Merge branch 'main' into cmake_quote

This commit is contained in:
Christian Blichmann 2022-02-22 11:57:33 +01:00 committed by GitHub
commit 99f1ce93ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
74 changed files with 2376 additions and 400 deletions

View File

@ -13,36 +13,55 @@ jobs:
include:
- container: fedora:35
compiler: gcc # GCC 11
ignore-errors: false
# TODO(cblichmann): Add clang-13 build to matrix (currently fails)
ignore-errors: true # Stack trace test fails on Fedora (issue #118)
runs-on: ubuntu-latest
continue-on-error: ${{ matrix.ignore-errors }}
container:
image: ${{ matrix.container }}
env:
RUN_CMD: docker exec --tty ${{matrix.compiler}}-build-container
steps:
- uses: actions/checkout@v2
- name: Prepare container
# Note: For the sandbox tests to work, we need a privileged, unconfined
# container that retains its capabilities.
run: |
docker run --name ${{matrix.compiler}}-build-container \
--tty \
--privileged \
--cap-add ALL \
--security-opt apparmor:unconfined \
-v $GITHUB_WORKSPACE:$GITHUB_WORKSPACE \
-e TERM=dumb \
-e BUILD_TYPE \
-e GITHUB_WORKSPACE \
-d ${{matrix.container}} \
sleep infinity
- name: Install build tools
run: |
dnf update -y
dnf install -y git make automake patch glibc-static libstdc++-static \
cmake ninja-build python3 python3-pip clang-devel libcap-devel
- name: Install/configure Clang compiler toolchain
if: matrix.compiler == 'clang'
run: |
echo "CXX=clang++" >> $GITHUB_ENV
echo "CC=clang" >> $GITHUB_ENV
$RUN_CMD dnf update -y --quiet
$RUN_CMD dnf install -y --quiet git make automake patch glibc-static \
libstdc++-static cmake ninja-build python3 python3-pip clang-devel \
libcap-devel
- name: Create Build Environment
run: |
pip3 install absl-py clang
cmake -E make_directory $GITHUB_WORKSPACE/build
$RUN_CMD pip3 install --progress-bar=off absl-py clang
$RUN_CMD cmake -E make_directory $GITHUB_WORKSPACE/build
- name: Configure CMake
run: cmake $GITHUB_WORKSPACE -G Ninja -DCMAKE_BUILD_TYPE=$BUILD_TYPE
run: |
$RUN_CMD cmake -S $GITHUB_WORKSPACE -B $GITHUB_WORKSPACE/build \
-G Ninja -DCMAKE_BUILD_TYPE=$BUILD_TYPE
- name: Build
run: cmake --build $GITHUB_WORKSPACE --config $BUILD_TYPE
run: |
$RUN_CMD cmake --build $GITHUB_WORKSPACE/build --config $BUILD_TYPE
- name: Test
run: |
$RUN_CMD ctest --test-dir $GITHUB_WORKSPACE/build -C $BUILD_TYPE \
--output-on-failure \
-R SapiTest

View File

@ -62,17 +62,17 @@ jobs:
- name: Create Build Environment
run: |
pip3 install absl-py clang
cmake -E make_directory ${{runner.workspace}}/build
cmake -E make_directory $GITHUB_WORKSPACE/build
- name: Configure CMake
working-directory: ${{runner.workspace}}/build
run: cmake $GITHUB_WORKSPACE -G Ninja -DCMAKE_BUILD_TYPE=$BUILD_TYPE
run: |
cmake $GITHUB_WORKSPACE -G Ninja -DCMAKE_BUILD_TYPE=$BUILD_TYPE
- name: Build
working-directory: ${{runner.workspace}}/build
run: cmake --build . --config $BUILD_TYPE
run: |
cmake --build $GITHUB_WORKSPACE --config $BUILD_TYPE
# TODO(cblichmann): Before enabling this, make sure all OSS tests pass
#- name: Test
# working-directory: ${{runner.workspace}}/build
# run: ctest -C $BUILD_TYPE
- name: Test
run: |
ctest $GITHUB_WORKSPACE -C $BUILD_TYPE --output-on-failure \
-R SapiTest

3
.gitmodules vendored
View File

@ -4,9 +4,6 @@
[submodule "oss-internship-2020/openjpeg/openjpeg"]
path = oss-internship-2020/openjpeg/openjpeg
url = https://github.com/uclouvain/openjpeg.git
[submodule "oss-internship-2020/pffft/master"]
path = oss-internship-2020/pffft/master
url = https://bitbucket.org/jpommier/pffft/src/master/
[submodule "oss-internship-2020/gdal/gdal"]
path = oss-internship-2020/gdal/gdal
url = https://github.com/OSGeo/gdal/

View File

@ -14,6 +14,10 @@
cmake_minimum_required(VERSION 3.13..3.22)
if(POLICY CMP0083)
cmake_policy(SET CMP0083 NEW)
endif()
project(SandboxedAPI C CXX ASM)
# TODO(cblichmann): Enable for Android once support lands
@ -44,7 +48,18 @@ endif()
include(CheckCXXCompilerFlag)
# Sapi CMake modules, order matters
# Allow the header generator to auto-configure include paths
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
set(CMAKE_SKIP_BUILD_RPATH ON)
if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.14)
include(CheckPIESupported)
check_pie_supported()
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
endif()
# SAPI CMake modules, order matters
list(APPEND CMAKE_MODULE_PATH "${SAPI_SOURCE_DIR}/cmake"
"${SAPI_SOURCE_DIR}/cmake/modules")
include(SapiOptions)
@ -53,9 +68,6 @@ include(SapiUtil)
include(SapiBuildDefs)
include(GNUInstallDirs)
# Allow the header generator to auto-configure include paths
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
if(SAPI_HARDENED_SOURCE)
add_compile_options(-fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2)
add_link_options(-Wl,-z,relro -Wl,-z,now)
@ -76,7 +88,7 @@ configure_file(cmake/libcap_capability.h.in
# Library with basic project settings. The empty file is there to be able to
# define header-only libraries without cumbersome target_sources() hacks.
file(WRITE ${SAPI_BINARY_DIR}/sapi_base_force_cxx_linkage.cc "")
file(WRITE "${SAPI_BINARY_DIR}/sapi_base_force_cxx_linkage.cc" "")
add_library(sapi_base STATIC
"${SAPI_BINARY_DIR}/sapi_base_force_cxx_linkage.cc"
)
@ -85,20 +97,28 @@ target_compile_features(sapi_base PUBLIC
cxx_std_${SAPI_CXX_STANDARD}
)
set_target_properties(sapi_base PROPERTIES
SKIP_BUILD_RPATH ON
POSITION_INDEPENDENT_CODE ON
INTERFACE_POSITION_INDEPENDENT_CODE ON
)
target_include_directories(sapi_base PUBLIC
"${SAPI_BINARY_DIR}"
"${SAPI_SOURCE_DIR}"
"${Protobuf_INCLUDE_DIR}"
)
target_compile_options(sapi_base PUBLIC -fno-exceptions)
target_compile_options(sapi_base PUBLIC
-fno-exceptions
)
if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
target_compile_options(sapi_base PUBLIC
# The syscall tables in sandbox2/syscall_defs.cc are `std::array`s using
# CTAD and have more entries than the default limit of 256.
-fbracket-depth=768
)
endif()
set(_sapi_check_no_deprecated
-Wno-deprecated SAPI_HAS_W_NO_DEPRECATED
)
# For sandbox2/util.cc's CloneAndJump()
set(_sapi_check_frame_larger_than
# For sandbox2/util.cc's CloneAndJump()
-Wframe-larger-than=40960 SAPI_HAS_W_FRAME_LARGER_THAN
)
set(_sapi_check_no_deprecated_declarations

View File

@ -16,6 +16,9 @@
set(SAPI_CONTRIB_SANDBOXES
hunspell
jsonnet
libidn2
pffft
turbojpeg
zopfli
zstd
)

View File

@ -6,11 +6,15 @@ libraries.
## Projects Sandboxed
Directory | Project | Home Page | Integration
----------- | ------------------------------------------------- | -------------------------------------------------------------------- | -----------
`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake
------------ | ----------------------------------------------------------------- | ------------------------------------------------------------------------------------ | -----------
`c-blosc/` | c-blosc - A blocking, shuffling and loss-less compression library | [github.com/Blosc/c-blosc](https://github.com/Blosc/c-blosc) | CMake
`hunspell/` | Hunspell - The most popular spellchecking library | [github.com/hunspell/hunspell](https://github.com/hunspell/hunspell) | CMake
`jsonnet/` | Jsonnet - The Data Templating Language | [github.com/google/jsonnet](https://github.com/google/jsonnet) | CMake
`pffft/` | PFFFT - a pretty fast Fourier Transform | [bitbucket.org/jpommier/pffft.git](https://bitbucket.org/jpommier/pffft.git) | CMake
`zopfli` | Zopfli - Compression Algorithm | [github.com/google/zopfli](https://github.com/google/zopfli) | CMake
`zstd/` | Zstandard - Fast real-time compression algorithm | [github.com/facebook/zstd](https://github.com/facebook/zstd) | CMake
`libidn2/` | libidn2 - GNU IDN library | [www.gnu.org/software/libidn/#libidn2](https://www.gnu.org/software/libidn/#libidn2) | CMake
`turbojpeg/` | High-level JPEG library | [libjpeg-turbo.org/About/TurboJPEG](https://libjpeg-turbo.org/About/TurboJPEG) | CMake
## Projects Shipping with Sandboxed API Sandboxes

View File

@ -0,0 +1,90 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
cmake_minimum_required(VERSION 3.13..3.22)
project(sapi_blosc CXX)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED True)
if(NOT TARGET sapi::sapi)
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
add_subdirectory(
"${SAPI_ROOT}"
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
EXCLUDE_FROM_ALL
)
endif()
set(HIDE_SYMBOLS off)
FetchContent_Declare(
libblosc
GIT_REPOSITORY https://github.com/Blosc/c-blosc.git
GIT_TAG a0e5c18d37db8e6f1003254a574c8062c5b45e00
PATCH_COMMAND patch < "${CMAKE_SOURCE_DIR}/patches/c-blosc.cmake.patch" && cd blosc && patch < "${CMAKE_SOURCE_DIR}/patches/c-blosc.blosc.cmake.patch"
)
FetchContent_MakeAvailable(libblosc)
add_sapi_library(
sapi_blosc
FUNCTIONS
blosc_init
blosc_destroy
blosc_compress
blosc_decompress
blosc_get_nthreads
blosc_set_nthreads
blosc_get_compressor
blosc_set_compressor
blosc_list_compressors
blosc_get_version_string
blosc_get_blocksize
blosc_set_blocksize
blosc_set_splitmode
blosc_cbuffer_sizes
blosc_cbuffer_validate
blosc_cbuffer_versions
INPUTS
"${libblosc_SOURCE_DIR}/blosc/blosc.h"
LIBRARY blosc_static
LIBRARY_NAME Cblosc
NAMESPACE ""
)
add_library(sapi_contrib::blosc ALIAS sapi_blosc)
target_include_directories(sapi_blosc INTERFACE
"${PROJECT_BINARY_DIR}"
)
if (SAPI_ENABLE_EXAMPLES)
add_subdirectory(example)
endif()
if (SAPI_ENABLE_TESTS)
add_subdirectory(test)
endif()

View File

@ -0,0 +1,32 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
add_executable(
sapi_miniblosc
main.cc
../utils/utils_blosc.cc
)
target_include_directories(sapi_miniblosc INTERFACE
"${SAPI_SOURCE_DIR}"
)
target_link_libraries(
sapi_miniblosc PRIVATE
sapi_blosc
sapi::sapi
absl::flags_parse
)

View File

@ -0,0 +1,94 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <absl/flags/flag.h>
#include <absl/flags/parse.h>
#include <unistd.h>
#include <fstream>
#include <iostream>
#include <string>
#include "contrib/c-blosc/sandboxed.h"
#include "contrib/c-blosc/utils/utils_blosc.h"
ABSL_FLAG(bool, decompress, false, "decompress");
ABSL_FLAG(int, clevel, 5, "compression level");
ABSL_FLAG(uint32_t, nthreads, 5, "number of threads");
ABSL_FLAG(std::string, compressor, "blosclz",
"compressor engine. Available: blosclz, lz4, lz4hc, zlib, zstd");
absl::Status Stream(CbloscApi& api, std::string& infile_s,
std::string& outfile_s) {
std::ifstream infile(infile_s, std::ios::binary);
if (!infile.is_open()) {
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
}
std::ofstream outfile(outfile_s, std::ios::binary);
if (!outfile.is_open()) {
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
}
std::string compressor(absl::GetFlag(FLAGS_compressor));
if (absl::GetFlag(FLAGS_decompress)) {
return Decompress(api, infile, outfile, 5);
}
return Compress(api, infile, outfile, absl::GetFlag(FLAGS_clevel), compressor,
absl::GetFlag(FLAGS_nthreads));
}
int main(int argc, char* argv[]) {
std::string prog_name(argv[0]);
google::InitGoogleLogging(argv[0]);
std::vector<char*> args = absl::ParseCommandLine(argc, argv);
if (args.size() != 3) {
std::cerr << "Usage:\n " << prog_name << " INPUT OUTPUT\n";
return EXIT_FAILURE;
}
CbloscSapiSandbox sandbox;
if (!sandbox.Init().ok()) {
std::cerr << "Unable to start sandbox\n";
return EXIT_FAILURE;
}
CbloscApi api(&sandbox);
if (absl::Status status = api.blosc_init(); !status.ok()) {
std::cerr << "Unable to init library\n";
std::cerr << status << std::endl;
return EXIT_FAILURE;
}
std::string infile_s(args[1]);
std::string outfile_s(args[2]);
if (absl::Status status = Stream(api, infile_s, outfile_s); !status.ok()) {
std::cerr << "Unable to ";
std::cerr << (absl::GetFlag(FLAGS_decompress) ? "de" : "");
std::cerr << "compress file\n";
std::cerr << status << std::endl;
return EXIT_FAILURE;
}
if (absl::Status status = api.blosc_destroy(); !status.ok()) {
std::cerr << "Unable to uninitialize library\n";
std::cerr << status << std::endl;
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}

