};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyBuilder()
|
||||
.AllowStaticStartup()
|
||||
|
@ -337,7 +305,7 @@ TEST(MultipleSyscalls, AddPolicyOnSyscallsWorks) {
|
|||
.BlockSyscallWithErrno(__NR_prlimit64, EPERM)
|
||||
.BuildOrDie();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(std::make_unique<Executor>(path, args), std::move(policy));
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
|
||||
|
|
|
@ -91,7 +91,7 @@ PolicyBuilder& PolicyBuilder::AllowSyscalls(absl::Span<const uint32_t> nums) {
|
|||
PolicyBuilder& PolicyBuilder::BlockSyscallsWithErrno(
|
||||
absl::Span<const uint32_t> nums, int error) {
|
||||
for (auto num : nums) {
|
||||
AllowSyscall(num);
|
||||
BlockSyscallWithErrno(num, error);
|
||||
}
|
||||
return *this;
|
||||
}
|
||||
|
@ -653,12 +653,10 @@ PolicyBuilder& PolicyBuilder::AllowStaticStartup() {
|
|||
BlockSyscallWithErrno(__NR_readlink, ENOENT);
|
||||
#endif
|
||||
|
||||
if constexpr (sapi::host_cpu::IsArm()) {
|
||||
AddPolicyOnSyscall(__NR_mprotect, {
|
||||
ARG_32(2),
|
||||
JEQ32(PROT_READ, ALLOW),
|
||||
});
|
||||
}
|
||||
|
||||
return *this;
|
||||
}
|
||||
|
@ -884,7 +882,7 @@ PolicyBuilder& PolicyBuilder::AddFile(absl::string_view path, bool is_ro) {
|
|||
|
||||
PolicyBuilder& PolicyBuilder::AddFileAt(absl::string_view outside,
|
||||
absl::string_view inside, bool is_ro) {
|
||||
EnableNamespaces();
|
||||
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
|
||||
|
||||
auto valid_outside = ValidateAbsolutePath(outside);
|
||||
if (!valid_outside.ok()) {
|
||||
|
@ -912,7 +910,7 @@ PolicyBuilder& PolicyBuilder::AddFileAt(absl::string_view outside,
|
|||
|
||||
PolicyBuilder& PolicyBuilder::AddLibrariesForBinary(
|
||||
absl::string_view path, absl::string_view ld_library_path) {
|
||||
EnableNamespaces();
|
||||
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
|
||||
|
||||
auto valid_path = ValidatePath(path);
|
||||
if (!valid_path.ok()) {
|
||||
|
@ -941,7 +939,7 @@ PolicyBuilder& PolicyBuilder::AddDirectory(absl::string_view path, bool is_ro) {
|
|||
PolicyBuilder& PolicyBuilder::AddDirectoryAt(absl::string_view outside,
|
||||
absl::string_view inside,
|
||||
bool is_ro) {
|
||||
EnableNamespaces();
|
||||
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
|
||||
|
||||
auto valid_outside = ValidateAbsolutePath(outside);
|
||||
if (!valid_outside.ok()) {
|
||||
|
@ -969,7 +967,7 @@ PolicyBuilder& PolicyBuilder::AddDirectoryAt(absl::string_view outside,
|
|||
}
|
||||
|
||||
PolicyBuilder& PolicyBuilder::AddTmpfs(absl::string_view inside, size_t size) {
|
||||
EnableNamespaces();
|
||||
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
|
||||
|
||||
if (auto status = mounts_.AddTmpfs(inside, size); !status.ok()) {
|
||||
SetError(absl::InternalError(absl::StrCat("Could not mount tmpfs ", inside,
|
||||
|
@ -979,14 +977,14 @@ PolicyBuilder& PolicyBuilder::AddTmpfs(absl::string_view inside, size_t size) {
|
|||
}
|
||||
|
||||
