mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Sandbox TurboJPEG
Took a few tries to get everything implemented.
This commit is contained in:
parent
585e55a1e0
commit
e613bdfaeb
44
contrib/turbojpeg/CMakeLists.txt
Normal file
44
contrib/turbojpeg/CMakeLists.txt
Normal file
|
@ -0,0 +1,44 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
cmake_minimum_required(VERSION 3.13)
|
||||
project(turbojpeg-sapi CXX C)
|
||||
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||
|
||||
if(NOT TARGET sapi::sapi)
|
||||
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||
add_subdirectory("${SAPI_ROOT}"
|
||||
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||
EXCLUDE_FROM_ALL)
|
||||
endif()
|
||||
|
||||
find_package(PkgConfig REQUIRED)
|
||||
pkg_check_modules(TURBOJPEG REQUIRED IMPORTED_TARGET libturbojpeg)
|
||||
|
||||
add_sapi_library(turbojpeg_sapi
|
||||
INPUTS "${TURBOJPEG_INCLUDEDIR}/turbojpeg.h"
|
||||
LIBRARY turbojpeg
|
||||
LIBRARY_NAME TurboJPEG
|
||||
NAMESPACE "turbojpeg_sapi"
|
||||
)
|
||||
|
||||
target_include_directories(turbojpeg_sapi INTERFACE
|
||||
"${PROJECT_BINARY_DIR}"
|
||||
)
|
||||
|
||||
if(SAPI_ENABLE_TESTS)
|
||||
add_subdirectory(tests)
|
||||
endif()
|
26
contrib/turbojpeg/tests/CMakeLists.txt
Normal file
26
contrib/turbojpeg/tests/CMakeLists.txt
Normal file
|
@ -0,0 +1,26 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
include(GoogleTest)
|
||||
|
||||
add_executable(turbojpeg_sapi_test turbojpeg_sapi_test.cc)
|
||||
|
||||
target_link_libraries(turbojpeg_sapi_test PRIVATE
|
||||
turbojpeg_sapi
|
||||
sapi::base
|
||||
gtest
|
||||
gmock
|
||||
)
|
||||
|
||||
gtest_discover_tests(turbojpeg_sapi_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files")
|
BIN
contrib/turbojpeg/tests/sample.jpeg
Normal file
BIN
contrib/turbojpeg/tests/sample.jpeg
Normal file
Binary file not shown.
After Width: | Height: | Size: 257 B |
BIN
contrib/turbojpeg/tests/sample.rgb
Normal file
BIN
contrib/turbojpeg/tests/sample.rgb
Normal file
Binary file not shown.
180
contrib/turbojpeg/tests/turbojpeg_sapi_test.cc
Normal file
180
contrib/turbojpeg/tests/turbojpeg_sapi_test.cc
Normal file
|
@ -0,0 +1,180 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#define _GNU_SOURCE 1
|
||||
#include <turbojpeg.h>
|
||||
|
||||
#include <cerrno>
|
||||
#include <cstdlib>
|
||||
#include <fstream>
|
||||
#include <iostream>
|
||||
|
||||
#include "../turbojpeg_sapi.h" // NOLINT(build/include)
|
||||
#include "gflags/gflags.h"
|
||||
#include "glog/logging.h"
|
||||
#include "gmock/gmock.h"
|
||||
#include "gtest/gtest.h"
|
||||
#include "sandboxed_api/testing.h"
|
||||
#include "sandboxed_api/util/fileops.h"
|
||||
#include "sandboxed_api/util/path.h"
|
||||
#include "sandboxed_api/util/status_matchers.h"
|
||||
#include "turbojpeg_sapi.sapi.h" // NOLINT(build/include)
|
||||
|
||||
namespace {
|
||||
|
||||
using ::sapi::IsOk;
|
||||
using ::testing::Eq;
|
||||
using ::testing::Not;
|
||||
using ::testing::NotNull;
|
||||
using ::testing::StrEq;
|
||||
|
||||
class TurboJpegSapiSandboxTest : public testing::Test {
|
||||
protected:
|
||||
static void SetUpTestSuite() {
|
||||
ASSERT_THAT(getenv("TEST_FILES_DIR"), NotNull());
|
||||