View File

@ -0,0 +1,59 @@
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam id ultricies neque, id blandit nisl. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas pharetra urna purus, a finibus erat sodales ac. Donec sed convallis felis, ac rutrum velit. Suspendisse dapibus ultrices euismod. Donec non erat scelerisque, pretium dui id, dignissim dolor. Vivamus id orci maximus, maximus sapien sed, tincidunt nunc.
Praesent fringilla lectus lobortis dui posuere, ac mollis neque ultrices. Fusce nec quam eget neque feugiat mollis quis sit amet ipsum. Suspendisse hendrerit elit tincidunt neque tincidunt mattis. Nulla vitae neque sit amet metus consequat ultrices a ac augue. Nunc viverra lacinia ultrices. Vivamus in cursus ex, a sollicitudin purus. Curabitur et consectetur enim. Duis euismod magna eget velit tristique, at varius lorem posuere. Quisque non erat at diam blandit sollicitudin sit amet ac lectus. Maecenas nec consectetur augue, vel dignissim orci. Etiam rutrum ac massa at accumsan.
Nullam congue lacus et eros ornare, et malesuada nunc varius. Mauris facilisis suscipit nisl non tristique. Proin lobortis diam vel mi tempus, sit amet iaculis eros iaculis. Phasellus a metus ac purus pellentesque fermentum. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Suspendisse venenatis quam vel sapien scelerisque commodo. Donec nec urna feugiat, semper ipsum non, dapibus neque. Aenean egestas tortor sit amet interdum convallis.
Cras sed enim scelerisque orci hendrerit porta. Duis egestas erat sollicitudin vestibulum convallis. Proin eget eros in neque ultricies posuere. Quisque sodales nisi nulla, non sollicitudin ipsum sodales in. Phasellus feugiat sollicitudin enim, in faucibus massa cursus nec. Donec arcu erat, ultricies eget nisi scelerisque, pharetra fringilla nisl. Maecenas et consectetur neque. Duis vel rhoncus lacus. Nulla nec lorem iaculis, consequat sapien a, semper leo.
Praesent vehicula sem in tempor pulvinar. Sed porttitor volutpat nulla eget tempor. Phasellus sit amet quam justo. Donec sit amet lacus dolor. Ut finibus sollicitudin dui vitae tincidunt. Mauris commodo nec orci convallis accumsan. In dapibus urna ex, in convallis purus ornare vel.
Suspendisse potenti. Nulla mi lorem, dictum accumsan mollis vitae, commodo vitae purus. Nullam accumsan lectus elit, vel volutpat lectus varius eget. Sed in condimentum neque. Mauris nibh arcu, dignissim sed ipsum a, imperdiet mattis neque. Nam eu pretium orci, a semper mauris. Proin dui lacus, auctor nec nibh sed, eleifend interdum libero. Vestibulum venenatis gravida risus in pulvinar. Sed sit amet leo vehicula, lacinia nisi et, dignissim ex. Fusce consectetur sollicitudin nisi. Pellentesque nec mauris vitae arcu iaculis semper eu eu odio. Ut facilisis erat a hendrerit egestas. Nullam tristique augue nunc, et ornare risus efficitur et. Quisque placerat risus metus, eu rutrum dui egestas et. Donec elementum sapien leo, vitae porttitor metus pharetra luctus.
Ut non neque vel nibh accumsan luctus at eu ipsum. Ut vitae lacus vestibulum, sodales purus quis, elementum neque. Pellentesque a justo non massa finibus iaculis in sit amet mi. Nunc vel justo libero. Proin mollis ex quis nulla sollicitudin, quis porttitor justo imperdiet. Aenean vulputate semper consectetur. Aenean nibh tortor, viverra commodo magna sed, condimentum efficitur tellus. Maecenas eros mauris, tempor at porta ut, laoreet quis est. Proin eu purus a dolor aliquet bibendum nec ac velit. Phasellus quis tortor risus. Aliquam non felis quis massa scelerisque ullamcorper. Nulla tristique nunc ligula, quis semper lacus tincidunt ut. Maecenas in aliquet magna. Phasellus sed dolor id felis blandit efficitur a at nulla.
Curabitur condimentum est non felis luctus, in tempus tellus tempus. Curabitur at quam nec mi vulputate sollicitudin quis a arcu. Phasellus lectus lorem, feugiat sit amet accumsan in, pretium ut leo. Integer vulputate ante ac nunc elementum varius. Nunc interdum tellus auctor, rutrum urna ut, imperdiet quam. Maecenas non accumsan lorem. Donec sem augue, tincidunt vel aliquam in, viverra et tellus. Duis lobortis, arcu quis scelerisque rhoncus, velit enim lacinia sem, sed commodo lorem ex cursus ligula. Integer nec auctor erat. Proin feugiat vel odio a fringilla. Nam dignissim augue elit. Nam sed lectus consequat, lacinia est vel, maximus eros. Aenean egestas ultricies odio. Mauris ut cursus ipsum. Fusce porttitor, eros sed sollicitudin porttitor, quam ipsum blandit nunc, ut sagittis metus diam tristique tortor. In sagittis odio odio, et ullamcorper augue gravida vel.
Nam vulputate nulla ut faucibus pulvinar. Praesent in purus non orci semper imperdiet. Vivamus vel diam ornare, eleifend tellus sit amet, viverra orci. Proin porttitor ipsum et odio laoreet, quis efficitur nisl dictum. Vestibulum mollis, arcu ut semper iaculis, nulla sapien vehicula enim, quis vulputate dolor leo hendrerit felis. Vestibulum mi purus, tristique vel vulputate et, efficitur ac turpis. Aenean facilisis sed nisl ac iaculis. Proin scelerisque justo a diam commodo, ac volutpat nisi sodales. Aliquam hendrerit blandit sapien, eu pretium risus dictum nec. Aliquam ultrices tincidunt magna nec bibendum. Vivamus dapibus et lectus at suscipit. Phasellus maximus, nibh sed tempor convallis, arcu erat condimentum ex, id laoreet ex leo nec mi. Aenean ultricies eget quam non ultrices. Donec sollicitudin ex non elit mattis rutrum.
Aliquam feugiat, elit a lobortis aliquam, orci augue rhoncus urna, et condimentum nibh est at est. Morbi eu diam quis nisi tristique tempus id ac tortor. Praesent a aliquet sem. Donec a mollis tellus, in dapibus ligula. Nullam quis dictum leo. Nam turpis diam, imperdiet id felis non, rutrum vehicula dui. Donec eleifend augue eu mauris tristique, non condimentum sapien dapibus. Fusce congue scelerisque suscipit. In in vulputate enim, malesuada mollis augue. Vestibulum tristique tempus ipsum vel venenatis. Quisque mauris urna, congue in lorem sed, dapibus convallis lorem. In eget arcu varius, tempor nisi quis, fermentum ipsum. Cras faucibus lacus sed massa pulvinar, vel viverra felis rhoncus.
Nulla in nisi fringilla, molestie nisi at, dapibus arcu. Aenean ut justo eget neque tincidunt elementum. Ut varius, neque eu tempor pellentesque, magna turpis fermentum neque, eget pulvinar diam purus sit amet augue. Curabitur suscipit pharetra nisi egestas convallis. Aliquam et ex pulvinar eros malesuada viverra sed in libero. Quisque molestie dictum arcu at ultricies. Nulla id metus non lacus posuere vestibulum vel ut sem. Proin pulvinar nisl nisl, a imperdiet enim ultrices vel. Etiam malesuada posuere dignissim. Donec mollis nulla ut enim sollicitudin, nec commodo ante malesuada. Quisque sit amet augue eu quam malesuada mollis sed at ipsum.
Aliquam quam est, maximus sed porta ut, placerat eu nunc. Vivamus ultrices ultricies tristique. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. In et mi eu lacus rhoncus condimentum ultrices non velit. Suspendisse imperdiet, ipsum eu commodo euismod, est dolor sollicitudin augue, eu blandit risus tortor sit amet eros. Aliquam rutrum feugiat magna, sit amet aliquam tortor rutrum non. Fusce tempor rhoncus lectus vitae molestie. Sed ut tellus sagittis, congue enim mollis, malesuada ligula. Sed id tellus vel dolor commodo posuere malesuada et felis.
Morbi quis risus nec lectus maximus tristique vehicula a lectus. Suspendisse ipsum urna, accumsan sit amet dui id, malesuada pellentesque diam. Sed sit amet tellus rutrum, placerat urna nec, tristique libero. Etiam luctus sit amet dui in rutrum. Etiam iaculis, tortor ut vulputate blandit, enim ligula euismod tortor, a porttitor leo ex sit amet lorem. Proin fermentum, est et fermentum laoreet, ante risus aliquam odio, nec consectetur dui leo in est. Etiam dapibus risus sit amet quam viverra gravida. Aenean at libero quis dolor consectetur ultricies. Maecenas rutrum mattis dui, ut auctor elit fringilla vitae. Nulla consequat tincidunt ligula ac dapibus. Vestibulum nisl erat, pharetra ac cursus sed, molestie sit amet justo. Vestibulum lobortis id ligula in elementum. Mauris non purus a magna feugiat tempus et at erat. In tincidunt diam vitae rutrum molestie. Pellentesque ut nisi laoreet, semper mi aliquet, rhoncus dolor.
Pellentesque lacinia quis felis ac fringilla. Cras ante enim, efficitur non erat in, gravida mollis diam. Aliquam accumsan nulla nec eros aliquam fringilla. Mauris scelerisque aliquam fringilla. Aliquam lacinia mi orci, sit amet dignissim lorem lacinia at. Duis elit arcu, iaculis id risus at, porta sollicitudin sapien. Duis ante eros, consequat vitae massa at, auctor interdum nisi. Vivamus sit amet dui neque. Mauris tincidunt vestibulum arcu, consequat condimentum urna tincidunt vel. Sed a urna magna. Nullam in pharetra nulla.
Nunc id purus at ipsum blandit consectetur sagittis non lorem. In sit amet aliquam ante. Integer convallis lectus eu lorem finibus vulputate. Morbi feugiat turpis id neque posuere, non elementum turpis volutpat. Nullam gravida, turpis vitae varius placerat, neque nisl bibendum velit, at suscipit eros ipsum et lorem. Integer arcu eros, gravida eu mauris condimentum, tincidunt euismod mi. Sed id elit vitae nulla aliquet laoreet. Sed pulvinar sollicitudin fermentum. Fusce semper ullamcorper mollis. Aenean laoreet, sem non cursus volutpat, metus elit scelerisque nisi, eget maximus neque enim non orci.
Curabitur lacinia suscipit rutrum. Curabitur convallis eu lorem nec accumsan. Morbi et turpis sit amet erat mollis vehicula et eu risus. Nulla vel urna mollis, laoreet risus vel, auctor risus. Cras rutrum tempor ligula, sed fringilla justo tempor gravida. Nam tincidunt elementum dolor in sollicitudin. Donec pretium diam sed libero varius efficitur. Vivamus non nunc vulputate, accumsan ipsum sit amet, facilisis urna. Suspendisse suscipit, diam et ultrices maximus, enim sapien facilisis ligula, ut lacinia metus nisl eget felis. Proin egestas sollicitudin est ac auctor. Cras sapien turpis, interdum vitae laoreet sed, aliquam sed ex. Sed ullamcorper mi eu nisi varius facilisis. Nam fringilla at augue sit amet finibus. Mauris vitae facilisis purus.
Suspendisse hendrerit lacus eget nisi bibendum sodales. In scelerisque sem eget est suscipit, in sollicitudin urna ultricies. Aenean ac mi non mauris congue viverra. Nam fermentum, purus ut consectetur volutpat, augue arcu luctus eros, quis efficitur felis mi nec ligula. Nullam eget feugiat ante. Donec rutrum, ex sit amet sodales venenatis, leo nibh euismod lacus, nec auctor purus urna in enim. Aliquam erat volutpat. Ut a ante rhoncus, cursus massa quis, porttitor mi. Nullam non lectus et mauris mollis lacinia. Curabitur euismod euismod nisi vitae malesuada. Donec vel finibus justo. Suspendisse lobortis efficitur ligula sed bibendum.
Integer mauris nulla, auctor vel imperdiet vitae, commodo vel arcu. Nulla sit amet tempor ante, ac elementum dolor. Nam fermentum euismod est nec pulvinar. Etiam eleifend blandit nisl non mollis. Vestibulum porta sed nunc at aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Interdum et malesuada fames ac ante ipsum primis in faucibus. Donec id sem eu eros lobortis malesuada. Maecenas cursus neque a purus rhoncus, fermentum sagittis enim viverra. Proin blandit laoreet est eget feugiat.
Nulla nec nulla pellentesque, ullamcorper felis eget, bibendum augue. Sed lectus felis, tempor ac est non, commodo viverra augue. Ut bibendum arcu eget dapibus consectetur. Morbi id lectus vulputate, maximus leo sed, tincidunt leo. Nunc id nibh a lacus sagittis tristique at ac dolor. Nunc sed iaculis dolor. Cras maximus vulputate metus, a finibus magna sagittis non. Morbi porta fringilla enim, non pellentesque elit pellentesque eu. Vivamus pharetra dictum fermentum. Etiam consequat iaculis consequat. Morbi pharetra ante quam, quis efficitur purus finibus quis. Nulla at volutpat arcu. Curabitur augue lorem, lacinia eget augue vel, dignissim fringilla augue. Duis facilisis nulla turpis, ut fringilla quam efficitur ut. Cras tincidunt, tellus et dignissim ultricies, ligula ex pulvinar enim, vitae convallis erat ex ac neque.
Mauris sed auctor lorem. Vestibulum non ligula viverra, rhoncus quam at, pulvinar tellus. Phasellus dictum tellus eu nisl dignissim, id vulputate odio tincidunt. Mauris ornare ipsum nec maximus maximus. Nulla non sagittis turpis, in blandit magna. Donec at leo gravida, cursus diam ac, ornare velit. Praesent ipsum lorem, fermentum id lacinia ac, ultrices ac lectus. Vestibulum efficitur eget ipsum vitae vulputate. Aenean placerat magna sed ligula efficitur, ut consequat eros vestibulum. Proin placerat sapien sed arcu pharetra volutpat. Nunc diam lectus, tincidunt id eleifend vel, lobortis a lectus. In id orci sed purus venenatis pulvinar quis eget odio. Praesent quis nisi porta, blandit nisi a, hendrerit lacus. Morbi mollis libero non commodo consequat. Nullam id erat mi.
Vestibulum sit amet ante turpis. Duis in cursus eros. Praesent luctus eget augue tristique porttitor. Sed scelerisque facilisis sem sed interdum. Donec tristique augue ex, sit amet auctor ex elementum id. Sed lacinia ultrices dui, vitae scelerisque leo fringilla quis. Proin condimentum facilisis justo. Integer nulla mi, laoreet vel magna elementum, dignissim volutpat turpis. Aliquam erat volutpat.
Ut at quam nulla. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam maximus felis quis tincidunt fringilla. Fusce hendrerit pharetra pharetra. Nullam venenatis augue eget neque venenatis varius. Aenean posuere posuere nibh, sed vulputate purus tristique a. Sed nec lacus egestas, rhoncus nunc varius, euismod metus.
Aliquam pellentesque vel turpis ut aliquam. Fusce aliquam fermentum eros, gravida finibus arcu lacinia ut. Morbi vehicula nulla vitae viverra imperdiet. Curabitur eu euismod dui. Nullam congue congue odio, vel varius libero volutpat ut. Curabitur ante urna, vehicula nec sodales vel, lacinia eget arcu. Ut mollis rhoncus orci et facilisis. Aenean feugiat, purus a porttitor feugiat, ex nunc convallis leo, vel semper metus dolor id neque. Proin placerat orci ut purus cursus vehicula. Praesent molestie gravida ipsum, ac sagittis augue viverra vitae. Donec mi purus, congue vitae blandit ut, sollicitudin eu lorem. Vivamus dapibus nibh sed placerat mollis. Fusce egestas nunc lorem, sed interdum turpis gravida eget. Pellentesque enim ante, accumsan pulvinar dignissim ut, faucibus ac orci.
Fusce tempor fringilla bibendum. Nulla eu suscipit dui. In hac habitasse platea dictumst. Vivamus at lobortis orci, sit amet aliquet nunc. Nunc lacus mauris, sagittis in ornare sit amet, venenatis et dolor. Donec pellentesque nisl blandit, facilisis urna ac, dapibus nisl. Integer sollicitudin commodo euismod. Maecenas vulputate consequat ligula a accumsan. Nunc id risus magna. Nullam pulvinar blandit ante quis elementum.
Aliquam cursus lectus dui, facilisis tincidunt libero euismod id. Integer id placerat ligula, sit amet mattis mi. Nullam sed nunc orci. Etiam ac dolor sit amet purus consectetur hendrerit. Sed facilisis venenatis ullamcorper. Maecenas tincidunt nunc scelerisque vehicula eleifend. Nullam tincidunt tristique felis sed tempus. Donec nec fermentum dui, in tempus libero. Nam viverra mauris ornare mi finibus, sit amet convallis dui aliquam. Cras ut ultrices tellus. Pellentesque scelerisque placerat vehicula. Quisque cursus malesuada nunc, ut ultricies metus imperdiet eget.
Proin tristique gravida justo eget hendrerit. Donec id tincidunt sapien. Fusce elementum metus eget risus fermentum, eget venenatis purus rutrum. Maecenas rhoncus pharetra eros a iaculis. Aliquam vestibulum ipsum sed vehicula tempor. Sed convallis tellus sed augue pellentesque, eget suscipit ex iaculis. Integer nisl sapien, vulputate vel congue eget, viverra id ante. Interdum et malesuada fames ac ante ipsum primis in faucibus. Nunc blandit aliquet ex nec vehicula. Sed tristique gravida tellus eget egestas. Quisque bibendum ligula velit, sed egestas diam rutrum in. Maecenas hendrerit augue nec elit lacinia mattis.
Phasellus ultrices ex augue, vel venenatis turpis laoreet in. Suspendisse a imperdiet lectus. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nulla quis nisl finibus, dictum urna eget, fermentum purus. Nam fermentum magna id nisi semper, nec tempor lorem blandit. Sed dignissim fringilla dui id lacinia. Phasellus vitae viverra erat. Interdum et malesuada fames ac ante ipsum primis in faucibus. Pellentesque vel malesuada lorem, pharetra consequat diam. Quisque tempor dui eu quam aliquam porta. Donec tortor tortor, tristique vitae sem eget, euismod viverra justo. Morbi id mollis ex. Suspendisse potenti. Donec rutrum, orci id molestie malesuada, massa ex fermentum nisi, vitae facilisis nisi turpis eget enim. Sed eu mi at augue maximus rhoncus. Cras vehicula tellus non gravida efficitur.
Mauris eros justo, finibus lacinia sodales ut, tempus a ligula. Nulla sit amet sagittis mauris, non fermentum magna. Quisque tristique sagittis porta. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In ultricies, lectus in rutrum lobortis, elit nisi bibendum turpis, a gravida ligula mi id dolor. In rhoncus suscipit lectus ac maximus. Nunc vulputate aliquam laoreet. Morbi eget purus sit amet odio suscipit rutrum. Suspendisse id enim eget justo fringilla fringilla. Maecenas et nulla consectetur, feugiat orci ac, scelerisque est. Pellentesque iaculis justo dui, nec volutpat elit tincidunt eget. Curabitur finibus est a nisl interdum, ut rutrum lorem luctus.
Nam dolor ipsum, egestas eget luctus nec, congue vitae eros. Donec libero massa, molestie nec augue lacinia, auctor iaculis tortor. Proin tellus mi, vestibulum in lacus at, fringilla commodo nulla. Ut ullamcorper, quam at blandit congue, mauris purus volutpat nisl, quis fermentum justo ipsum id mi. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Etiam vestibulum augue eget sagittis porta. Curabitur eget purus placerat, fringilla lorem non, pretium mauris. Suspendisse potenti. Ut cursus erat augue, quis laoreet felis posuere sit amet. Suspendisse potenti. Sed aliquet semper quam quis ultrices. Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Donec placerat massa et ipsum malesuada, in fringilla mi mollis. Curabitur vel condimentum enim. Donec luctus libero eget dapibus sagittis. Cras vulputate nibh non mauris accumsan, vel lobortis elit hendrerit. Praesent hendrerit ligula purus, non consequat libero accumsan sed. Suspendisse fringilla, tortor in fermentum congue, arcu tellus mollis sem, ut tempus enim dui non leo. Sed in augue diam. Maecenas vel neque eget mi lacinia ornare. Maecenas pharetra consectetur erat non feugiat. Aliquam lacinia augue eget elit maximus fringilla. Suspendisse risus lorem, porta eget nunc a, porta lobortis sapien.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,19 @@
# This is patch has a pending PR: https://github.com/Blosc/c-blosc/pull/329
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -3,10 +3,9 @@ add_definitions(-DUSING_CMAKE)
set(INTERNAL_LIBS ${PROJECT_SOURCE_DIR}/internal-complibs)
-# Hide symbols by default unless they're specifically exported.
-# This makes it easier to keep the set of exported symbols the
-# same across all compilers/platforms.
-set(CMAKE_C_VISIBILITY_PRESET hidden)
+if(HIDE_SYMBOLS)
+ set(CMAKE_C_VISIBILITY_PRESET hidden)
+endif(HIDE_SYMBOLS)
# includes
set(BLOSC_INCLUDE_DIRS ${BLOSC_INCLUDE_DIRS} ${CMAKE_CURRENT_SOURCE_DIR})