PolicyBuilder& PolicyBuilder::AllowUnrestrictedNetworking() {
|
||||
EnableNamespaces();
|
||||
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
|
||||
allow_unrestricted_networking_ = true;
|
||||
|
||||
return *this;
|
||||
}
|
||||
|
||||
PolicyBuilder& PolicyBuilder::SetHostname(absl::string_view hostname) {
|
||||
EnableNamespaces();
|
||||
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
|
||||
hostname_ = std::string(hostname);
|
||||
|
||||
return *this;
|
||||
|
@ -1089,7 +1087,7 @@ PolicyBuilder& PolicyBuilder::AddNetworkProxyHandlerPolicy() {
|
|||
}
|
||||
|
||||
PolicyBuilder& PolicyBuilder::SetRootWritable() {
|
||||
EnableNamespaces();
|
||||
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
|
||||
mounts_.SetRootWritable();
|
||||
|
||||
return *this;
|
||||
|
|
|
@ -68,6 +68,7 @@ using ::testing::Lt;
|
|||
using ::testing::NotNull;
|
||||
using ::testing::StartsWith;
|
||||
using ::testing::StrEq;
|
||||
using ::sapi::IsOk;
|
||||
using ::sapi::StatusIs;
|
||||
|
||||
class PolicyBuilderTest : public testing::Test {
|
||||
|
@ -193,8 +194,9 @@ std::string PolicyBuilderTest::Run(std::vector<std::string> args,
|
|||
|
||||
TEST_F(PolicyBuilderTest, TestCanOnlyBuildOnce) {
|
||||
PolicyBuilder b;
|
||||
ASSERT_THAT(b.BuildOrDie(), NotNull());
|
||||
ASSERT_DEATH(b.BuildOrDie(), "Can only build policy once");
|
||||
ASSERT_THAT(b.TryBuild(), IsOk());
|
||||
EXPECT_THAT(b.TryBuild(), StatusIs(absl::StatusCode::kFailedPrecondition,
|
||||
"Can only build policy once."));
|
||||
}
|
||||
|
||||
TEST_F(PolicyBuilderTest, TestIsCopyable) {
|
||||
|
|
|
@ -61,7 +61,6 @@ TEST(SandboxCoreDumpTest, AbortWithoutCoreDumpReturnsSignaled) {
|
|||
// Don't restrict the syscalls at all.
|
||||
.DangerDefaultAllowAll()
|
||||
.TryBuild());
|
||||
|
||||
Sandbox2 sandbox(std::move(executor), std::move(policy));
|
||||
auto result = sandbox.Run();
|
||||
|
||||
|
@ -74,8 +73,9 @@ TEST(SandboxCoreDumpTest, AbortWithoutCoreDumpReturnsSignaled) {
|
|||
TEST(TsyncTest, TsyncNoMemoryChecks) {
|
||||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/tsync");
|
||||
std::vector<std::string> args = {path};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto executor =
|
||||
absl::make_unique<Executor>(path, std::vector<std::string>{path});
|
||||
executor->set_enable_sandbox_before_exec(false);
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
|
||||
|
@ -84,7 +84,6 @@ TEST(TsyncTest, TsyncNoMemoryChecks) {
|
|||
// Don't restrict the syscalls at all.
|
||||
.DangerDefaultAllowAll()
|
||||
.TryBuild());
|
||||
|
||||
Sandbox2 sandbox(std::move(executor), std::move(policy));
|
||||
auto result = sandbox.Run();
|
||||
|
||||
|
@ -93,8 +92,8 @@ TEST(TsyncTest, TsyncNoMemoryChecks) {
|
|||
ASSERT_EQ(result.reason_code(), 0);
|
||||
}
|
||||
|
||||
// Tests whether Executor(fd, args, envp) constructor works as
|
||||
// expected.
|
||||
// Tests whether Executor(fd, std::vector<std::string>{path}, envp) constructor
|
||||
// works as expected.