sandbox_ = new TurboJpegSapiSandbox();
|
||||
ASSERT_THAT(sandbox_->Init(), IsOk());
|
||||
api_ = new turbojpeg_sapi::TurboJPEGApi(sandbox_);
|
||||
}
|
||||
static void TearDownTestSuite() {
|
||||
delete api_;
|
||||
delete sandbox_;
|
||||
}
|
||||
|
||||
static std::string GetTurboJpegErrorStr(sapi::v::Ptr* handle) {
|
||||
auto errmsg_ptr = api_->tjGetErrorStr2(handle);
|
||||
if (!errmsg_ptr.ok()) return "Error getting error message";
|
||||
auto errmsg =
|
||||
sandbox_->GetCString(sapi::v::RemotePtr(errmsg_ptr.value()), 256);
|
||||
if (!errmsg.ok()) return "Error getting error message";
|
||||
return errmsg.value();
|
||||
}
|
||||
static turbojpeg_sapi::TurboJPEGApi* api_;
|
||||
static TurboJpegSapiSandbox* sandbox_;
|
||||
};
|
||||
|
||||
turbojpeg_sapi::TurboJPEGApi* TurboJpegSapiSandboxTest::api_;
|
||||
TurboJpegSapiSandbox* TurboJpegSapiSandboxTest::sandbox_;
|
||||
|
||||
std::string GetTestFilePath(const std::string& filename) {
|
||||
return sapi::file::JoinPath(getenv("TEST_FILES_DIR"), filename);
|
||||
}
|
||||
|
||||
std::streamsize GetStreamSize(std::ifstream& stream) {
|
||||
stream.seekg(0, std::ios_base::end);
|
||||
std::streamsize ssize = stream.tellg();
|
||||
stream.seekg(0, std::ios_base::beg);
|
||||
|
||||
return ssize;
|
||||
}
|
||||
|
||||
absl::StatusOr<std::vector<uint8_t>> ReadFile(const std::string& in_file,
|
||||
size_t expected_size = SIZE_MAX) {
|
||||
std::ifstream f(GetTestFilePath(in_file));
|
||||
if (!f.is_open()) {
|
||||
return absl::UnavailableError("File could not be opened");
|
||||
}
|
||||
std::streamsize ssize = GetStreamSize(f);
|
||||
if (expected_size != SIZE_MAX && ssize != expected_size) {
|
||||
return absl::UnavailableError("Incorrect size of file");
|
||||
}
|
||||
std::vector<uint8_t> inbuf((ssize));
|
||||
f.read(reinterpret_cast<char*>(inbuf.data()), ssize);
|
||||
if (ssize != f.gcount()) {
|
||||
return absl::UnavailableError("Premature end of file");
|
||||
}
|
||||
if (f.fail() || f.eof()) {
|
||||
return absl::UnavailableError("Error reading file");
|
||||
}
|
||||
return inbuf;
|
||||
}
|
||||
|
||||
TEST_F(TurboJpegSapiSandboxTest, Compressor) {
|
||||
absl::StatusOr<void*> compression_handle_raw = api_->tjInitCompress();
|
||||
ASSERT_THAT(compression_handle_raw, IsOk());
|
||||
ASSERT_THAT(compression_handle_raw.value(), NotNull());
|
||||
sapi::v::RemotePtr compression_handle{compression_handle_raw.value()};
|
||||
auto result = ReadFile("sample.rgb", 12 * 67 * 3);
|
||||
ASSERT_THAT(result, IsOk());
|
||||
sapi::v::Array array(result->data(), result->size());
|
||||
|
||||
sapi::v::GenericPtr buffer;
|
||||
unsigned long actual_length;
|
||||
{
|
||||
sapi::v::ULong length{0};
|
||||
auto result = api_->tjCompress2(&compression_handle, array.PtrBefore(), 12,
|
||||
36, 67, TJPF_RGB, buffer.PtrAfter(),
|
||||
length.PtrBoth(), TJSAMP_444, 10, 0);
|
||||
ASSERT_THAT(result, IsOk());
|
||||
ASSERT_THAT(result.value(), Eq(0))
|
||||
<< "Error from sandboxee: "
|
||||
<< GetTurboJpegErrorStr(&compression_handle);
|
||||
ASSERT_TRUE(buffer.GetValue());
|
||||
ASSERT_TRUE(buffer.GetRemote());
|
||||
ASSERT_TRUE((actual_length = length.GetValue()));
|
||||
}
|
||||
auto value = buffer.GetValue();
|
||||
|
||||