View File

@ -0,0 +1,25 @@
# This is patch has a pending PR: https://github.com/Blosc/c-blosc/pull/329
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -13,6 +13,8 @@
# build fuzz test programs and generates the "test" target
# BUILD_BENCHMARKS: default ON
# build the benchmark program
+# HIDE_SYMBOLS: default ON
+# hide the symols that aren't specifically exported
# DEACTIVATE_SSE2: default OFF
# do not attempt to build with SSE2 instructions
# DEACTIVATE_AVX2: default OFF
@@ -98,6 +100,11 @@ option(BUILD_TESTS
"Build test programs from the blosc compression library" ON)
option(BUILD_FUZZERS
"Build fuzzer programs from the blosc compression library" ${BUILD_STATIC})
+# Hide symbols by default unless they're specifically exported.
+# This makes it easier to keep the set of exported symbols the
+# same across all compilers/platforms.
+option(HIDE_SYMBOLS
+ "Build a libraries with hidden symbols unless they're specifically exported" ON)
option(BUILD_BENCHMARKS
"Build benchmark programs from the blosc compression library" ON)
option(DEACTIVATE_SSE2

View File

@ -0,0 +1,42 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef CONTRIB_CBLOSC_SANDBOXED_H_
#define CONTRIB_CBLOSC_SANDBOXED_H_
#include <libgen.h>
#include <syscall.h>
#include <memory>
#include "sapi_blosc.sapi.h" // NOLINT(build/include)
class CbloscSapiSandbox : public CbloscSandbox {
public:
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
sandbox2::PolicyBuilder*) override {
return sandbox2::PolicyBuilder()
.AllowStaticStartup()
.AllowRead()
.AllowWrite()
.AllowExit()
.AllowSystemMalloc()
.AllowSyscalls({
__NR_sysinfo,
})
.BuildOrDie();
}
};
#endif // CONTRIB_CBLOSC_SANDBOXED_

View File

@ -0,0 +1,33 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
include(GoogleTest)
add_executable(
sapi_blosc_test
test_blosc.cc
../utils/utils_blosc.cc
)
target_link_libraries(
sapi_blosc_test PRIVATE
sapi_blosc
sapi::temp_file
sapi::test_main
)
gtest_discover_tests(sapi_blosc_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files")

View File

@ -0,0 +1,325 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <fstream>
#include "contrib/c-blosc/sandboxed.h"
#include "contrib/c-blosc/utils/utils_blosc.h"
#include "sandboxed_api/util/path.h"
#include "sandboxed_api/util/status_matchers.h"
#include "sandboxed_api/util/temp_file.h"
namespace {
using ::sapi::IsOk;
constexpr size_t kDefaultBlockSize = 19059;
bool CompareFiles(const std::string& name1, const std::string& name2) {
std::ifstream f1(name1, std::ios::binary);
if (!f1.is_open()) {
return false;
}
std::ifstream f2(name2, std::ios::binary);
if (!f2.is_open()) {
return false;
}
while (!f1.eof() && !f2.eof()) {
char buf1[128];
char buf2[128];
f1.read(buf1, sizeof(buf1));
f2.read(buf2, sizeof(buf2));
if (f1.gcount() != f2.gcount()) {
return false;
}
if (memcmp(&buf1, &buf2, f2.gcount()) != 0) {
return false;
}
}
return f1.eof() == f2.eof();
}
std::string GetTestFilePath(const std::string& filename) {
return sapi::file::JoinPath(getenv("TEST_FILES_DIR"), filename);
}
std::string GetTemporaryFile(const std::string& filename) {
absl::StatusOr<std::string> tmp_file =
sapi::CreateNamedTempFileAndClose(filename);
if (!tmp_file.ok()) {
return "";
}
return sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *tmp_file);
}
std::streamsize GetStreamSize(std::ifstream& stream) {
stream.seekg(0, std::ios_base::end);
std::streamsize ssize = stream.tellg();
stream.seekg(0, std::ios_base::beg);
return ssize;
}
class TestText : public testing::TestWithParam<std::string> {};
TEST(SandboxTest, CheckInit) {
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
ASSERT_THAT(api.blosc_init(), IsOk());
}
TEST(SandboxTest, CheckDestroy) {
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
ASSERT_THAT(api.blosc_init(), IsOk());
ASSERT_THAT(api.blosc_destroy(), IsOk());
}
TEST(SandboxTest, CheckGetNThreads) {
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
SAPI_ASSERT_OK_AND_ASSIGN(int nthreads, api.blosc_get_nthreads());
ASSERT_GT(nthreads, 0);
}
TEST(SandboxTest, CheckSetNThreads) {
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
int nthreads;
SAPI_ASSERT_OK_AND_ASSIGN(nthreads, api.blosc_get_nthreads());
ASSERT_NE(nthreads, 3);
ASSERT_THAT(api.blosc_set_nthreads(3), IsOk());
SAPI_ASSERT_OK_AND_ASSIGN(nthreads, api.blosc_get_nthreads());
ASSERT_EQ(nthreads, 3);
}
TEST(SandboxTest, CheckGetBlocksize) {
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
SAPI_ASSERT_OK_AND_ASSIGN(size_t blocksize, api.blosc_get_blocksize());
ASSERT_NE(blocksize, kDefaultBlockSize);
}
TEST(SandboxTest, CheckSetBlocksize) {
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
size_t blocksize;
SAPI_ASSERT_OK_AND_ASSIGN(blocksize, api.blosc_get_blocksize());
ASSERT_NE(blocksize, 1337);
ASSERT_THAT(api.blosc_set_blocksize(1337), IsOk());
SAPI_ASSERT_OK_AND_ASSIGN(blocksize, api.blosc_get_blocksize());
ASSERT_EQ(blocksize, 1337);
}
TEST_P(TestText, CheckSizes) {
absl::Status status;
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
std::string compressor(GetParam());
std::string origfile_s = GetTestFilePath("text");
std::string infile_s = GetTestFilePath(absl::StrCat("text.", compressor));
std::ifstream origfile(origfile_s, std::ios::binary);
ASSERT_TRUE(origfile.is_open());
ssize_t origsize = GetStreamSize(origfile);
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
std::streamsize insize = GetStreamSize(infile);
sapi::v::Array<uint8_t> inbuf(insize);
infile.read(reinterpret_cast<char*>(inbuf.GetData()), insize);
sapi::v::IntBase<size_t> nbytes;
sapi::v::IntBase<size_t> cbytes;
sapi::v::IntBase<size_t> blocksize;
ASSERT_THAT(api.blosc_cbuffer_sizes(inbuf.PtrBefore(), nbytes.PtrAfter(),
cbytes.PtrAfter(), blocksize.PtrAfter()),
IsOk());
ASSERT_EQ(nbytes.GetValue(), origsize);
ASSERT_EQ(cbytes.GetValue(), insize);
ASSERT_EQ(blocksize.GetValue(), kDefaultBlockSize);
}
TEST_P(TestText, CheckValidate) {
absl::Status status;
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
std::string compressor(GetParam());
std::string origfile_s = GetTestFilePath("text");
std::string infile_s = GetTestFilePath(absl::StrCat("text.", compressor));
std::ifstream origfile(origfile_s, std::ios::binary);
ASSERT_TRUE(origfile.is_open());
ssize_t origsize = GetStreamSize(origfile);
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
std::streamsize insize = GetStreamSize(infile);
sapi::v::Array<uint8_t> inbuf(insize);
infile.read(reinterpret_cast<char*>(inbuf.GetData()), insize);
sapi::v::IntBase<size_t> nbytes;
SAPI_ASSERT_OK_AND_ASSIGN(
int ret, api.blosc_cbuffer_validate(inbuf.PtrBefore(), inbuf.GetSize(),
nbytes.PtrAfter()));
ASSERT_GE(ret, 0);
ASSERT_EQ(nbytes.GetValue(), origsize);
}
TEST_P(TestText, SetCompress) {
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
std::string compressor(GetParam());
SAPI_ASSERT_OK_AND_ASSIGN(
int ret, api.blosc_set_compressor(
sapi::v::ConstCStr(compressor.c_str()).PtrBefore()));
ASSERT_GE(ret, 0);
SAPI_ASSERT_OK_AND_ASSIGN(char* c_compressor_ret, api.blosc_get_compressor());
SAPI_ASSERT_OK_AND_ASSIGN(
std::string compressor_ret,
api.GetSandbox()->GetCString(sapi::v::RemotePtr(c_compressor_ret)));
EXPECT_EQ(compressor_ret, compressor);
}
TEST_P(TestText, Compress) {
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
std::string compressor(GetParam());
std::string infile_s = GetTestFilePath("text");
std::string outfile_s = GetTemporaryFile(absl::StrCat("out", compressor));
ASSERT_FALSE(outfile_s.empty());
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
std::ofstream outfile(outfile_s, std::ios::binary);
ASSERT_TRUE(outfile.is_open());
absl::Status status = Compress(api, infile, outfile, 5, compressor, 5);
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
ASSERT_LT(outfile.tellp(), infile.tellg());
}
TEST_P(TestText, Decompress) {
absl::Status status;
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
std::string compressor(GetParam());
std::string origfile_s = GetTestFilePath("text");
std::string infile_s = GetTestFilePath(absl::StrCat("text.", compressor));
std::string outfile_s = GetTemporaryFile(absl::StrCat("middle", compressor));
ASSERT_FALSE(outfile_s.empty());
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
std::ofstream outfile(outfile_s, std::ios::binary);
ASSERT_TRUE(outfile.is_open());
status = Decompress(api, infile, outfile, 5);
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
ASSERT_GT(outfile.tellp(), infile.tellg());
ASSERT_TRUE(CompareFiles(origfile_s, outfile_s));
}
TEST_P(TestText, CompressDecompress) {
absl::Status status;
CbloscSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
CbloscApi api = CbloscApi(&sandbox);
std::string compressor(GetParam());
std::string infile_s = GetTestFilePath("text");
std::string middlefile_s =
GetTemporaryFile(absl::StrCat("middle", compressor));
ASSERT_FALSE(middlefile_s.empty());
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
std::ofstream outmiddlefile(middlefile_s, std::ios::binary);
ASSERT_TRUE(outmiddlefile.is_open());
status = Compress(api, infile, outmiddlefile, 5, compressor, 5);
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
ASSERT_LT(outmiddlefile.tellp(), infile.tellg());
std::string outfile_s = GetTemporaryFile(absl::StrCat("out", compressor));
ASSERT_FALSE(outfile_s.empty());
std::ifstream inmiddlefile(middlefile_s, std::ios::binary);
ASSERT_TRUE(inmiddlefile.is_open());
std::ofstream outfile(outfile_s, std::ios::binary);
ASSERT_TRUE(outfile.is_open());
status = Decompress(api, inmiddlefile, outfile, 5);
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
ASSERT_GT(outfile.tellp(), inmiddlefile.tellg());
ASSERT_TRUE(CompareFiles(infile_s, outfile_s));
}
INSTANTIATE_TEST_SUITE_P(SandboxTest, TestText,
testing::Values("blosclz", "lz4", "lz4hc", "zlib",
"zstd"));
} // namespace

View File

@ -0,0 +1,122 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "contrib/c-blosc/utils/utils_blosc.h"
#include <fstream>
#include <iostream>
#include <string>
#include "contrib/c-blosc/sandboxed.h"
static const size_t kFileMaxSize = 1024 * 1024 * 1024; // 1GB
std::streamsize GetStreamSize(std::ifstream& stream) {
stream.seekg(0, std::ios_base::end);
std::streamsize ssize = stream.tellg();
stream.seekg(0, std::ios_base::beg);
return ssize;
}
absl::Status Compress(CbloscApi& api, std::ifstream& in_stream,
std::ofstream& out_stream, int clevel,
std::string& compressor, int nthreads) {
std::streamsize ssize = GetStreamSize(in_stream);
sapi::v::Array<uint8_t> inbuf(ssize);
sapi::v::Array<uint8_t> outbuf(ssize);
in_stream.read(reinterpret_cast<char*>(inbuf.GetData()), ssize);
if (in_stream.gcount() != ssize) {
return absl::UnavailableError("Unable to read file");
}
int ret;
SAPI_ASSIGN_OR_RETURN(
ret, api.blosc_set_compressor(
sapi::v::ConstCStr(compressor.c_str()).PtrBefore()));
if (ret < 0) {
return absl::UnavailableError("Unable to set compressor");
}
SAPI_ASSIGN_OR_RETURN(ret, api.blosc_set_nthreads(nthreads));
if (ret < 0) {
return absl::UnavailableError("Unable to set nthreads");
}
SAPI_ASSIGN_OR_RETURN(
ssize_t outsize, api.blosc_compress(clevel, 1, sizeof(uint8_t),
inbuf.GetSize(), inbuf.PtrBefore(),
outbuf.PtrAfter(), outbuf.GetSize()));
if (outsize <= 0) {
return absl::UnavailableError("Unable to compress file.");
}
out_stream.write(reinterpret_cast<char*>(outbuf.GetData()), outsize);
if (!out_stream.good()) {
return absl::UnavailableError("Unable to write file");
}
return absl::OkStatus();
}
absl::Status Decompress(CbloscApi& api, std::ifstream& in_stream,
std::ofstream& out_stream, int nthreads) {
std::streamsize ssize = GetStreamSize(in_stream);
sapi::v::Array<uint8_t> inbuf(ssize);
in_stream.read(reinterpret_cast<char*>(inbuf.GetData()), ssize);
if (in_stream.gcount() != ssize) {
return absl::UnavailableError("Unable to read file");
}
int ret;
SAPI_ASSIGN_OR_RETURN(ret, api.blosc_set_nthreads(nthreads));
if (ret < 0) {
return absl::UnavailableError("Unable to set nthreads");
}
// To not transfer memory twice (for blosc_cbuffer_sizes and decopmress),
// tranfer memory before using it.
SAPI_RETURN_IF_ERROR(api.GetSandbox()->Allocate(&inbuf, true));
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&inbuf));
sapi::v::IntBase<size_t> nbytes;
sapi::v::IntBase<size_t> cbytes;
sapi::v::IntBase<size_t> blocksize;
SAPI_RETURN_IF_ERROR(
api.blosc_cbuffer_sizes(inbuf.PtrNone(), nbytes.PtrAfter(),
cbytes.PtrAfter(), blocksize.PtrAfter()));
if (nbytes.GetValue() == 0) {
return absl::UnavailableError("Unable to get size");
}
if (nbytes.GetValue() > kFileMaxSize) {
return absl::UnavailableError("The file is to large");
}
sapi::v::Array<uint8_t> outbuf(nbytes.GetValue());
SAPI_ASSIGN_OR_RETURN(ssize_t outsize,
api.blosc_decompress(inbuf.PtrNone(), outbuf.PtrAfter(),
outbuf.GetSize()));
if (outsize <= 0) {
return absl::UnavailableError("Unable to decompress file");
}
out_stream.write(reinterpret_cast<char*>(outbuf.GetData()), outsize);
if (!out_stream.good()) {
return absl::UnavailableError("Unable to write file");
}
return absl::OkStatus();
}