|
||||
TEST(ExecutorTest, ExecutorFdConstructor) {
|
||||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
|
||||
|
@ -135,7 +134,7 @@ TEST(StackTraceTest, StackTraceOnExitWorks) {
|
|||
auto result = sandbox.Run();
|
||||
|
||||
ASSERT_EQ(result.final_status(), Result::OK);
|
||||
ASSERT_THAT(result.stack_trace(), Not(IsEmpty()));
|
||||
EXPECT_THAT(result.stack_trace(), Not(IsEmpty()));
|
||||
}
|
||||
|
||||
// Tests that we return the correct state when the sandboxee was killed by an
|
||||
|
@ -158,7 +157,6 @@ TEST(RunAsyncTest, SandboxeeExternalKill) {
|
|||
sandbox.Kill();
|
||||
auto result = sandbox.AwaitResult();
|
||||
EXPECT_EQ(result.final_status(), Result::EXTERNAL_KILL);
|
||||
|
||||
EXPECT_THAT(result.GetStackTrace(), IsEmpty());
|
||||
}
|
||||
|
||||
|
@ -231,18 +229,19 @@ TEST(StarvationTest, MonitorIsNotStarvedByTheSandboxee) {
|
|||
std::vector<std::string> args = {path};
|
||||
std::vector<std::string> envs;
|
||||
auto executor = absl::make_unique<Executor>(path, args, envs);
|
||||
executor->limits()->set_walltime_limit(absl::Seconds(5));
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(
|
||||
auto policy,
|
||||
PolicyBuilder().DisableNamespaces().DangerDefaultAllowAll().TryBuild());
|
||||
executor->limits()->set_walltime_limit(absl::Seconds(5));
|
||||
Sandbox2 sandbox(std::move(executor), std::move(policy));
|
||||
|
||||
auto start = absl::Now();
|
||||
ASSERT_THAT(sandbox.RunAsync(), IsTrue());
|
||||
auto result = sandbox.AwaitResult();
|
||||
EXPECT_THAT(result.final_status(), Eq(Result::TIMEOUT));
|
||||
auto end = absl::Now();
|
||||
auto elapsed = end - start;
|
||||
|
||||
auto elapsed = absl::Now() - start;
|
||||
EXPECT_THAT(elapsed, Lt(absl::Seconds(10)));
|
||||
}
|
||||
|
||||
|
|
|
@ -17,10 +17,13 @@
|
|||
#include <dirent.h>
|
||||
|
||||
#include <cstdio>
|
||||
#include <functional>
|
||||
#include <string>
|
||||
#include <utility>
|
||||
|
||||
#include "gmock/gmock.h"
|
||||
#include "gtest/gtest.h"
|
||||
#include "absl/cleanup/cleanup.h"
|
||||
#include "sandboxed_api/util/flag.h"
|
||||
#include "absl/memory/memory.h"
|
||||
#include "absl/strings/match.h"
|
||||
|
@ -49,6 +52,7 @@ using ::testing::ElementsAre;
|
|||
using ::testing::Eq;
|
||||
using ::testing::HasSubstr;
|
||||
using ::testing::IsEmpty;
|
||||
using ::testing::IsTrue;
|
||||
using ::testing::Not;
|
||||
|
||||
// Temporarily overrides a flag, restores the original flag value when it goes
|
||||
|
@ -74,27 +78,26 @@ void SymbolizationWorksCommon(
|
|||
const std::function<void(PolicyBuilder*)>& modify_policy) {
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/symbolize");
|
||||
std::vector<std::string> args = {path, "1"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
std::string temp_filename = CreateNamedTempFileAndClose("/tmp/").value();
|
||||
file_util::fileops::CopyFile("/proc/cpuinfo", temp_filename, 0444);
|
||||
struct TempCleanup {
|
||||
~TempCleanup() { remove(capture->c_str()); }
|
||||
std::string* capture;
|
||||
} temp_cleanup{&temp_filename};
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(std::string temp_filename,
|
||||
CreateNamedTempFileAndClose("/tmp/"));
|
||||
absl::Cleanup temp_cleanup = [&temp_filename] {
|
||||
remove(temp_filename.c_str());
|
||||
};
|
||||
ASSERT_THAT(
|
||||
file_util::fileops::CopyFile("/proc/cpuinfo", temp_filename, 0444),
|
||||
IsTrue());
|
||||
|
||||
PolicyBuilder policybuilder;
|
||||
policybuilder
|
||||
auto policybuilder = PolicyBuilder()
|
||||
// Don't restrict the syscalls at all.
