StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Internal Changes

Browse Source 
PiperOrigin-RevId: 449714418
Change-Id: I12241fff9fdf97f22258d4a18ff4d54b2587d6dc
This commit is contained in:
Oliver Kunz 2022-05-19 04:54:57 -07:00 committed by Copybara-Service
parent 88b0a9e2e5
commit a761362d71
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sandboxed_api/sandbox.cc
View File

@ -91,14 +91,14 @@ void InitDefaultPolicyBuilder(sandbox2::PolicyBuilder* builder) {
#ifdef __NR_arch_prctl // x86-64 only #ifdef __NR_arch_prctl // x86-64 only
__NR_arch_prctl, __NR_arch_prctl,
#endif #endif
}) });
.AddFile("/etc/localtime")
.AddTmpfs("/tmp", 1ULL << 30 /* 1GiB tmpfs (max size) */);
if constexpr (sanitizers::IsAny()) { if constexpr (sanitizers::IsAny()) {
LOG(WARNING) << "Allowing additional calls to support the LLVM " LOG(WARNING) << "Allowing additional calls to support the LLVM "
<< "(ASAN/MSAN/TSAN) sanitizer"; << "(ASAN/MSAN/TSAN) sanitizer";
builder->AllowLlvmSanitizers(); builder->AllowLlvmSanitizers();
} }
builder->AddFile("/etc/localtime")
.AddTmpfs("/tmp", 1ULL << 30 /* 1GiB tmpfs (max size */);
} }
void Sandbox::Terminate(bool attempt_graceful_exit) { void Sandbox::Terminate(bool attempt_graceful_exit) {
@ -140,7 +140,7 @@ absl::Status Sandbox::Init() {
// library. // library.
std::string lib_path; std::string lib_path;
int embed_lib_fd = -1; int embed_lib_fd = -1;
if (embed_lib_toc_) { if (embed_lib_toc_ && !sapi::host_os::IsAndroid()) {
embed_lib_fd = EmbedFile::instance()->GetDupFdForFileToc(embed_lib_toc_); embed_lib_fd = EmbedFile::instance()->GetDupFdForFileToc(embed_lib_toc_);
if (embed_lib_fd == -1) { if (embed_lib_fd == -1) {
PLOG(ERROR) << "Cannot create executable FD for TOC:'" PLOG(ERROR) << "Cannot create executable FD for TOC:'"
@ -155,7 +155,6 @@ absl::Status Sandbox::Init() {
return absl::FailedPreconditionError("No SAPI library path given"); return absl::FailedPreconditionError("No SAPI library path given");
} }
} }
std::vector<std::string> args = {lib_path}; std::vector<std::string> args = {lib_path};
// Additional arguments, if needed. // Additional arguments, if needed.
GetArgs(&args); GetArgs(&args);

1
sandboxed_api/sandbox.h
View File

@ -22,6 +22,7 @@
#include "sandboxed_api/file_toc.h" #include "sandboxed_api/file_toc.h"
#include "absl/base/macros.h" #include "absl/base/macros.h"
#include "absl/status/statusor.h" #include "absl/status/statusor.h"
#include "sandboxed_api/config.h"
#include "sandboxed_api/rpcchannel.h" #include "sandboxed_api/rpcchannel.h"
#include "sandboxed_api/sandbox2/client.h" #include "sandboxed_api/sandbox2/client.h"
#include "sandboxed_api/sandbox2/comms.h" #include "sandboxed_api/sandbox2/comms.h"