View File

@ -0,0 +1,29 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_
#define CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_
#include <fstream>
#include <string>
#include "absl/status/status.h"
absl::Status Compress(CbloscApi& api, std::ifstream& in_stream,
std::ofstream& out_stream, int clevel,
std::string& compress, int nthreads);
absl::Status Decompress(CbloscApi& api, std::ifstream& in_stream,
std::ofstream& out_stream, int nthreads);
#endif // CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_

View File

@ -12,50 +12,48 @@
# See the License for the specific language governing permissions and
# limitations under the License.
cmake_minimum_required(VERSION 3.10)
cmake_minimum_required(VERSION 3.13..3.22)
project(pffft CXX C)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED True)
if(NOT TARGET sapi::sapi)
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
add_subdirectory("${SAPI_ROOT}"
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
EXCLUDE_FROM_ALL)
endif()
include(CheckLibraryExists)
FetchContent_Declare(pffft
GIT_REPOSITORY https://bitbucket.org/jpommier/pffft.git
GIT_TAG 988259a41d1522047a9420e6265a6ba8289c1654 # 2021-12-02
)
FetchContent_MakeAvailable(pffft)
add_library(pffft STATIC
master/pffft.c
master/pffft.h
master/fftpack.c
master/fftpack.h
"${pffft_SOURCE_DIR}/pffft.c"
"${pffft_SOURCE_DIR}/pffft.h"
"${pffft_SOURCE_DIR}/fftpack.c"
"${pffft_SOURCE_DIR}/fftpack.h"
)
add_executable(pffft_main
master/test_pffft.c
"${pffft_SOURCE_DIR}/test_pffft.c"
)
target_link_libraries(pffft_main PRIVATE
pffft
)
set(MATH_LIBS "")
include(CheckLibraryExists)
check_library_exists(m sin "" LIBM)
if(LIBM)
list(APPEND MATH_LIBS "m")
check_library_exists(m sin "" _sapi_HAVE_LIBM)
if(_sapi_HAVE_LIBM)
target_link_libraries(pffft PUBLIC
m
)
endif()
target_link_libraries(pffft PUBLIC ${MATH_LIBS})
# Adding dependencies
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
# Then configure:
# mkdir -p build && cd build
# cmake .. -G Ninja -DSAPI_ROOT=$HOME/sapi_root
set(SAPI_ENABLE_EXAMPLES OFF CACHE BOOL "")
set(SAPI_ENABLE_TESTS OFF CACHE BOOL "")
add_subdirectory("${SAPI_ROOT}"
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
# Omit this to have the full Sandboxed API in IDE
EXCLUDE_FROM_ALL)
add_sapi_library(pffft_sapi
FUNCTIONS pffft_new_setup
pffft_destroy_setup
@ -83,22 +81,23 @@ add_sapi_library(pffft_sapi
sinti
sint
INPUTS master/pffft.h master/fftpack.h
INPUTS "${pffft_SOURCE_DIR}/pffft.h"
"${pffft_SOURCE_DIR}/fftpack.h"
LIBRARY pffft
LIBRARY_NAME Pffft
NAMESPACE ""
)
add_library(sapi_contrib::pffft ALIAS pffft_sapi)
target_include_directories(pffft_sapi INTERFACE
"${PROJECT_BINARY_DIR}"
"${SAPI_SOURCE_DIR}"
)
add_executable(pffft_sandboxed
main_pffft_sandboxed.cc
)
target_link_libraries(pffft_sandboxed PRIVATE
pffft_sapi
sapi_contrib::pffft
sapi::sapi
)