|
||||
.DangerDefaultAllowAll()
|
||||
.AddFile(path)
|
||||
.AddLibrariesForBinary(path)
|
||||
.AddFileAt(temp_filename, "/proc/cpuinfo");
|
||||
|
||||
modify_policy(&policybuilder);
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, policybuilder.TryBuild());
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(absl::make_unique<Executor>(path, args), std::move(policy));
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::SIGNALED));
|
||||
|
@ -187,15 +190,15 @@ TEST(StackTraceTest, SymbolizationTrustedFilesOnly) {
|
|||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/symbolize");
|
||||
std::vector<std::string> args = {path, "2"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(
|
||||
auto policy, PolicyBuilder{} // Don't restrict the syscalls at all.
|
||||
|
||||
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
|
||||
PolicyBuilder()
|
||||
// Don't restrict the syscalls at all.
|
||||
.DangerDefaultAllowAll()
|
||||
.AddFile(path)
|
||||
.AddLibrariesForBinary(path)
|
||||
.TryBuild());
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
Sandbox2 s2(absl::make_unique<Executor>(path, args), std::move(policy));
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::SIGNALED));
|
||||
|
|
|
@ -14,13 +14,18 @@
|
|||
|
||||
# Description: test cases for sandbox2 unit tests.
|
||||
#
|
||||
# The following cc_binary options avoid dynamic linking which uses a lot of
|
||||
# syscalls (open, mmap, etc.):
|
||||
# linkopts = ["-static"]
|
||||
# linkstatic = 1
|
||||
# features = ["-pie"]
|
||||
# Bazel adds -pie by default but -static is incompatible with it, so we use
|
||||
# the features flag to force it off.
|
||||
# Some of the following cc_binary options avoid dynamic linking which uses a
|
||||
# lot of syscalls (open, mmap, etc.):
|
||||
# linkstatic = True Default for cc_binary
|
||||
# features = ["fully_static_link"] Adds -static
|
||||
#
|
||||
# Note that linking fully static with an unmodified glibc is not generally
|
||||
# considered safe, due to glibc relying heavily on loading shared objects at
|
||||
# runtime.
|
||||
# The rule of thumb when it is safe to do so is when the program either only
|
||||
# uses plain syscalls (bypassing any libc altogether) or if it does not use
|
||||
# any networking and none of the functionality from cstdio/stdio.h (due to
|
||||
# auto-loading of locale-specific shared objecs).
|
||||
|
||||
load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
|
||||
|
||||
|
@ -30,37 +35,27 @@ package(default_visibility = [
|
|||
|
||||
licenses(["notice"])
|
||||
|
||||
FULLY_STATIC_FEATURES = [
|
||||
"-pie",
|
||||
"fully_static_link", # link libc statically
|
||||
]
|
||||
|
||||
cc_binary(
|
||||
name = "abort",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["abort.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
deps = ["//sandboxed_api/util:raw_logging"],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "add_policy_on_syscalls",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["add_policy_on_syscalls.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "buffer",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["buffer.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
deps = [
|
||||
"//sandboxed_api/sandbox2:buffer",
|
||||
"//sandboxed_api/sandbox2:comms",
|
||||
|
@ -70,7 +65,7 @@ cc_binary(
|
|||
|
||||
cc_binary(
|
||||
name = "ipc",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["ipc.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
deps = [
|
||||
|
@ -81,51 +76,42 @@ cc_binary(
|
|||
],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "malloc_system",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["malloc.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
)
|
||||
|
||||
cc_binary(
|
||||
name = "minimal_dynamic",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["minimal.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "minimal",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["minimal.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "personality",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["personality.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "pidcomms",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["pidcomms.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
