Fix command-line handling in sandbox2tool

This addresses #164.

PiperOrigin-RevId: 483675926
Change-Id: I1461c9bb2c3865d86cd99f9285e51ce20ac460b8

sandboxed_api/sandbox2/examples/tool/BUILD.bazel

@@ -36,6 +36,7 @@ cc_binary(
         "//sandboxed_api/util:fileops",
         "@com_google_absl//absl/flags:flag",
         "@com_google_absl//absl/flags:parse",
+        "@com_google_absl//absl/flags:usage",
         "@com_google_absl//absl/log",
         "@com_google_absl//absl/log:globals",
         "@com_google_absl//absl/log:initialize",

sandboxed_api/sandbox2/examples/tool/CMakeLists.txt

@@ -21,6 +21,7 @@ add_executable(sandbox2::sandbox2tool ALIAS sandbox2_sandbox2tool)
 target_link_libraries(sandbox2_sandbox2tool PRIVATE
   absl::flags
   absl::flags_parse
+  absl::flags_usage
   absl::log
   absl::log_globals
   absl::log_initialize

sandboxed_api/sandbox2/examples/tool/sandbox2tool.cc

@@ -36,6 +36,7 @@
 
 #include "absl/flags/flag.h"
 #include "absl/flags/parse.h"
+#include "absl/flags/usage.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
@@ -105,25 +106,33 @@ void OutputFD(int fd) {
 }  // namespace
 
 int main(int argc, char* argv[]) {
+  const std::string program_name = sapi::file_util::fileops::Basename(argv[0]);
+  absl::SetProgramUsageMessage(
+      absl::StrFormat("A sandbox testing tool.\n"
+                      "Usage: %1$s [OPTION] -- CMD [ARGS]...",
+                      program_name));
+
+  std::vector<std::string> args;
+  {
+    const std::vector<char*> parsed_argv = absl::ParseCommandLine(argc, argv);
+    args.assign(parsed_argv.begin() + 1, parsed_argv.end());
+  }
   absl::SetStderrThreshold(absl::LogSeverityAtLeast::kInfo);
-  absl::ParseCommandLine(argc, argv);
   absl::InitializeLog();
 
-  if (argc < 2) {
-    absl::FPrintF(stderr, "Usage: %s [flags] -- cmd args...", argv[0]);
+  if (args.empty()) {
+    absl::FPrintF(stderr, "Missing command to execute\n");
     return EXIT_FAILURE;
   }
 
-  // Pass everything after '--' to the sandbox.
-  std::vector<std::string> args =
-      sandbox2::util::CharPtrArray(&argv[1]).ToStringVector();
+  const std::string& sandboxee = args[0];
 
   // Pass the current environ pointer, depending on the flag.
   std::vector<std::string> envp;
   if (absl::GetFlag(FLAGS_sandbox2tool_keep_env)) {
     envp = sandbox2::util::CharPtrArray(environ).ToStringVector();
   }
-  auto executor = std::make_unique<sandbox2::Executor>(argv[1], args, envp);
+  auto executor = std::make_unique<sandbox2::Executor>(sandboxee, args, envp);
 
   sapi::file_util::fileops::FDCloser recv_fd1;
   if (absl::GetFlag(FLAGS_sandbox2tool_redirect_fd1)) {
@@ -184,7 +193,7 @@ int main(int argc, char* argv[]) {
   }
 
   if (absl::GetFlag(FLAGS_sandbox2tool_resolve_and_add_libraries)) {
-    builder.AddLibrariesForBinary(argv[1]);
+    builder.AddLibrariesForBinary(sandboxee);
   }
 
   auto policy = builder.BuildOrDie();

sandboxed_api/sandbox2/examples/tool/sandbox2tool_test.sh

@@ -23,7 +23,10 @@ die() {
 
 BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2/examples/tool/sandbox2tool
 
-out=$("$BIN" -sandbox2tool_resolve_and_add_libraries -sandbox2tool_walltime_timeout=1 /bin/sleep 60 2>&1)
+out=$("$BIN" \
+      --sandbox2tool_resolve_and_add_libraries \
+      --sandbox2tool_walltime_timeout=1 \
+      -- /bin/sleep 60 2>&1)
 result=$?
 if [[ $result -ne 2 ]]; then
   echo "$out" >&2
@@ -59,7 +62,7 @@ fi
 out=$("$BIN" \
       --sandbox2tool_resolve_and_add_libraries \
       --sandbox2tool_additional_bind_mounts '/etc,/proc' \
-      -sandbox2tool_mount_tmp \
+      --sandbox2tool_mount_tmp \
       -- /bin/ls /proc/1/fd/ 2>&1)
 result=$?
 if [[ $result -ne 0 ]]; then