View File

@ -1,16 +1,35 @@
# Sandboxing PFFFT library
This library was sandboxed as part of Google's summer 2020 internship program
([blog post](https://security.googleblog.com/2020/12/improving-open-source-security-during.html)).
Build System: CMake
OS: Linux
### Check out the PFFFT library & CMake set up
```
git submodule update --init --recursive
### How to use from an existing Project
mkdir -p build && cd build
cmake .. -G Ninja -DPFFFT_ROOT_DIR=$PWD
ninjas
If your project does not include Sandboxed API as a dependency yet, add the
following lines to the main `CMakeLists.txt`:
```cmake
include(FetchContent)
FetchContent_Declare(sandboxed-api
GIT_REPOSITORY https://github.com/google/sandboxed-api
GIT_TAG main # Or pin a specific commit/tag
)
FetchContent_MakeAvailable(sandboxed-api) # CMake 3.14 or higher
add_sapi_subdirectory(contrib/pffft)
```
The `add_sapi_subdirectory()` macro sets up the source and binary directories
for the sandboxed jsonnet targets.
Afterwards your project's code can link to `sapi_contrib::pffft` and use the
generated header `pffft_sapi.sapi.h`. An example sandbox policy can be found
in `main_pffft_sandboxed.cc`.
### For testing:
`cd build`, then `./pffft_sandboxed`
@ -19,14 +38,15 @@ display custom info with
`./pffft_sandboxed --logtostderr`
## ***About the project***
*PFFFT library is concerned with 1D Fast-Fourier Transformations finding a
PFFFT library is concerned with 1D Fast-Fourier Transformations finding a
compromise between accuracy and speed. It deals with real and complex
vectors, both cases being illustrated in the testing part (`test_pffft.c`
for initially and original version, `main_pffft_sandboxed.cc` for our
currently implemented sandboxed version).
The original files can be found at: https://bitbucket.org/jpommier/pffft/src.*
*The purpose of sandboxing is to limit the permissions and capabilities of
The purpose of sandboxing is to limit the permissions and capabilities of
librarys methods, in order to secure the usage of them.
After obtaining the sandbox, the functions will be called through an
Sandbox API (being called `api` in the current test) and so, the
@ -50,10 +70,12 @@ Without using this type of argument when running, the output format is set
by default.*
#### CMake observations resume:
* linking pffft and fftpack (which contains necessary functions for pffft)
* set math library
#### Sandboxed main observations resume:
* containing two testing parts (fft / pffft benchmarks)
* showing the performance of the transformations implies
testing them through various FFT dimenstions.

View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <gflags/gflags.h>
#include <syscall.h>
#include <cmath>
#include <cstdio>
@ -21,6 +21,7 @@
#include <ctime>
#include <glog/logging.h>
#include "gflags/gflags.h"
#include "pffft_sapi.sapi.h" // NOLINT(build/include)
#include "sandboxed_api/util/flag.h"
#include "sandboxed_api/vars.h"

View File

@ -0,0 +1,44 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
cmake_minimum_required(VERSION 3.13..3.22)
project(turbojpeg-sapi CXX C)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED True)
if(NOT TARGET sapi::sapi)
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
add_subdirectory("${SAPI_ROOT}"
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
EXCLUDE_FROM_ALL)
endif()
find_package(PkgConfig REQUIRED)
pkg_check_modules(TURBOJPEG REQUIRED IMPORTED_TARGET libturbojpeg)
add_sapi_library(turbojpeg_sapi
INPUTS "${TURBOJPEG_INCLUDEDIR}/turbojpeg.h"
LIBRARY turbojpeg
LIBRARY_NAME TurboJPEG
NAMESPACE "turbojpeg_sapi"
)
add_library(sapi_contrib::turbojpeg ALIAS turbojpeg_sapi)
target_include_directories(turbojpeg_sapi INTERFACE
"${PROJECT_BINARY_DIR}"
)
if(SAPI_ENABLE_TESTS)
add_subdirectory(tests)
endif()

View File

@ -0,0 +1,26 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
include(GoogleTest)
add_executable(turbojpeg_sapi_test turbojpeg_sapi_test.cc)
target_link_libraries(turbojpeg_sapi_test PRIVATE
turbojpeg_sapi
sapi::base
gtest
gmock
)
gtest_discover_tests(turbojpeg_sapi_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/tests")

Binary file not shown.

After

Width:  |  Height:  |  Size: 257 B

Binary file not shown.

View File

@ -0,0 +1,181 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#define _GNU_SOURCE 1
#include "../turbojpeg_sapi.h" // NOLINT(build/include)
#include <turbojpeg.h>
#include <cerrno>
#include <cstdlib>
#include <fstream>
#include <iostream>
#include "gflags/gflags.h"
#include "glog/logging.h"
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "sandboxed_api/testing.h"
#include "sandboxed_api/util/fileops.h"
#include "sandboxed_api/util/path.h"
#include "sandboxed_api/util/status_matchers.h"
#include "turbojpeg_sapi.sapi.h" // NOLINT(build/include)
namespace {
using ::sapi::IsOk;
using ::testing::Eq;
using ::testing::Gt;
using ::testing::Not;
using ::testing::NotNull;
using ::testing::StrEq;
class TurboJpegSapiSandboxTest : public testing::Test {
protected:
static void SetUpTestSuite() {
ASSERT_THAT(getenv("TEST_FILES_DIR"), NotNull());
sandbox_ = new TurboJpegSapiSandbox();
ASSERT_THAT(sandbox_->Init(), IsOk());
api_ = new turbojpeg_sapi::TurboJPEGApi(sandbox_);
}
static void TearDownTestSuite() {
delete api_;
delete sandbox_;
}
static std::string GetTurboJpegErrorStr(sapi::v::Ptr* handle) {
auto errmsg_ptr = api_->tjGetErrorStr2(handle);
if (!errmsg_ptr.ok()) return "Error getting error message";
auto errmsg =
sandbox_->GetCString(sapi::v::RemotePtr(errmsg_ptr.value()), 256);
if (!errmsg.ok()) return "Error getting error message";
return errmsg.value();
}
static turbojpeg_sapi::TurboJPEGApi* api_;
static TurboJpegSapiSandbox* sandbox_;
};
turbojpeg_sapi::TurboJPEGApi* TurboJpegSapiSandboxTest::api_;
TurboJpegSapiSandbox* TurboJpegSapiSandboxTest::sandbox_;
std::string GetTestFilePath(const std::string& filename) {
return sapi::file::JoinPath(getenv("TEST_FILES_DIR"), filename);
}
std::streamsize GetStreamSize(std::ifstream& stream) {
stream.seekg(0, std::ios_base::end);
std::streamsize ssize = stream.tellg();
stream.seekg(0, std::ios_base::beg);
return ssize;
}
absl::StatusOr<std::vector<uint8_t>> ReadFile(const std::string& in_file,
size_t expected_size = SIZE_MAX) {
std::ifstream f(GetTestFilePath(in_file));
if (!f.is_open()) {
return absl::UnavailableError("File could not be opened");
}
std::streamsize ssize = GetStreamSize(f);
if (expected_size != SIZE_MAX && ssize != expected_size) {
return absl::UnavailableError("Incorrect size of file");
}
std::vector<uint8_t> inbuf(ssize);
f.read(reinterpret_cast<char*>(inbuf.data()), ssize);
if (ssize != f.gcount()) {
return absl::UnavailableError("Premature end of file");
}
if (f.fail() || f.eof()) {
return absl::UnavailableError("Error reading file");
}
return inbuf;
}
TEST_F(TurboJpegSapiSandboxTest, Compressor) {
absl::StatusOr<void*> compression_handle_raw = api_->tjInitCompress();
ASSERT_THAT(compression_handle_raw, IsOk());
ASSERT_THAT(compression_handle_raw.value(), NotNull());
sapi::v::RemotePtr compression_handle{compression_handle_raw.value()};
auto result = ReadFile("sample.rgb", 12 * 67 * 3);
ASSERT_THAT(result, IsOk());
sapi::v::Array array(result->data(), result->size());
sapi::v::GenericPtr buffer;
{
sapi::v::ULong length{0};
auto result = api_->tjCompress2(&compression_handle, array.PtrBefore(), 12,
36, 67, TJPF_RGB, buffer.PtrAfter(),
length.PtrBoth(), TJSAMP_444, 10, 0);
ASSERT_THAT(result, IsOk());
ASSERT_THAT(result.value(), Eq(0))
<< "Error from sandboxee: "
<< GetTurboJpegErrorStr(&compression_handle);
ASSERT_TRUE(buffer.GetValue());
ASSERT_TRUE(buffer.GetRemote());
ASSERT_THAT(length.GetValue(), Gt(0));
}
auto value = buffer.GetValue();
auto destroy_result = api_->tjDestroy(&compression_handle);
ASSERT_THAT(destroy_result, IsOk());
ASSERT_THAT(destroy_result.value(), Eq(0));
}
TEST_F(TurboJpegSapiSandboxTest, Decompressor) {
absl::StatusOr<void*> decompression_handle_raw = api_->tjInitDecompress();
ASSERT_THAT(decompression_handle_raw, IsOk());
ASSERT_THAT(decompression_handle_raw.value(), NotNull());
sapi::v::RemotePtr decompression_handle{decompression_handle_raw.value()};
auto result = ReadFile("sample.jpeg");
ASSERT_THAT(result, IsOk());
sapi::v::Array array(result->data(), result->size());
sapi::v::Int width{0};
sapi::v::Int height{0};
sapi::v::Int subsamp{0};
sapi::v::Int colorspace{0};
auto decompress_result = api_->tjDecompressHeader3(
&decompression_handle, array.PtrBefore(), result->size(),
width.PtrAfter(), height.PtrAfter(), subsamp.PtrAfter(),
colorspace.PtrAfter());
ASSERT_THAT(decompress_result, IsOk());
ASSERT_THAT(decompress_result.value(), Eq(0))
<< "Error from sandboxee: "
<< GetTurboJpegErrorStr(&decompression_handle);
ASSERT_THAT(width.GetValue(), Eq(67));
ASSERT_THAT(height.GetValue(), Eq(12));
ASSERT_THAT(subsamp.GetValue(), Eq(TJSAMP_GRAY));
ASSERT_THAT(colorspace.GetValue(), Eq(TJCS_GRAY));
auto arr = sapi::v::Array<unsigned char>(12 * 67 * 3);
decompress_result = api_->tjDecompress2(
&decompression_handle, array.PtrBefore(), result->size(), arr.PtrAfter(),
12, 36, 67, TJCS_RGB, 0);
ASSERT_THAT(decompress_result, IsOk());
EXPECT_THAT(decompress_result.value(), Eq(0))
<< "Error from sandboxee: "
<< GetTurboJpegErrorStr(&decompression_handle);
decompress_result = api_->tjDestroy(&decompression_handle);
ASSERT_THAT(decompress_result, IsOk());
ASSERT_THAT(decompress_result.value(), Eq(0));
}
} // namespace
int main(int argc, char* argv[]) {
::google::InitGoogleLogging(program_invocation_short_name);
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

View File

@ -0,0 +1,44 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
#define CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
#include <syscall.h>
#include "sandboxed_api/util/fileops.h"
#include "turbojpeg_sapi.sapi.h" // NOLINT(build/include)
class TurboJpegSapiSandbox : public turbojpeg_sapi::TurboJPEGSandbox {
public:
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
sandbox2::PolicyBuilder*) override {
return sandbox2::PolicyBuilder()
.AllowSystemMalloc()
.AllowRead()
.AllowStat()
.AllowWrite()
.AllowExit()
.AllowSyscalls({
__NR_futex,
__NR_close,
__NR_lseek,
__NR_getpid,
__NR_clock_gettime,
})
.AllowLlvmSanitizers()
.BuildOrDie();
}
};
#endif // CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_

View File

@ -32,6 +32,8 @@ FetchContent_Declare(zopfli
)
FetchContent_MakeAvailable(zopfli)
add_subdirectory(wrapper)
add_sapi_library(
sapi_zopfli
@ -44,12 +46,14 @@ add_sapi_library(
ZopfliZlibCompress
ZopfliGzipCompress
ZopfliCompressFD
INPUTS
"${zopfli_SOURCE_DIR}/src/zopfli/deflate.h"
"${zopfli_SOURCE_DIR}/src/zopfli/gzip_container.h"
"${zopfli_SOURCE_DIR}/src/zopfli/zlib_container.h"
wrapper/wrapper_zopfli.h
LIBRARY Zopfli::libzopfli
LIBRARY wrapper_zopfli
LIBRARY_NAME Zopfli
NAMESPACE ""
)

View File

@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <fcntl.h>
#include <unistd.h>
#include <fstream>
@ -23,9 +24,39 @@
#include "contrib/zopfli/sandboxed.h"
#include "contrib/zopfli/utils/utils_zopfli.h"
ABSL_FLAG(bool, stream, false, "stream memory to sandbox");
ABSL_FLAG(bool, zlib, false, "zlib compression");
ABSL_FLAG(bool, gzip, false, "gzip compression");
absl::Status CompressMain(ZopfliApi& api, std::string& infile_s,
std::string& outfile_s, ZopfliFormat format) {
std::ifstream infile(infile_s, std::ios::binary);
if (!infile.is_open()) {
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
}
std::ofstream outfile(outfile_s, std::ios::binary);
if (!outfile.is_open()) {
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
}
return Compress(api, infile, outfile, format);
}
absl::Status CompressMainFD(ZopfliApi& api, std::string& infile_s,
std::string& outfile_s, ZopfliFormat format) {
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
if (infd.GetValue() < 0) {
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
}
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY | O_CREAT));
if (outfd.GetValue() < 0) {
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
}
return (CompressFD(api, infd, outfd, format));
}
int main(int argc, char* argv[]) {
std::string prog_name(argv[0]);
google::InitGoogleLogging(argv[0]);
@ -36,22 +67,13 @@ int main(int argc, char* argv[]) {
return EXIT_FAILURE;
}
std::ifstream infile(args[1], std::ios::binary);
if (!infile.is_open()) {
std::cerr << "Unable to open " << args[1] << std::endl;
return EXIT_FAILURE;
}
std::ofstream outfile(args[2], std::ios::binary);
if (!outfile.is_open()) {
std::cerr << "Unable to open " << args[2] << std::endl;
return EXIT_FAILURE;
}
ZopfliSapiSandbox sandbox;
if (!sandbox.Init().ok()) {
std::cerr << "Unable to start sandbox\n";
return EXIT_FAILURE;
}
std::string infile_s(args[1]);
std::string outfile_s(args[2]);
ZopfliApi api(&sandbox);
@ -62,7 +84,13 @@ int main(int argc, char* argv[]) {
format = ZOPFLI_FORMAT_GZIP;
}
absl::Status status = Compress(api, infile, outfile, format);
absl::Status status;
if (absl::GetFlag(FLAGS_stream)) {
status = CompressMain(api, infile_s, outfile_s, format);
} else {
status = CompressMainFD(api, infile_s, outfile_s, format);
}
if (!status.ok()) {
std::cerr << "Unable to compress file.\n";
std::cerr << status << std::endl;

View File

@ -28,12 +28,13 @@ class ZopfliSapiSandbox : public ZopfliSandbox {
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
sandbox2::PolicyBuilder *) override {
return sandbox2::PolicyBuilder()
.AllowStaticStartup()
.AllowDynamicStartup()
.AllowWrite()
.AllowExit()
.AllowMmap()
.AllowSystemMalloc()
.AllowSyscalls({
__NR_recvmsg,
__NR_sysinfo,
})
#ifdef __NR_open

View File

@ -12,6 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <fcntl.h>
#include <fstream>
#include "contrib/zopfli/sandboxed.h"
@ -41,8 +43,9 @@ std::string GetTemporaryFile(const std::string& filename) {
}
class TestText : public testing::TestWithParam<ZopfliFormat> {};
class TestBinary : public testing::TestWithParam<ZopfliFormat> {};
class TestTextFD : public testing::TestWithParam<ZopfliFormat> {};
class TestBinaryFD : public testing::TestWithParam<ZopfliFormat> {};
TEST_P(TestText, Compress) {
ZopfliSapiSandbox sandbox;
@ -95,4 +98,68 @@ INSTANTIATE_TEST_SUITE_P(SandboxTest, TestBinary,
testing::Values(ZOPFLI_FORMAT_DEFLATE,
ZOPFLI_FORMAT_GZIP,
ZOPFLI_FORMAT_ZLIB));
TEST_P(TestTextFD, Compress) {
ZopfliSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
ZopfliApi api = ZopfliApi(&sandbox);
std::string infile_s = GetTestFilePath("text");
std::string outfile_s = GetTemporaryFile("text.out");
ASSERT_THAT(outfile_s, Not(IsEmpty()));
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
ASSERT_GE(infd.GetValue(), 0);
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
ASSERT_GE(outfd.GetValue(), 0);
absl::Status status = CompressFD(api, infd, outfd, GetParam());
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
EXPECT_GE(inpos, 0);
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
EXPECT_GE(outpos, 0);
EXPECT_LT(outpos, inpos);
}
INSTANTIATE_TEST_SUITE_P(SandboxTest, TestTextFD,
testing::Values(ZOPFLI_FORMAT_DEFLATE,
ZOPFLI_FORMAT_GZIP,
ZOPFLI_FORMAT_ZLIB));
TEST_P(TestBinaryFD, Compress) {
ZopfliSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
ZopfliApi api = ZopfliApi(&sandbox);
std::string infile_s = GetTestFilePath("binary");
std::string outfile_s = GetTemporaryFile("binary.out");
ASSERT_THAT(outfile_s, Not(IsEmpty()));
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
ASSERT_GE(infd.GetValue(), 0);
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
ASSERT_GE(outfd.GetValue(), 0);
absl::Status status = CompressFD(api, infd, outfd, GetParam());
ASSERT_THAT(status, IsOk()) << "Unable to compress file";
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
EXPECT_GE(inpos, 0);
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
EXPECT_GE(outpos, 0);
EXPECT_LT(outpos, inpos);
}
INSTANTIATE_TEST_SUITE_P(SandboxTest, TestBinaryFD,
testing::Values(ZOPFLI_FORMAT_DEFLATE,
ZOPFLI_FORMAT_GZIP,
ZOPFLI_FORMAT_ZLIB));
} // namespace

View File

@ -54,3 +54,25 @@ absl::Status Compress(ZopfliApi& api, std::ifstream& instream,
}
return absl::OkStatus();
}
absl::Status CompressFD(ZopfliApi& api, sapi::v::Fd& infd, sapi::v::Fd& outfd,
ZopfliFormat format) {
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
sapi::v::Struct<ZopfliOptions> options;
SAPI_RETURN_IF_ERROR(api.ZopfliInitOptions(options.PtrAfter()));
SAPI_ASSIGN_OR_RETURN(
int ret, api.ZopfliCompressFD(options.PtrBefore(), format,
infd.GetRemoteFd(), outfd.GetRemoteFd()));
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
if (ret == -1) {
return absl::UnavailableError("Unable to compress file");
}
return absl::OkStatus();
}

View File

@ -23,4 +23,7 @@
absl::Status Compress(ZopfliApi& api, std::ifstream& instream,
std::ofstream& outstream, ZopfliFormat format);
absl::Status CompressFD(ZopfliApi& api, sapi::v::Fd& infd, sapi::v::Fd& outfd,
ZopfliFormat format);
#endif // CONTRIB_ZOPFLI_UTILS_UTILS_ZOPFLI_H_

View File

@ -0,0 +1,28 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
add_library(
wrapper_zopfli STATIC
wrapper_zopfli.cc
)
target_link_libraries(wrapper_zopfli PUBLIC
Zopfli::libzopfli
)
target_include_directories(wrapper_zopfli PUBLIC
${SAPI_SOURCE_DIR}
${libzopfli_SOURCE_DIR}/src/zopfli
)

View File

@ -0,0 +1,50 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "contrib/zopfli/wrapper/wrapper_zopfli.h"
#include <fcntl.h>
#include <unistd.h>
#include <cstdio>
#include <cstdlib>
#include <memory>
int ZopfliCompressFD(const ZopfliOptions* options, ZopfliFormat output_type,
int infd, int outfd) {
off_t insize = lseek(infd, 0, SEEK_END);
if (insize < 0) {
return -1;
}
if (lseek(infd, 0, SEEK_SET) < 0) {
return -1;
}
auto inbuf = std::make_unique<uint8_t[]>(insize);