deps = [
|
||||
"//sandboxed_api/sandbox2:client",
|
||||
"//sandboxed_api/sandbox2:comms",
|
||||
|
@ -133,40 +119,32 @@ cc_binary(
|
|||
],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "policy",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["policy.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
deps = ["//sandboxed_api:config"],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "print_fds",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["print_fds.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "sanitizer",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["sanitizer.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
)
|
||||
|
||||
cc_binary(
|
||||
name = "close_fds",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["close_fds.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
deps = [
|
||||
|
@ -177,24 +155,19 @@ cc_binary(
|
|||
],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "sleep",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["sleep.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
)
|
||||
|
||||
# security: disable=cc-static-no-pie
|
||||
cc_binary(
|
||||
name = "symbolize",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["symbolize.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
deps = [
|
||||
"//sandboxed_api/util:raw_logging",
|
||||
"//sandboxed_api/util:temp_file",
|
||||
|
@ -205,7 +178,7 @@ cc_binary(
|
|||
|
||||
cc_binary(
|
||||
name = "tsync",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["tsync.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
deps = [
|
||||
|
@ -216,34 +189,30 @@ cc_binary(
|
|||
|
||||
cc_binary(
|
||||
name = "starve",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["starve.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
)
|
||||
|
||||
cc_binary(
|
||||
name = "hostname",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["hostname.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
)
|
||||
|
||||
cc_binary(
|
||||
name = "limits",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["limits.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
)
|
||||
|
||||
cc_binary(
|
||||
name = "namespace",
|
||||
testonly = 1,
|
||||
testonly = True,
|
||||
srcs = ["namespace.cc"],
|
||||
copts = sapi_platform_copts(),
|
||||
features = FULLY_STATIC_FEATURES,
|
||||
linkstatic = 1,
|
||||
features = ["fully_static_link"],
|
||||
)
|
||||
|
|
|
@ -12,12 +12,6 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
if(SAPI_LIB_TYPE STREQUAL "STATIC")
|
||||
set(_sandbox2_linkopts -static)
|
||||
else()
|
||||
set(_sandbox2_linkopts ${CMAKE_THREAD_LIBS_INIT})
|
||||
endif()
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:abort
|
||||
add_executable(sandbox2_testcase_abort
|
||||
abort.cc
|
||||
|
@ -40,7 +34,8 @@ set_target_properties(sandbox2_testcase_add_policy_on_syscalls PROPERTIES
|
|||
OUTPUT_NAME add_policy_on_syscalls
|
||||
)
|
||||
target_link_libraries(sandbox2_testcase_add_policy_on_syscalls PRIVATE
|
||||
${_sandbox2_linkopts}
|
||||
-static
|
||||
sapi::base
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:buffer
|
||||
|
@ -56,7 +51,6 @@ target_link_libraries(sandbox2_testcase_buffer PRIVATE
|
|||
sandbox2::buffer
|
||||
sandbox2::comms
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:ipc
|
||||
|
@ -85,8 +79,8 @@ set_target_properties(sandbox2_testcase_malloc_system PROPERTIES
|
|||
OUTPUT_NAME malloc_system
|
||||
)
|
||||
target_link_libraries(sandbox2_testcase_malloc_system PRIVATE
|
||||
-static
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:minimal_dynamic
|
||||
|
@ -111,8 +105,8 @@ set_target_properties(sandbox2_testcase_minimal PROPERTIES
|
|||
OUTPUT_NAME minimal
|
||||
)
|
||||
target_link_libraries(sandbox2_testcase_minimal PRIVATE
|
||||
-static
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:personality
|
||||
|
@ -125,8 +119,8 @@ set_target_properties(sandbox2_testcase_personality PROPERTIES
|
|||
OUTPUT_NAME personality
|
||||
)
|
||||
target_link_libraries(sandbox2_testcase_personality PRIVATE
|
||||
-static
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:pidcomms
|
||||
|
@ -142,7 +136,6 @@ target_link_libraries(sandbox2_testcase_pidcomms PRIVATE
|
|||
sandbox2::comms
|
||||
sapi::base
|
||||
sapi::raw_logging
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:policy
|
||||
|
@ -154,9 +147,9 @@ set_target_properties(sandbox2_testcase_policy PROPERTIES
|
|||
OUTPUT_NAME policy
|
||||
)
|
||||
target_link_libraries(sandbox2_testcase_policy PRIVATE
|
||||
-static
|
||||
sapi::base
|
||||
sapi::config
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:print_fds
|
||||
|
@ -169,7 +162,6 @@ set_target_properties(sandbox2_testcase_print_fds PROPERTIES
|
|||
)
|
||||
target_link_libraries(sandbox2_testcase_print_fds PRIVATE
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:sanitizer
|
||||
|
@ -182,7 +174,6 @@ set_target_properties(sandbox2_testcase_sanitizer PROPERTIES
|
|||
)
|
||||
target_link_libraries(sandbox2_testcase_sanitizer PRIVATE
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:close_fds
|
||||
|
@ -195,7 +186,6 @@ set_target_properties(sandbox2_testcase_close_fds PROPERTIES
|
|||
)
|
||||
target_link_libraries(sandbox2_testcase_close_fds PRIVATE
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
absl::strings
|
||||
absl::flat_hash_set
|
||||
glog::glog
|
||||
|
@ -212,8 +202,8 @@ set_target_properties(sandbox2_testcase_sleep PROPERTIES
|
|||
OUTPUT_NAME sleep
|
||||
)
|
||||
target_link_libraries(sandbox2_testcase_sleep PRIVATE
|
||||
-static
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:symbolize
|
||||
|
@ -231,7 +221,6 @@ target_link_libraries(sandbox2_testcase_symbolize PRIVATE
|
|||
sapi::strerror
|
||||
sapi::base
|
||||
sapi::raw_logging
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:starve
|
||||
|
@ -246,7 +235,6 @@ target_link_libraries(sandbox2_testcase_starve PRIVATE
|
|||
sapi::base
|
||||
)
|
||||
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:tsync
|
||||
add_executable(sandbox2_testcase_tsync
|
||||
tsync.cc
|
||||
|
@ -259,7 +247,6 @@ target_link_libraries(sandbox2_testcase_tsync PRIVATE
|
|||
sandbox2::client
|
||||
sandbox2::comms
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:hostname
|
||||
|
@ -271,8 +258,8 @@ set_target_properties(sandbox2_testcase_hostname PROPERTIES
|
|||
OUTPUT_NAME hostname
|
||||
)
|
||||
target_link_libraries(sandbox2_testcase_hostname PRIVATE
|
||||
-static
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:limits
|
||||
|
@ -285,7 +272,6 @@ set_target_properties(sandbox2_testcase_limits PROPERTIES
|
|||
)
|
||||
target_link_libraries(sandbox2_testcase_limits PRIVATE
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
||||
# sandboxed_api/sandbox2/testcases:namespace
|
||||
|
@ -297,6 +283,6 @@ set_target_properties(sandbox2_testcase_namespace PROPERTIES
|
|||
OUTPUT_NAME namespace
|
||||
)
|
||||
target_link_libraries(sandbox2_testcase_namespace PRIVATE
|
||||
-static
|
||||
sapi::base
|
||||
${_sandbox2_linkopts}
|
||||
)
|
||||
|
|
|
@ -177,8 +177,10 @@ absl::StatusOr<SymbolMap> LoadSymbolsMap(pid_t pid) {
|
|||
|
||||
for (const ElfFile::Symbol& symbol : elf->symbols()) {
|
||||
if (elf->position_independent()) {
|
||||
if (symbol.address < entry.end - entry.start) {
|
||||
addr_to_symbol[symbol.address + entry.start] = symbol.name;
|
||||
if (symbol.address >= entry.pgoff &&
|
||||
symbol.address - entry.pgoff < entry.end - entry.start) {
|
||||
addr_to_symbol[symbol.address + entry.start - entry.pgoff] =
|
||||
symbol.name;
|
||||
}
|
||||
} else {
|
||||
if (symbol.address >= entry.start && symbol.address < entry.end) {
|
||||
|
|
|
@ -26,13 +26,14 @@
|
|||
#include "sandboxed_api/util/file_helpers.h"
|
||||
#include "sandboxed_api/util/status_matchers.h"
|
||||
|
||||
extern "C" void ExportedFunctionName() {
|
||||
extern "C" void ExportedFunction() {
|
||||
// Don't do anything - used to generate a symbol.