if (read(infd, inbuf.get(), insize) != insize) {
return -1;
}
size_t outsize = 0;
uint8_t* outbuf = nullptr;
ZopfliCompress(options, output_type, inbuf.get(), insize, &outbuf, &outsize);
size_t retsize = write(outfd, outbuf, outsize);
free(outbuf);
if (outsize != retsize) {
return -1;
}
return 0;
}

View File

@ -0,0 +1,25 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_
#define CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_
#include "zopfli.h" // NOLINT(build/include)
extern "C" {
int ZopfliCompressFD(const ZopfliOptions* options, ZopfliFormat output_type,
int infd, int outfd);
};
#endif // CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_

View File

@ -34,6 +34,8 @@ FetchContent_Declare(libzstd
FetchContent_MakeAvailable(libzstd)
set(libzstd_INCLUDE_DIR "${libzstd_SOURCE_DIR}/lib")
add_subdirectory(wrapper)
add_sapi_library(
sapi_zstd
@ -70,10 +72,16 @@ add_sapi_library(
ZSTD_getFrameContentSize
ZSTD_compress_fd
ZSTD_compressStream_fd
ZSTD_decompress_fd
ZSTD_decompressStream_fd
INPUTS
"${libzstd_INCLUDE_DIR}/zstd.h"
wrapper/wrapper_zstd.h
LIBRARY libzstd_static
LIBRARY wrapper_zstd
LIBRARY_NAME Zstd
NAMESPACE ""
)

View File

@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <fcntl.h>
#include <unistd.h>
#include <cstdlib>
@ -25,10 +26,56 @@
#include "contrib/zstd/sandboxed.h"
#include "contrib/zstd/utils/utils_zstd.h"
ABSL_FLAG(bool, stream, false, "stream data to sandbox");
ABSL_FLAG(bool, decompress, false, "decompress");
ABSL_FLAG(bool, memory_mode, false, "in memory operations");
ABSL_FLAG(uint32_t, level, 0, "compression level");
absl::Status Stream(ZstdApi& api, std::string infile_s, std::string outfile_s) {
std::ifstream infile(infile_s, std::ios::binary);
if (!infile.is_open()) {
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
}
std::ofstream outfile(outfile_s, std::ios::binary);
if (!outfile.is_open()) {
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
}
if (absl::GetFlag(FLAGS_memory_mode)) {
if (absl::GetFlag(FLAGS_decompress)) {
return DecompressInMemory(api, infile, outfile);
}
return CompressInMemory(api, infile, outfile, absl::GetFlag(FLAGS_level));
}
if (absl::GetFlag(FLAGS_decompress)) {
return DecompressStream(api, infile, outfile);
}
return CompressStream(api, infile, outfile, absl::GetFlag(FLAGS_level));
}
absl::Status FileDescriptor(ZstdApi& api, std::string infile_s,
std::string outfile_s) {
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
if (infd.GetValue() < 0) {
return absl::UnavailableError(absl::StrCat("Unable to open ", infile_s));
}
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY | O_CREAT));
if (outfd.GetValue() < 0) {
return absl::UnavailableError(absl::StrCat("Unable to open ", outfile_s));
}
if (absl::GetFlag(FLAGS_memory_mode)) {
if (absl::GetFlag(FLAGS_decompress)) {
return DecompressInMemoryFD(api, infd, outfd);
}
return CompressInMemoryFD(api, infd, outfd, absl::GetFlag(FLAGS_level));
}
if (absl::GetFlag(FLAGS_decompress)) {
return DecompressStreamFD(api, infd, outfd);
}
return CompressStreamFD(api, infd, outfd, absl::GetFlag(FLAGS_level));
}
int main(int argc, char* argv[]) {
std::string prog_name(argv[0]);
google::InitGoogleLogging(argv[0]);
@ -39,17 +86,6 @@ int main(int argc, char* argv[]) {
return EXIT_FAILURE;
}
std::ifstream infile(args[1], std::ios::binary);
if (!infile.is_open()) {
std::cerr << "Unable to open " << args[1] << std::endl;
return EXIT_FAILURE;
}
std::ofstream outfile(args[2], std::ios::binary);
if (!outfile.is_open()) {
std::cerr << "Unable to open " << args[2] << std::endl;
return EXIT_FAILURE;
}
ZstdSapiSandbox sandbox;
if (!sandbox.Init().ok()) {
std::cerr << "Unable to start sandbox\n";
@ -59,16 +95,10 @@ int main(int argc, char* argv[]) {
ZstdApi api(&sandbox);
absl::Status status;
if (absl::GetFlag(FLAGS_memory_mode) && absl::GetFlag(FLAGS_decompress)) {
status = DecompressInMemory(api, infile, outfile);
} else if (absl::GetFlag(FLAGS_memory_mode) &&
!absl::GetFlag(FLAGS_decompress)) {
status = CompressInMemory(api, infile, outfile, absl::GetFlag(FLAGS_level));
} else if (!absl::GetFlag(FLAGS_memory_mode) &&
absl::GetFlag(FLAGS_decompress)) {
status = DecompressStream(api, infile, outfile);
if (absl::GetFlag(FLAGS_stream)) {
status = Stream(api, argv[1], argv[2]);
} else {
status = CompressStream(api, infile, outfile, absl::GetFlag(FLAGS_level));
status = FileDescriptor(api, argv[1], argv[2]);
}
if (!status.ok()) {

View File

@ -27,10 +27,12 @@ class ZstdSapiSandbox : public ZstdSandbox {
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
sandbox2::PolicyBuilder*) override {
return sandbox2::PolicyBuilder()
.AllowDynamicStartup()
.AllowRead()
.AllowWrite()
.AllowSystemMalloc()
.AllowExit()
.AllowSyscalls({__NR_recvmsg})
.BuildOrDie();
}
};

View File

@ -12,6 +12,9 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <fcntl.h>
#include <unistd.h>
#include <fstream>
#include <string>
@ -101,11 +104,10 @@ TEST(SandboxTest, CheckCompressInMemory) {
std::string infile_s = GetTestFilePath("text");
absl::StatusOr<std::string> path =
sapi::CreateNamedTempFileAndClose("out.zstd");
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out.zstd"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
@ -126,10 +128,10 @@ TEST(SandboxTest, CheckDecompressInMemory) {
std::string infile_s = GetTestFilePath("text.blob.zstd");
absl::StatusOr<std::string> path = sapi::CreateNamedTempFileAndClose("out");
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
@ -153,16 +155,15 @@ TEST(SandboxTest, CheckCompressAndDecompressInMemory) {
std::string infile_s = GetTestFilePath("text");
absl::StatusOr<std::string> path_middle =
sapi::CreateNamedTempFileAndClose("middle.zstd");
ASSERT_THAT(path_middle, IsOk()) << "Could not create temp output file";
SAPI_ASSERT_OK_AND_ASSIGN(std::string path_middle,
sapi::CreateNamedTempFileAndClose("middle.zstd"));
std::string middle_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path_middle);
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path_middle);
absl::StatusOr<std::string> path = sapi::CreateNamedTempFileAndClose("out");
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
@ -193,12 +194,10 @@ TEST(SandboxTest, CheckCompressStream) {
ZstdApi api = ZstdApi(&sandbox);
std::string infile_s = GetTestFilePath("text");
absl::StatusOr<std::string> path =
sapi::CreateNamedTempFileAndClose("out.zstd");
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out.zstd"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
@ -220,11 +219,10 @@ TEST(SandboxTest, CheckDecompressStream) {
ZstdApi api = ZstdApi(&sandbox);
std::string infile_s = GetTestFilePath("text.stream.zstd");
absl::StatusOr<std::string> path = sapi::CreateNamedTempFileAndClose("out");
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
@ -248,16 +246,15 @@ TEST(SandboxTest, CheckCompressAndDecompressStream) {
std::string infile_s = GetTestFilePath("text");
absl::StatusOr<std::string> path_middle =
sapi::CreateNamedTempFileAndClose("middle.zstd");
ASSERT_THAT(path_middle, IsOk()) << "Could not create temp output file";
SAPI_ASSERT_OK_AND_ASSIGN(std::string path_middle,
sapi::CreateNamedTempFileAndClose("middle.zstd"));
std::string middle_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path_middle);
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path_middle);
absl::StatusOr<std::string> path = sapi::CreateNamedTempFileAndClose("out");
ASSERT_THAT(path, IsOk()) << "Could not create temp output file";
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), *path);
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
std::ifstream infile(infile_s, std::ios::binary);
ASSERT_TRUE(infile.is_open());
@ -278,8 +275,235 @@ TEST(SandboxTest, CheckCompressAndDecompressStream) {
ASSERT_TRUE(outfile.is_open());
status = DecompressStream(api, inmiddle, outfile);
ASSERT_THAT(status, IsOk()) << "Unable to decompress";
ASSERT_TRUE(CompareFiles(infile_s, outfile_s));
}
TEST(SandboxTest, CheckCompressInMemoryFD) {
ZstdSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
ZstdApi api = ZstdApi(&sandbox);
std::string infile_s = GetTestFilePath("text");
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out.zstd"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
ASSERT_GE(infd.GetValue(), 0);
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
ASSERT_GE(outfd.GetValue(), 0);
absl::Status status = CompressInMemoryFD(api, infd, outfd, 0);
ASSERT_THAT(status, IsOk()) << "Unable to compress file in memory";
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
EXPECT_GE(inpos, 0);
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
EXPECT_GE(outpos, 0);
EXPECT_LT(outpos, inpos);
}
TEST(SandboxTest, CheckDecompressInMemoryFD) {
ZstdSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
ZstdApi api = ZstdApi(&sandbox);
std::string infile_s = GetTestFilePath("text.blob.zstd");
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
ASSERT_GE(infd.GetValue(), 0);
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
ASSERT_GE(outfd.GetValue(), 0);
absl::Status status = DecompressInMemoryFD(api, infd, outfd);
ASSERT_THAT(status, IsOk()) << "Unable to compress file in memory";
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
EXPECT_GE(inpos, 0);
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
EXPECT_GE(outpos, 0);
EXPECT_GT(outpos, inpos);
ASSERT_TRUE(CompareFiles(GetTestFilePath("text"), outfile_s));
}
TEST(SandboxTest, CheckCompressAndDecompressInMemoryFD) {
ZstdSapiSandbox sandbox;
absl::Status status;
int ret;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
ZstdApi api = ZstdApi(&sandbox);
std::string infile_s = GetTestFilePath("text");
SAPI_ASSERT_OK_AND_ASSIGN(std::string path_middle,
sapi::CreateNamedTempFileAndClose("middle.zstd"));
std::string middle_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path_middle);
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
ASSERT_GE(infd.GetValue(), 0);
sapi::v::Fd outmiddlefd(open(middle_s.c_str(), O_WRONLY));
ASSERT_GE(outmiddlefd.GetValue(), 0);
status = CompressInMemoryFD(api, infd, outmiddlefd, 0);
ASSERT_THAT(status, IsOk()) << "Unable to compress file in memory";
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
EXPECT_GE(inpos, 0);
off_t outpos = lseek(outmiddlefd.GetValue(), 0, SEEK_END);
EXPECT_GE(outpos, 0);
EXPECT_LT(outpos, inpos);
infd.CloseLocalFd();
outmiddlefd.CloseLocalFd();
sapi::v::Fd inmiddlefd(open(middle_s.c_str(), O_RDONLY));
ASSERT_GE(inmiddlefd.GetValue(), 0);
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
ASSERT_GE(outfd.GetValue(), 0);
status = DecompressInMemoryFD(api, inmiddlefd, outfd);
ASSERT_THAT(status, IsOk()) << "Unable to decompress file in memory";
outfd.CloseLocalFd();
inmiddlefd.CloseLocalFd();
ASSERT_TRUE(CompareFiles(infile_s, outfile_s));
}
TEST(SandboxTest, CheckCompressStreamFD) {
absl::Status status;
ZstdSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
ZstdApi api = ZstdApi(&sandbox);
std::string infile_s = GetTestFilePath("text");
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out.zstd"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
ASSERT_GE(infd.GetValue(), 0);
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
ASSERT_GE(outfd.GetValue(), 0);
status = CompressStreamFD(api, infd, outfd, 0);
ASSERT_THAT(status, IsOk()) << "Unable to compress stream";
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
EXPECT_GE(inpos, 0);
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
EXPECT_GE(outpos, 0);
EXPECT_LT(outpos, inpos);
}
TEST(SandboxTest, CheckDecompressStreamFD) {
absl::Status status;
ZstdSapiSandbox sandbox;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
ZstdApi api = ZstdApi(&sandbox);
std::string infile_s = GetTestFilePath("text.stream.zstd");
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
ASSERT_GE(infd.GetValue(), 0);
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
ASSERT_GE(outfd.GetValue(), 0);
status = DecompressStreamFD(api, infd, outfd);
ASSERT_THAT(status, IsOk()) << "Unable to decompress stream";
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
EXPECT_GE(inpos, 0);
off_t outpos = lseek(outfd.GetValue(), 0, SEEK_END);
EXPECT_GE(outpos, 0);
EXPECT_GT(outpos, inpos);
ASSERT_TRUE(CompareFiles(GetTestFilePath("text"), outfile_s));
}
TEST(SandboxTest, CheckCompressAndDecompressStreamFD) {
ZstdSapiSandbox sandbox;
absl::Status status;
int ret;
ASSERT_THAT(sandbox.Init(), IsOk()) << "Couldn't initialize Sandboxed API";
ZstdApi api = ZstdApi(&sandbox);
std::string infile_s = GetTestFilePath("text");
SAPI_ASSERT_OK_AND_ASSIGN(std::string path_middle,
sapi::CreateNamedTempFileAndClose("middle.zstd"));
std::string middle_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path_middle);
SAPI_ASSERT_OK_AND_ASSIGN(std::string path,
sapi::CreateNamedTempFileAndClose("out"));
std::string outfile_s =
sapi::file::JoinPath(sapi::file_util::fileops::GetCWD(), path);
sapi::v::Fd infd(open(infile_s.c_str(), O_RDONLY));
ASSERT_GE(infd.GetValue(), 0);
sapi::v::Fd outmiddlefd(open(middle_s.c_str(), O_WRONLY));
ASSERT_GE(outmiddlefd.GetValue(), 0);
status = CompressStreamFD(api, infd, outmiddlefd, 0);
ASSERT_THAT(status, IsOk()) << "Unable to compress stream";
off_t inpos = lseek(infd.GetValue(), 0, SEEK_END);
EXPECT_GE(inpos, 0);
off_t outmiddlepos = lseek(outmiddlefd.GetValue(), 0, SEEK_END);
EXPECT_GE(outmiddlepos, 0);
EXPECT_LT(outmiddlepos, inpos);
infd.CloseLocalFd();
outmiddlefd.CloseLocalFd();
sapi::v::Fd inmiddlefd(open(middle_s.c_str(), O_RDONLY));
ASSERT_GE(inmiddlefd.GetValue(), 0);
sapi::v::Fd outfd(open(outfile_s.c_str(), O_WRONLY));
ASSERT_GE(outfd.GetValue(), 0);
status = DecompressStreamFD(api, inmiddlefd, outfd);
ASSERT_THAT(status, IsOk()) << "Unable to decompress stream";
ASSERT_TRUE(CompareFiles(infile_s, outfile_s));
}

View File

@ -241,3 +241,95 @@ absl::Status DecompressStream(ZstdApi& api, std::ifstream& in_stream,
return absl::OkStatus();
}
absl::Status CompressInMemoryFD(ZstdApi& api, sapi::v::Fd& infd,
sapi::v::Fd& outfd, int level) {
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
SAPI_ASSIGN_OR_RETURN(
int iserr,
api.ZSTD_compress_fd(infd.GetRemoteFd(), outfd.GetRemoteFd(), 0));
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_isError(iserr))
if (iserr) {
return absl::UnavailableError("Unable to compress file");
}
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
return absl::OkStatus();
}
absl::Status DecompressInMemoryFD(ZstdApi& api, sapi::v::Fd& infd,
sapi::v::Fd& outfd) {
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
SAPI_ASSIGN_OR_RETURN(int iserr, api.ZSTD_decompress_fd(infd.GetRemoteFd(),
outfd.GetRemoteFd()));
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_isError(iserr))
if (iserr) {
return absl::UnavailableError("Unable to compress file");
}
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
return absl::OkStatus();
}
absl::Status CompressStreamFD(ZstdApi& api, sapi::v::Fd& infd,
sapi::v::Fd& outfd, int level) {
SAPI_ASSIGN_OR_RETURN(ZSTD_CCtx * cctx, api.ZSTD_createCCtx());
sapi::v::RemotePtr rcctx(cctx);
int iserr;
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_CCtx_setParameter(
&rcctx, ZSTD_c_compressionLevel, level));
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_isError(iserr));
if (iserr) {
return absl::UnavailableError("Unable to set parameter l");
}
SAPI_ASSIGN_OR_RETURN(
iserr, api.ZSTD_CCtx_setParameter(&rcctx, ZSTD_c_checksumFlag, 1));
SAPI_ASSIGN_OR_RETURN(iserr, api.ZSTD_isError(iserr));
if (iserr) {
return absl::UnavailableError("Unable to set parameter c");
}
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
SAPI_ASSIGN_OR_RETURN(iserr,
api.ZSTD_compressStream_fd(&rcctx, infd.GetRemoteFd(),
outfd.GetRemoteFd()));
if (iserr) {
return absl::UnavailableError("Unable to compress");
}
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
return absl::OkStatus();
}
absl::Status DecompressStreamFD(ZstdApi& api, sapi::v::Fd& infd,
sapi::v::Fd& outfd) {
SAPI_ASSIGN_OR_RETURN(ZSTD_DCtx * dctx, api.ZSTD_createDCtx());
sapi::v::RemotePtr rdctx(dctx);
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&infd));
SAPI_RETURN_IF_ERROR(api.GetSandbox()->TransferToSandboxee(&outfd));
SAPI_ASSIGN_OR_RETURN(int iserr,
api.ZSTD_decompressStream_fd(&rdctx, infd.GetRemoteFd(),
outfd.GetRemoteFd()));
if (iserr) {
return absl::UnavailableError("Unable to decompress");
}
infd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
outfd.CloseRemoteFd(api.GetSandbox()->rpc_channel()).IgnoreError();
return absl::OkStatus();
}

View File

@ -24,10 +24,18 @@ absl::Status CompressInMemory(ZstdApi& api, std::ifstream& in_stream,
std::ofstream& out_stream, int level);
absl::Status DecompressInMemory(ZstdApi& api, std::ifstream& in_stream,
std::ofstream& out_stream);
absl::Status CompressInMemoryFD(ZstdApi& api, sapi::v::Fd& infd,
sapi::v::Fd& outfd, int level);
absl::Status DecompressInMemoryFD(ZstdApi& api, sapi::v::Fd& infd,
sapi::v::Fd& outfd);
absl::Status CompressStream(ZstdApi& api, std::ifstream& in_stream,
std::ofstream& out_stream, int level);
absl::Status DecompressStream(ZstdApi& api, std::ifstream& in_stream,
std::ofstream& out_stream);
absl::Status CompressStreamFD(ZstdApi& api, sapi::v::Fd& infd,
sapi::v::Fd& outfd, int level);
absl::Status DecompressStreamFD(ZstdApi& api, sapi::v::Fd& infd,
sapi::v::Fd& outfd);
#endif // CONTRIB_ZSTD_UTILS_UTILS_ZSTD_H_

View File

@ -0,0 +1,24 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
add_library(wrapper_zstd STATIC
wrapper_zstd.cc
)
target_link_libraries(wrapper_zstd PUBLIC
libzstd_static
)
target_include_directories(wrapper_zstd PUBLIC
"${SAPI_SOURCE_DIR}"
"${libzstd_INCLUDE_DIR}"
)

View File

@ -0,0 +1,182 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "contrib/zstd/wrapper/wrapper_zstd.h"
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <cstdio>
#include <cstdlib>
#include <iostream>
#include <memory>
constexpr size_t kFileMaxSize = 1024 * 1024 * 1024; // 1GB
off_t FDGetSize(int fd) {
off_t size = lseek(fd, 0, SEEK_END);
if (size < 0) {
return -1;
}
if (lseek(fd, 0, SEEK_SET) < 0) {
return -1;
}
return size;
}
int ZSTD_compress_fd(int fdin, int fdout, int level) {
off_t sizein = FDGetSize(fdin);
if (sizein <= 0) {
return -1;
}
size_t sizeout = ZSTD_compressBound(sizein);
auto bufin = std::make_unique<int8_t[]>(sizein);
auto bufout = std::make_unique<int8_t[]>(sizeout);
if (read(fdin, bufin.get(), sizein) != sizein) {
return -1;
}
int retsize =
ZSTD_compress(bufout.get(), sizeout, bufin.get(), sizein, level);
if (ZSTD_isError(retsize)) {
return -1;
}
if (write(fdout, bufout.get(), retsize) != retsize) {
return -1;
}
return 0;
}
int ZSTD_compressStream_fd(ZSTD_CCtx* cctx, int fdin, int fdout) {
size_t sizein = ZSTD_CStreamInSize();
size_t sizeout = ZSTD_CStreamOutSize();
auto bufin = std::make_unique<int8_t[]>(sizein);
auto bufout = std::make_unique<int8_t[]>(sizeout);
ssize_t size;
while ((size = read(fdin, bufin.get(), sizein)) > 0) {
ZSTD_inBuffer_s struct_in;
struct_in.src = bufin.get();
struct_in.pos = 0;
struct_in.size = size;
ZSTD_EndDirective mode = ZSTD_e_continue;
if (size < sizein) {
mode = ZSTD_e_end;
}
bool isdone = false;
while (!isdone) {
ZSTD_outBuffer_s struct_out;
struct_out.dst = bufout.get();
struct_out.pos = 0;
struct_out.size = sizeout;
size_t remaining =
ZSTD_compressStream2(cctx, &struct_out, &struct_in, mode);
if (ZSTD_isError(remaining)) {
return -1;
}
if (write(fdout, bufout.get(), struct_out.pos) != struct_out.pos) {
return -1;
}
if (mode == ZSTD_e_continue) {
isdone = (struct_in.pos == size);
} else {
isdone = (remaining == 0);
}
}
}
if (size != 0) {
return -1;
}
return 0;
}
int ZSTD_decompress_fd(int fdin, int fdout) {
off_t sizein = FDGetSize(fdin);
if (sizein <= 0) {
return -1;
}
auto bufin = std::make_unique<int8_t[]>(sizein);
if (read(fdin, bufin.get(), sizein) != sizein) {
return -1;
}
size_t sizeout = ZSTD_getFrameContentSize(bufin.get(), sizein);
if (ZSTD_isError(sizeout) || sizeout > kFileMaxSize) {
return -1;
}
auto bufout = std::make_unique<int8_t[]>(sizeout);
size_t desize = ZSTD_decompress(bufout.get(), sizeout, bufin.get(), sizein);
if (ZSTD_isError(desize) || desize != sizeout) {
return -1;
}
if (write(fdout, bufout.get(), sizeout) != sizeout) {
return -1;
}
return 0;
}
int ZSTD_decompressStream_fd(ZSTD_DCtx* dctx, int fdin, int fdout) {
size_t sizein = ZSTD_CStreamInSize();
size_t sizeout = ZSTD_CStreamOutSize();
auto bufin = std::make_unique<int8_t[]>(sizein);
auto bufout = std::make_unique<int8_t[]>(sizeout);
ssize_t size;
while ((size = read(fdin, bufin.get(), sizein)) > 0) {
ZSTD_inBuffer_s struct_in;
struct_in.src = bufin.get();
struct_in.pos = 0;
struct_in.size = size;
while (struct_in.pos < size) {
ZSTD_outBuffer_s struct_out;
struct_out.dst = bufout.get();
struct_out.pos = 0;
struct_out.size = sizeout;
size_t ret = ZSTD_decompressStream(dctx, &struct_out, &struct_in);
if (ZSTD_isError(ret)) {
return -1;
}
if (write(fdout, bufout.get(), struct_out.pos) != struct_out.pos) {
return -1;
}
}
}
if (size != 0) {
return -1;
}
return 0;
}

View File

@ -0,0 +1,28 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_
#define CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_
#include <zstd.h>
extern "C" {
int ZSTD_compress_fd(int fdin, int fdout, int level);
int ZSTD_compressStream_fd(ZSTD_CCtx* cctx, int fdin, int fdout);
int ZSTD_decompress_fd(int fdin, int fdout);
int ZSTD_decompressStream_fd(ZSTD_DCtx* dctx, int fdin, int fdout);
};
#endif // CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_

View File

@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,

View File

@ -4,7 +4,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,

View File

@ -1,3 +0,0 @@
*.o
*.a
pffft_main

View File

@ -413,7 +413,7 @@ void ServeRequest(sandbox2::Comms* comms) {
} // namespace client
} // namespace sapi
extern "C" ABSL_ATTRIBUTE_WEAK int main(int argc, char** argv) {
ABSL_ATTRIBUTE_WEAK int main(int argc, char* argv[]) {
gflags::SetCommandLineOptionWithMode("userspace_coredumper", "false",
gflags::SET_FLAG_IF_DEFAULT);
gflags::ParseCommandLineFlags(&argc, &argv, true);

View File

@ -24,19 +24,21 @@ sapi_proto_library(
name = "stringop_params_proto",
srcs = ["stringop_params.proto"],
visibility = ["//visibility:public"],
alwayslink = True,
)
cc_library(
name = "stringop",
srcs = ["stringop.cc"],
copts = sapi_platform_copts(),
linkstatic = True,
visibility = ["//visibility:public"],
deps = [
":stringop_params_cc_proto",
"//sandboxed_api:lenval_core",
"@com_google_absl//absl/base:core_headers",
],
alwayslink = 1, # All functions are linked into dependent binaries
alwayslink = True,
)
sapi_library(

View File

@ -36,7 +36,7 @@ sapi_library(
cc_binary(
name = "main_zlib",
srcs = ["main_zlib.cc"],
copts = sapi_platform_copts(["-Wframe-larger-than=65536"]),
copts = sapi_platform_copts(),
deps = [
":zlib-sapi",
":zlib-sapi_embed",

View File

@ -17,7 +17,7 @@ add_sapi_library(zlib-sapi
FUNCTIONS deflateInit_
deflate
deflateEnd
INPUTS ${ZLIB_INCLUDE_DIRS}/zlib.h
INPUTS "${ZLIB_INCLUDE_DIRS}/zlib.h"
LIBRARY ZLIB::ZLIB
LIBRARY_NAME Zlib
NAMESPACE "sapi::zlib"

View File

@ -842,6 +842,7 @@ cc_test(
"//sandboxed_api/util:flags",
"//sandboxed_api/util:status_matchers",
"//sandboxed_api/util:temp_file",
"@com_google_absl//absl/cleanup",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/status:statusor",
"@com_google_absl//absl/strings",

View File

@ -946,6 +946,7 @@ if(SAPI_ENABLE_TESTS)
sandbox2::testcase_symbolize
)
target_link_libraries(sandbox2_stack_trace_test PRIVATE
absl::cleanup
absl::memory
absl::status
absl::strings

View File

@ -66,7 +66,7 @@ TEST(BufferTest, TestImplementation) {
std::unique_ptr<Policy> BufferTestcasePolicy() {
auto s2p = PolicyBuilder()
.DisableNamespaces()
.AllowStaticStartup()
.AllowDynamicStartup()
.AllowExit()
.AllowSafeFcntl()
.AllowTime()
@ -75,6 +75,7 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
.AllowWrite()
.AllowMmap()
.AllowStat()
.AllowOpen()
.AllowSyscalls({
__NR_dup,
__NR_futex,
@ -88,10 +89,6 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
})
.BlockSyscallsWithErrno(
{
#ifdef __NR_open
__NR_open,
#endif
__NR_openat,
#ifdef __NR_access
// On Debian, even static binaries check existence of
// /etc/ld.so.nohwcap.

View File

@ -555,9 +555,11 @@ bool Comms::Recv(void* data, size_t len) {
// Internal helper method (low level).
bool Comms::RecvTL(uint32_t* tag, size_t* length) {
if (!Recv(reinterpret_cast<uint8_t*>(tag), sizeof(*tag))) {
SAPI_RAW_VLOG(2, "RecvTL: Can't read tag");
return false;
}
if (!Recv(reinterpret_cast<uint8_t*>(length), sizeof(*length))) {
SAPI_RAW_VLOG(2, "RecvTL: Can't read length for tag %u", *tag);
return false;
}
if (*length > GetMaxMsgSize()) {

View File

@ -37,9 +37,6 @@ cc_binary(
name = "zpipe",
srcs = ["zpipe.c"],
copts = sapi_platform_copts(),
features = [
"fully_static_link", # link libc statically
],
linkstatic = 1,
features = ["fully_static_link"],
deps = ["@net_zlib//:zlib"],
)

View File

@ -24,7 +24,6 @@ target_link_libraries(sandbox2_zpipe_sandbox PRIVATE
absl::memory
sandbox2::bpf_helper
sandbox2::comms
# sandbox2::ipc
sapi::runfiles
sandbox2::sandbox2
sapi::base
@ -38,5 +37,6 @@ add_executable(sandbox2_zpipe
set_target_properties(sandbox2_zpipe PROPERTIES OUTPUT_NAME zpipe)
add_executable(sandbox2::zpipe ALIAS sandbox2_zpipe)
target_link_libraries(sandbox2_zpipe PRIVATE
-static
ZLIB::ZLIB
)

View File

@ -54,7 +54,7 @@ std::unique_ptr<sandbox2::Policy> GetPolicy() {
// Allow write on STDOUT / STDERR.
.AddPolicyOnSyscall(__NR_write,
{ARG_32(0), JEQ32(1, ALLOW), JEQ32(2, ALLOW)})
.AllowSyscall(__NR_fstat)
.AllowStat()
.AllowStaticStartup()
.AllowSystemMalloc()
.AllowExit()

View File

@ -39,6 +39,7 @@ namespace sandbox2 {
namespace {
using ::sapi::GetTestSourcePath;
using ::testing::Eq;
// Allow typical syscalls and call SECCOMP_RET_TRACE for personality syscall,
// chosen because unlikely to be called by a regular program.
@ -46,6 +47,7 @@ std::unique_ptr<Policy> NotifyTestcasePolicy() {
return PolicyBuilder()
.DisableNamespaces()
.AllowStaticStartup()
.AllowDynamicStartup() // For PrintPidAndComms
.AllowExit()
.AllowRead()
.AllowWrite()
@ -106,16 +108,12 @@ TEST(NotifyTest, AllowPersonality) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/personality");
std::vector<std::string> args = {path};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = NotifyTestcasePolicy();
ASSERT_THAT(policy, testing::Not(testing::IsNull()));
auto notify = absl::make_unique<PersonalityNotify>(true);
Sandbox2 s2(std::move(executor), std::move(policy), std::move(notify));
Sandbox2 s2(absl::make_unique<Executor>(path, args), NotifyTestcasePolicy(),
absl::make_unique<PersonalityNotify>(/*allow=*/true));
auto result = s2.Run();
ASSERT_EQ(result.final_status(), Result::OK);
ASSERT_EQ(result.reason_code(), 22);
ASSERT_THAT(result.final_status(), Eq(Result::OK));
EXPECT_THAT(result.reason_code(), Eq(22));
}
// Test EventSyscallTrap on personality syscall and disallow it.
@ -123,16 +121,12 @@ TEST(NotifyTest, DisallowPersonality) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/personality");
std::vector<std::string> args = {path};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = NotifyTestcasePolicy();
ASSERT_THAT(policy, testing::Not(testing::IsNull()));
auto notify = absl::make_unique<PersonalityNotify>(false);
Sandbox2 s2(std::move(executor), std::move(policy), std::move(notify));
Sandbox2 s2(absl::make_unique<Executor>(path, args), NotifyTestcasePolicy(),
absl::make_unique<PersonalityNotify>(/*allow=*/false));
auto result = s2.Run();
ASSERT_EQ(result.final_status(), Result::VIOLATION);
ASSERT_EQ(result.reason_code(), __NR_personality);
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
EXPECT_THAT(result.reason_code(), Eq(__NR_personality));
}
// Test EventStarted by exchanging data after started but before sandboxed.
@ -142,15 +136,13 @@ TEST(NotifyTest, PrintPidAndComms) {
std::vector<std::string> args = {path};
auto executor = absl::make_unique<Executor>(path, args);
executor->set_enable_sandbox_before_exec(false);
auto policy = NotifyTestcasePolicy();
ASSERT_THAT(policy, testing::Not(testing::IsNull()));
auto notify = absl::make_unique<PidCommsNotify>();
Sandbox2 s2(std::move(executor), std::move(policy), std::move(notify));
Sandbox2 s2(std::move(executor), NotifyTestcasePolicy(),
absl::make_unique<PidCommsNotify>());
auto result = s2.Run();
ASSERT_EQ(result.final_status(), Result::OK);
ASSERT_EQ(result.reason_code(), 33);
ASSERT_THAT(result.final_status(), Eq(Result::OK));
EXPECT_THAT(result.reason_code(), Eq(33));
}
} // namespace

View File

@ -79,11 +79,7 @@ TEST(PolicyTest, AMD64Syscall32PolicyAllowed) {
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
std::vector<std::string> args = {path, "1"};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyTestcasePolicy();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
@ -96,11 +92,7 @@ TEST(PolicyTest, AMD64Syscall32FsAllowed) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
std::vector<std::string> args = {path, "2"};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyTestcasePolicy();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
@ -115,11 +107,7 @@ TEST(PolicyTest, PtraceDisallowed) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
std::vector<std::string> args = {path, "3"};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyTestcasePolicy();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
@ -131,11 +119,7 @@ TEST(PolicyTest, CloneUntracedDisallowed) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
std::vector<std::string> args = {path, "4"};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyTestcasePolicy();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
@ -147,11 +131,7 @@ TEST(PolicyTest, BpfDisallowed) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
std::vector<std::string> args = {path, "5"};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyTestcasePolicy();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));
@ -163,13 +143,12 @@ TEST(PolicyTest, BpfPermissionDenied) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
std::vector<std::string> args = {path, "7"};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = CreatePolicyTestPolicyBuilder()
.BlockSyscallWithErrno(__NR_bpf, EPERM)
.BuildOrDie();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), std::move(policy));
auto result = s2.Run();
// bpf(2) is not a violation due to explicit policy. EPERM is expected.
@ -181,11 +160,7 @@ TEST(PolicyTest, IsattyAllowed) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
std::vector<std::string> args = {path, "6"};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyTestcasePolicy();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), PolicyTestcasePolicy());
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::OK));
@ -209,11 +184,7 @@ TEST(MinimalTest, MinimalBinaryWorks) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/minimal");
std::vector<std::string> args = {path};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = MinimalTestcasePolicy();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), MinimalTestcasePolicy());
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::OK));
@ -226,7 +197,6 @@ TEST(MinimalTest, MinimalSharedBinaryWorks) {
const std::string path =
GetTestSourcePath("sandbox2/testcases/minimal_dynamic");
std::vector<std::string> args = {path};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyBuilder()
.AllowDynamicStartup()
@ -241,7 +211,7 @@ TEST(MinimalTest, MinimalSharedBinaryWorks) {
.AddLibrariesForBinary(path)
.BuildOrDie();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), std::move(policy));
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::OK));
@ -254,7 +224,6 @@ TEST(MallocTest, SystemMallocWorks) {
const std::string path =
GetTestSourcePath("sandbox2/testcases/malloc_system");
std::vector<std::string> args = {path};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyBuilder()
.AllowStaticStartup()
@ -266,7 +235,7 @@ TEST(MallocTest, SystemMallocWorks) {
#endif
.BuildOrDie();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), std::move(policy));
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::OK));
@ -283,7 +252,6 @@ TEST(MultipleSyscalls, AddPolicyOnSyscallsWorks) {
const std::string path =
GetTestSourcePath("sandbox2/testcases/add_policy_on_syscalls");
std::vector<std::string> args = {path};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyBuilder()
.AllowStaticStartup()
@ -337,7 +305,7 @@ TEST(MultipleSyscalls, AddPolicyOnSyscallsWorks) {
.BlockSyscallWithErrno(__NR_prlimit64, EPERM)
.BuildOrDie();
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(std::make_unique<Executor>(path, args), std::move(policy));
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::VIOLATION));

View File

@ -91,7 +91,7 @@ PolicyBuilder& PolicyBuilder::AllowSyscalls(absl::Span<const uint32_t> nums) {
PolicyBuilder& PolicyBuilder::BlockSyscallsWithErrno(
absl::Span<const uint32_t> nums, int error) {
for (auto num : nums) {
AllowSyscall(num);
BlockSyscallWithErrno(num, error);
}
return *this;
}
@ -653,12 +653,10 @@ PolicyBuilder& PolicyBuilder::AllowStaticStartup() {
BlockSyscallWithErrno(__NR_readlink, ENOENT);
#endif
if constexpr (sapi::host_cpu::IsArm()) {
AddPolicyOnSyscall(__NR_mprotect, {
ARG_32(2),
JEQ32(PROT_READ, ALLOW),
});
}
return *this;
}
@ -884,7 +882,7 @@ PolicyBuilder& PolicyBuilder::AddFile(absl::string_view path, bool is_ro) {
PolicyBuilder& PolicyBuilder::AddFileAt(absl::string_view outside,
absl::string_view inside, bool is_ro) {
EnableNamespaces();
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
auto valid_outside = ValidateAbsolutePath(outside);
if (!valid_outside.ok()) {
@ -912,7 +910,7 @@ PolicyBuilder& PolicyBuilder::AddFileAt(absl::string_view outside,
PolicyBuilder& PolicyBuilder::AddLibrariesForBinary(
absl::string_view path, absl::string_view ld_library_path) {
EnableNamespaces();
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
auto valid_path = ValidatePath(path);
if (!valid_path.ok()) {
@ -941,7 +939,7 @@ PolicyBuilder& PolicyBuilder::AddDirectory(absl::string_view path, bool is_ro) {
PolicyBuilder& PolicyBuilder::AddDirectoryAt(absl::string_view outside,
absl::string_view inside,
bool is_ro) {
EnableNamespaces();
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
auto valid_outside = ValidateAbsolutePath(outside);
if (!valid_outside.ok()) {
@ -969,7 +967,7 @@ PolicyBuilder& PolicyBuilder::AddDirectoryAt(absl::string_view outside,
}
PolicyBuilder& PolicyBuilder::AddTmpfs(absl::string_view inside, size_t size) {
EnableNamespaces();
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
if (auto status = mounts_.AddTmpfs(inside, size); !status.ok()) {
SetError(absl::InternalError(absl::StrCat("Could not mount tmpfs ", inside,
@ -979,14 +977,14 @@ PolicyBuilder& PolicyBuilder::AddTmpfs(absl::string_view inside, size_t size) {
}
PolicyBuilder& PolicyBuilder::AllowUnrestrictedNetworking() {
EnableNamespaces();
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
allow_unrestricted_networking_ = true;
return *this;
}
PolicyBuilder& PolicyBuilder::SetHostname(absl::string_view hostname) {
EnableNamespaces();
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
hostname_ = std::string(hostname);
return *this;
@ -1089,7 +1087,7 @@ PolicyBuilder& PolicyBuilder::AddNetworkProxyHandlerPolicy() {
}
PolicyBuilder& PolicyBuilder::SetRootWritable() {
EnableNamespaces();