|
||||
}
|
||||
|
||||
namespace file = ::sapi::file;
|
||||
using ::sapi::GetTestSourcePath;
|
||||
using ::sapi::IsOk;
|
||||
using ::testing::ElementsAre;
|
||||
using ::testing::Eq;
|
||||
using ::testing::IsTrue;
|
||||
using ::testing::Ne;
|
||||
|
@ -65,19 +66,20 @@ TEST(MinielfTest, SymbolResolutionWorks) {
|
|||
ParseProcMaps(maps_buffer));
|
||||
|
||||
// Find maps entry that covers this entry.
|
||||
uint64_t function_address = reinterpret_cast<uint64_t>(ExportedFunctionName);
|
||||
auto function_entry =
|
||||
uint64_t function_address = reinterpret_cast<uint64_t>(&ExportedFunction);
|
||||
auto entry =
|
||||
absl::c_find_if(maps, [function_address](const MapsEntry& entry) {
|
||||
return entry.start <= function_address && entry.end > function_address;
|
||||
});
|
||||
ASSERT_THAT(function_entry, Ne(maps.end()));
|
||||
function_address -= function_entry->start;
|
||||
ASSERT_THAT(entry, Ne(maps.end()));
|
||||
|
||||
auto function_symbol =
|
||||
absl::c_find_if(elf.symbols(), [](const ElfFile::Symbol& symbol) {
|
||||
return symbol.name == "ExportedFunctionName";
|
||||
return symbol.name == "ExportedFunction";
|
||||
});
|
||||
ASSERT_THAT(function_symbol, Ne(elf.symbols().end()));
|
||||
|
||||
function_address -= entry->start - entry->pgoff;
|
||||
EXPECT_THAT(function_symbol->address, Eq(function_address));
|
||||
}
|
||||
|
||||
|
@ -86,8 +88,7 @@ TEST(MinielfTest, ImportedLibraries) {
|
|||
ElfFile elf, ElfFile::ParseFromFile(
|
||||
GetTestSourcePath("sandbox2/util/testdata/hello_world"),
|
||||
ElfFile::kLoadImportedLibraries));
|
||||
std::vector<std::string> imported_libraries = {"libc.so.6"};
|
||||
EXPECT_THAT(elf.imported_libraries(), Eq(imported_libraries));
|
||||
EXPECT_THAT(elf.imported_libraries(), ElementsAre("libc.so.6"));
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
|
|
@ -31,8 +31,11 @@ void SaveStatusToProto(const absl::Status& status, StatusProto* out) {
|
|||
absl::Status MakeStatusFromProto(const StatusProto& proto) {
|
||||
absl::Status status(static_cast<absl::StatusCode>(proto.code()),
|
||||
proto.message());
|
||||
for (const auto& [type_key, payload] : proto.payloads()) {
|
||||
status.SetPayload(type_key, absl::Cord(payload));
|
||||
// Note: Using C++17 structured bindings instead of `entry` crashes Clang 6.0
|
||||
// on Ubuntu 18.04 (bionic).
|
||||
for (const auto& entry : proto.payloads()) {
|
||||
status.SetPayload(/*type_url=*/entry.first,
|
||||
/*payload=*/absl::Cord(entry.second));
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user