EnableNamespaces(); // NOLINT(clang-diagnostic-deprecated-declarations)
mounts_.SetRootWritable();
return *this;

View File

@ -68,6 +68,7 @@ using ::testing::Lt;
using ::testing::NotNull;
using ::testing::StartsWith;
using ::testing::StrEq;
using ::sapi::IsOk;
using ::sapi::StatusIs;
class PolicyBuilderTest : public testing::Test {
@ -193,8 +194,9 @@ std::string PolicyBuilderTest::Run(std::vector<std::string> args,
TEST_F(PolicyBuilderTest, TestCanOnlyBuildOnce) {
PolicyBuilder b;
ASSERT_THAT(b.BuildOrDie(), NotNull());
ASSERT_DEATH(b.BuildOrDie(), "Can only build policy once");
ASSERT_THAT(b.TryBuild(), IsOk());
EXPECT_THAT(b.TryBuild(), StatusIs(absl::StatusCode::kFailedPrecondition,
"Can only build policy once."));
}
TEST_F(PolicyBuilderTest, TestIsCopyable) {

View File

@ -61,7 +61,6 @@ TEST(SandboxCoreDumpTest, AbortWithoutCoreDumpReturnsSignaled) {
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -74,8 +73,9 @@ TEST(SandboxCoreDumpTest, AbortWithoutCoreDumpReturnsSignaled) {
TEST(TsyncTest, TsyncNoMemoryChecks) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/tsync");
std::vector<std::string> args = {path};
auto executor = absl::make_unique<Executor>(path, args);
auto executor =
absl::make_unique<Executor>(path, std::vector<std::string>{path});
executor->set_enable_sandbox_before_exec(false);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
@ -84,7 +84,6 @@ TEST(TsyncTest, TsyncNoMemoryChecks) {
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.TryBuild());
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto result = sandbox.Run();
@ -93,8 +92,8 @@ TEST(TsyncTest, TsyncNoMemoryChecks) {
ASSERT_EQ(result.reason_code(), 0);
}
// Tests whether Executor(fd, args, envp) constructor works as
// expected.
// Tests whether Executor(fd, std::vector<std::string>{path}, envp) constructor
// works as expected.
TEST(ExecutorTest, ExecutorFdConstructor) {
SKIP_SANITIZERS_AND_COVERAGE;
@ -135,7 +134,7 @@ TEST(StackTraceTest, StackTraceOnExitWorks) {
auto result = sandbox.Run();
ASSERT_EQ(result.final_status(), Result::OK);
ASSERT_THAT(result.stack_trace(), Not(IsEmpty()));
EXPECT_THAT(result.stack_trace(), Not(IsEmpty()));
}
// Tests that we return the correct state when the sandboxee was killed by an
@ -158,7 +157,6 @@ TEST(RunAsyncTest, SandboxeeExternalKill) {
sandbox.Kill();
auto result = sandbox.AwaitResult();
EXPECT_EQ(result.final_status(), Result::EXTERNAL_KILL);
EXPECT_THAT(result.GetStackTrace(), IsEmpty());
}
@ -231,18 +229,19 @@ TEST(StarvationTest, MonitorIsNotStarvedByTheSandboxee) {
std::vector<std::string> args = {path};
std::vector<std::string> envs;
auto executor = absl::make_unique<Executor>(path, args, envs);
executor->limits()->set_walltime_limit(absl::Seconds(5));
SAPI_ASSERT_OK_AND_ASSIGN(
auto policy,
PolicyBuilder().DisableNamespaces().DangerDefaultAllowAll().TryBuild());
executor->limits()->set_walltime_limit(absl::Seconds(5));
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto start = absl::Now();
ASSERT_THAT(sandbox.RunAsync(), IsTrue());
auto result = sandbox.AwaitResult();
EXPECT_THAT(result.final_status(), Eq(Result::TIMEOUT));
auto end = absl::Now();
auto elapsed = end - start;
auto elapsed = absl::Now() - start;
EXPECT_THAT(elapsed, Lt(absl::Seconds(10)));
}

View File

@ -17,10 +17,13 @@
#include <dirent.h>
#include <cstdio>
#include <functional>
#include <string>
#include <utility>
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "absl/cleanup/cleanup.h"
#include "sandboxed_api/util/flag.h"
#include "absl/memory/memory.h"
#include "absl/strings/match.h"
@ -49,6 +52,7 @@ using ::testing::ElementsAre;
using ::testing::Eq;
using ::testing::HasSubstr;
using ::testing::IsEmpty;
using ::testing::IsTrue;
using ::testing::Not;
// Temporarily overrides a flag, restores the original flag value when it goes
@ -74,27 +78,26 @@ void SymbolizationWorksCommon(
const std::function<void(PolicyBuilder*)>& modify_policy) {
const std::string path = GetTestSourcePath("sandbox2/testcases/symbolize");
std::vector<std::string> args = {path, "1"};
auto executor = absl::make_unique<Executor>(path, args);
std::string temp_filename = CreateNamedTempFileAndClose("/tmp/").value();
file_util::fileops::CopyFile("/proc/cpuinfo", temp_filename, 0444);
struct TempCleanup {
~TempCleanup() { remove(capture->c_str()); }
std::string* capture;
} temp_cleanup{&temp_filename};
SAPI_ASSERT_OK_AND_ASSIGN(std::string temp_filename,
CreateNamedTempFileAndClose("/tmp/"));
absl::Cleanup temp_cleanup = [&temp_filename] {
remove(temp_filename.c_str());
};
ASSERT_THAT(
file_util::fileops::CopyFile("/proc/cpuinfo", temp_filename, 0444),
IsTrue());
PolicyBuilder policybuilder;
policybuilder
auto policybuilder = PolicyBuilder()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.AddFile(path)
.AddLibrariesForBinary(path)
.AddFileAt(temp_filename, "/proc/cpuinfo");
modify_policy(&policybuilder);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, policybuilder.TryBuild());
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(absl::make_unique<Executor>(path, args), std::move(policy));
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::SIGNALED));
@ -187,15 +190,15 @@ TEST(StackTraceTest, SymbolizationTrustedFilesOnly) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/symbolize");
std::vector<std::string> args = {path, "2"};
auto executor = absl::make_unique<Executor>(path, args);
SAPI_ASSERT_OK_AND_ASSIGN(
auto policy, PolicyBuilder{} // Don't restrict the syscalls at all.
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder()
// Don't restrict the syscalls at all.
.DangerDefaultAllowAll()
.AddFile(path)
.AddLibrariesForBinary(path)
.TryBuild());
Sandbox2 s2(std::move(executor), std::move(policy));
Sandbox2 s2(absl::make_unique<Executor>(path, args), std::move(policy));
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::SIGNALED));

View File

@ -14,13 +14,18 @@
# Description: test cases for sandbox2 unit tests.
#
# The following cc_binary options avoid dynamic linking which uses a lot of
# syscalls (open, mmap, etc.):
# linkopts = ["-static"]
# linkstatic = 1
# features = ["-pie"]
# Bazel adds -pie by default but -static is incompatible with it, so we use
# the features flag to force it off.
# Some of the following cc_binary options avoid dynamic linking which uses a
# lot of syscalls (open, mmap, etc.):
# linkstatic = True Default for cc_binary
# features = ["fully_static_link"] Adds -static
#
# Note that linking fully static with an unmodified glibc is not generally
# considered safe, due to glibc relying heavily on loading shared objects at
# runtime.
# The rule of thumb when it is safe to do so is when the program either only
# uses plain syscalls (bypassing any libc altogether) or if it does not use
# any networking and none of the functionality from cstdio/stdio.h (due to
# auto-loading of locale-specific shared objecs).
load("//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
@ -30,37 +35,27 @@ package(default_visibility = [
licenses(["notice"])
FULLY_STATIC_FEATURES = [
"-pie",
"fully_static_link", # link libc statically
]
cc_binary(
name = "abort",
testonly = 1,
testonly = True,
srcs = ["abort.cc"],
copts = sapi_platform_copts(),
deps = ["//sandboxed_api/util:raw_logging"],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "add_policy_on_syscalls",
testonly = 1,
testonly = True,
srcs = ["add_policy_on_syscalls.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
features = ["fully_static_link"],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "buffer",
testonly = 1,
testonly = True,
srcs = ["buffer.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
deps = [
"//sandboxed_api/sandbox2:buffer",
"//sandboxed_api/sandbox2:comms",
@ -70,7 +65,7 @@ cc_binary(
cc_binary(
name = "ipc",
testonly = 1,
testonly = True,
srcs = ["ipc.cc"],
copts = sapi_platform_copts(),
deps = [
@ -81,51 +76,42 @@ cc_binary(
],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "malloc_system",
testonly = 1,
testonly = True,
srcs = ["malloc.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
features = ["fully_static_link"],
)
cc_binary(
name = "minimal_dynamic",
testonly = 1,
testonly = True,
srcs = ["minimal.cc"],
copts = sapi_platform_copts(),
)
# security: disable=cc-static-no-pie
cc_binary(
name = "minimal",
testonly = 1,
testonly = True,
srcs = ["minimal.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
features = ["fully_static_link"],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "personality",
testonly = 1,
testonly = True,
srcs = ["personality.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
features = ["fully_static_link"],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "pidcomms",
testonly = 1,
testonly = True,
srcs = ["pidcomms.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
deps = [
"//sandboxed_api/sandbox2:client",
"//sandboxed_api/sandbox2:comms",
@ -133,40 +119,32 @@ cc_binary(
],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "policy",
testonly = 1,
testonly = True,
srcs = ["policy.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
features = ["fully_static_link"],
deps = ["//sandboxed_api:config"],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "print_fds",
testonly = 1,
testonly = True,
srcs = ["print_fds.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
# security: disable=cc-static-no-pie
cc_binary(
name = "sanitizer",
testonly = 1,
testonly = True,
srcs = ["sanitizer.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
cc_binary(
name = "close_fds",
testonly = 1,
testonly = True,
srcs = ["close_fds.cc"],
copts = sapi_platform_copts(),
deps = [
@ -177,24 +155,19 @@ cc_binary(
],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "sleep",
testonly = 1,
testonly = True,
srcs = ["sleep.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
features = ["fully_static_link"],
)
# security: disable=cc-static-no-pie
cc_binary(
name = "symbolize",
testonly = 1,
testonly = True,
srcs = ["symbolize.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
deps = [
"//sandboxed_api/util:raw_logging",
"//sandboxed_api/util:temp_file",
@ -205,7 +178,7 @@ cc_binary(
cc_binary(
name = "tsync",
testonly = 1,
testonly = True,
srcs = ["tsync.cc"],
copts = sapi_platform_copts(),
deps = [
@ -216,34 +189,30 @@ cc_binary(
cc_binary(
name = "starve",
testonly = 1,
testonly = True,
srcs = ["starve.cc"],
copts = sapi_platform_copts(),
)
cc_binary(
name = "hostname",
testonly = 1,
testonly = True,
srcs = ["hostname.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
features = ["fully_static_link"],
)
cc_binary(
name = "limits",
testonly = 1,
testonly = True,
srcs = ["limits.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
cc_binary(
name = "namespace",
testonly = 1,
testonly = True,
srcs = ["namespace.cc"],
copts = sapi_platform_copts(),
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
features = ["fully_static_link"],
)

View File

@ -12,12 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
if(SAPI_LIB_TYPE STREQUAL "STATIC")
set(_sandbox2_linkopts -static)
else()
set(_sandbox2_linkopts ${CMAKE_THREAD_LIBS_INIT})
endif()
# sandboxed_api/sandbox2/testcases:abort
add_executable(sandbox2_testcase_abort
abort.cc
@ -40,7 +34,8 @@ set_target_properties(sandbox2_testcase_add_policy_on_syscalls PROPERTIES
OUTPUT_NAME add_policy_on_syscalls
)
target_link_libraries(sandbox2_testcase_add_policy_on_syscalls PRIVATE
${_sandbox2_linkopts}
-static
sapi::base
)
# sandboxed_api/sandbox2/testcases:buffer
@ -56,7 +51,6 @@ target_link_libraries(sandbox2_testcase_buffer PRIVATE
sandbox2::buffer
sandbox2::comms
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:ipc
@ -85,8 +79,8 @@ set_target_properties(sandbox2_testcase_malloc_system PROPERTIES
OUTPUT_NAME malloc_system
)
target_link_libraries(sandbox2_testcase_malloc_system PRIVATE
-static
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:minimal_dynamic
@ -111,8 +105,8 @@ set_target_properties(sandbox2_testcase_minimal PROPERTIES
OUTPUT_NAME minimal
)
target_link_libraries(sandbox2_testcase_minimal PRIVATE
-static
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:personality
@ -125,8 +119,8 @@ set_target_properties(sandbox2_testcase_personality PROPERTIES
OUTPUT_NAME personality
)
target_link_libraries(sandbox2_testcase_personality PRIVATE
-static
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:pidcomms
@ -142,7 +136,6 @@ target_link_libraries(sandbox2_testcase_pidcomms PRIVATE
sandbox2::comms
sapi::base
sapi::raw_logging
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:policy
@ -154,9 +147,9 @@ set_target_properties(sandbox2_testcase_policy PROPERTIES
OUTPUT_NAME policy
)
target_link_libraries(sandbox2_testcase_policy PRIVATE
-static
sapi::base
sapi::config
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:print_fds
@ -169,7 +162,6 @@ set_target_properties(sandbox2_testcase_print_fds PROPERTIES
)
target_link_libraries(sandbox2_testcase_print_fds PRIVATE
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:sanitizer
@ -182,7 +174,6 @@ set_target_properties(sandbox2_testcase_sanitizer PROPERTIES
)
target_link_libraries(sandbox2_testcase_sanitizer PRIVATE
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:close_fds
@ -195,7 +186,6 @@ set_target_properties(sandbox2_testcase_close_fds PROPERTIES
)
target_link_libraries(sandbox2_testcase_close_fds PRIVATE
sapi::base
${_sandbox2_linkopts}
absl::strings
absl::flat_hash_set
glog::glog
@ -212,8 +202,8 @@ set_target_properties(sandbox2_testcase_sleep PROPERTIES
OUTPUT_NAME sleep
)
target_link_libraries(sandbox2_testcase_sleep PRIVATE
-static
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:symbolize
@ -231,7 +221,6 @@ target_link_libraries(sandbox2_testcase_symbolize PRIVATE
sapi::strerror
sapi::base
sapi::raw_logging
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:starve
@ -246,7 +235,6 @@ target_link_libraries(sandbox2_testcase_starve PRIVATE
sapi::base
)
# sandboxed_api/sandbox2/testcases:tsync
add_executable(sandbox2_testcase_tsync
tsync.cc
@ -259,7 +247,6 @@ target_link_libraries(sandbox2_testcase_tsync PRIVATE
sandbox2::client
sandbox2::comms
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:hostname
@ -271,8 +258,8 @@ set_target_properties(sandbox2_testcase_hostname PROPERTIES
OUTPUT_NAME hostname
)
target_link_libraries(sandbox2_testcase_hostname PRIVATE
-static
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:limits
@ -285,7 +272,6 @@ set_target_properties(sandbox2_testcase_limits PROPERTIES
)
target_link_libraries(sandbox2_testcase_limits PRIVATE
sapi::base
${_sandbox2_linkopts}
)
# sandboxed_api/sandbox2/testcases:namespace
@ -297,6 +283,6 @@ set_target_properties(sandbox2_testcase_namespace PROPERTIES
OUTPUT_NAME namespace
)
target_link_libraries(sandbox2_testcase_namespace PRIVATE
-static
sapi::base
${_sandbox2_linkopts}
)

View File

@ -177,8 +177,10 @@ absl::StatusOr<SymbolMap> LoadSymbolsMap(pid_t pid) {
for (const ElfFile::Symbol& symbol : elf->symbols()) {
if (elf->position_independent()) {
if (symbol.address < entry.end - entry.start) {
addr_to_symbol[symbol.address + entry.start] = symbol.name;
if (symbol.address >= entry.pgoff &&
symbol.address - entry.pgoff < entry.end - entry.start) {
addr_to_symbol[symbol.address + entry.start - entry.pgoff] =
symbol.name;
}
} else {
if (symbol.address >= entry.start && symbol.address < entry.end) {

View File

@ -26,13 +26,14 @@
#include "sandboxed_api/util/file_helpers.h"
#include "sandboxed_api/util/status_matchers.h"
extern "C" void ExportedFunctionName() {
extern "C" void ExportedFunction() {
// Don't do anything - used to generate a symbol.
}
namespace file = ::sapi::file;
using ::sapi::GetTestSourcePath;
using ::sapi::IsOk;
using ::testing::ElementsAre;
using ::testing::Eq;
using ::testing::IsTrue;
using ::testing::Ne;
@ -65,19 +66,20 @@ TEST(MinielfTest, SymbolResolutionWorks) {
ParseProcMaps(maps_buffer));
// Find maps entry that covers this entry.
uint64_t function_address = reinterpret_cast<uint64_t>(ExportedFunctionName);
auto function_entry =
uint64_t function_address = reinterpret_cast<uint64_t>(&ExportedFunction);
auto entry =
absl::c_find_if(maps, [function_address](const MapsEntry& entry) {
return entry.start <= function_address && entry.end > function_address;
});
ASSERT_THAT(function_entry, Ne(maps.end()));
function_address -= function_entry->start;
ASSERT_THAT(entry, Ne(maps.end()));
auto function_symbol =
absl::c_find_if(elf.symbols(), [](const ElfFile::Symbol& symbol) {
return symbol.name == "ExportedFunctionName";
return symbol.name == "ExportedFunction";
});
ASSERT_THAT(function_symbol, Ne(elf.symbols().end()));
function_address -= entry->start - entry->pgoff;
EXPECT_THAT(function_symbol->address, Eq(function_address));
}
@ -86,8 +88,7 @@ TEST(MinielfTest, ImportedLibraries) {
ElfFile elf, ElfFile::ParseFromFile(
GetTestSourcePath("sandbox2/util/testdata/hello_world"),
ElfFile::kLoadImportedLibraries));
std::vector<std::string> imported_libraries = {"libc.so.6"};
EXPECT_THAT(elf.imported_libraries(), Eq(imported_libraries));
EXPECT_THAT(elf.imported_libraries(), ElementsAre("libc.so.6"));
}
} // namespace

View File

@ -31,8 +31,11 @@ void SaveStatusToProto(const absl::Status& status, StatusProto* out) {
absl::Status MakeStatusFromProto(const StatusProto& proto) {
absl::Status status(static_cast<absl::StatusCode>(proto.code()),
proto.message());
for (const auto& [type_key, payload] : proto.payloads()) {
status.SetPayload(type_key, absl::Cord(payload));
// Note: Using C++17 structured bindings instead of `entry` crashes Clang 6.0
// on Ubuntu 18.04 (bionic).
for (const auto& entry : proto.payloads()) {
status.SetPayload(/*type_url=*/entry.first,
/*payload=*/absl::Cord(entry.second));
}
return status;
}