auto destroy_result = api_->tjDestroy(&compression_handle);
|
||||
ASSERT_THAT(destroy_result, IsOk());
|
||||
ASSERT_THAT(destroy_result.value(), Eq(0));
|
||||
}
|
||||
|
||||
TEST_F(TurboJpegSapiSandboxTest, Decompressor) {
|
||||
absl::StatusOr<void*> decompression_handle_raw = api_->tjInitDecompress();
|
||||
ASSERT_THAT(decompression_handle_raw, IsOk());
|
||||
ASSERT_THAT(decompression_handle_raw.value(), NotNull());
|
||||
sapi::v::RemotePtr decompression_handle{decompression_handle_raw.value()};
|
||||
auto result = ReadFile("sample.jpeg");
|
||||
ASSERT_THAT(result, IsOk());
|
||||
sapi::v::Array array(result->data(), result->size());
|
||||
|
||||
sapi::v::Int width{0};
|
||||
sapi::v::Int height{0};
|
||||
sapi::v::Int subsamp{0};
|
||||
sapi::v::Int colorspace{0};
|
||||
auto decompress_result = api_->tjDecompressHeader3(
|
||||
&decompression_handle, array.PtrBefore(), result->size(),
|
||||
width.PtrAfter(), height.PtrAfter(), subsamp.PtrAfter(),
|
||||
colorspace.PtrAfter());
|
||||
ASSERT_THAT(decompress_result, IsOk());
|
||||
ASSERT_THAT(decompress_result.value(), Eq(0))
|
||||
<< "Error from sandboxee: "
|
||||
<< GetTurboJpegErrorStr(&decompression_handle);
|
||||
|
||||
ASSERT_THAT(width.GetValue(), Eq(67));
|
||||
ASSERT_THAT(height.GetValue(), Eq(12));
|
||||
ASSERT_THAT(subsamp.GetValue(), Eq(TJSAMP_GRAY));
|
||||
ASSERT_THAT(colorspace.GetValue(), Eq(TJCS_GRAY));
|
||||
|
||||
auto arr = sapi::v::Array<unsigned char>(12 * 67 * 3);
|
||||
decompress_result = api_->tjDecompress2(
|
||||
&decompression_handle, array.PtrBefore(), result->size(), arr.PtrAfter(),
|
||||
12, 36, 67, TJCS_RGB, 0);
|
||||
ASSERT_THAT(decompress_result, IsOk());
|
||||
EXPECT_THAT(decompress_result.value(), Eq(0))
|
||||
<< "Error from sandboxee: "
|
||||
<< GetTurboJpegErrorStr(&decompression_handle);
|
||||
|
||||
decompress_result = api_->tjDestroy(&decompression_handle);
|
||||
ASSERT_THAT(decompress_result, IsOk());
|
||||
ASSERT_THAT(decompress_result.value(), Eq(0));
|
||||
}
|
||||
} // namespace
|
||||
|
||||
int main(int argc, char* argv[]) {
|
||||
::google::InitGoogleLogging(program_invocation_short_name);
|
||||
::testing::InitGoogleTest(&argc, argv);
|
||||
return RUN_ALL_TESTS();
|
||||
}
|
44
contrib/turbojpeg/turbojpeg_sapi.h
Normal file
44
contrib/turbojpeg/turbojpeg_sapi.h
Normal file
|
@ -0,0 +1,44 @@
|
|||
// Copyright 2022 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// https://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
||||
#define CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
||||
|
||||
#include <syscall.h>
|
||||
|
||||
#include "turbojpeg_sapi.sapi.h" // NOLINT(build/include)
|
||||
#include "sandboxed_api/util/fileops.h"
|
||||
class TurboJpegSapiSandbox : public turbojpeg_sapi::TurboJPEGSandbox {
|
||||
public:
|
||||
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
|
||||
sandbox2::PolicyBuilder*) override {
|
||||
return sandbox2::PolicyBuilder()
|
||||
.AllowSystemMalloc()
|
||||
.AllowRead()
|
||||
.AllowStat()
|
||||
.AllowWrite()
|
||||
.AllowExit()
|
||||
.AllowSyscalls({
|
||||
__NR_futex,
|
||||
__NR_close,
|
||||
__NR_lseek,
|
||||
__NR_getpid,
|
||||
__NR_clock_gettime,
|
||||
})
|
||||
.AllowLlvmSanitizers()
|
||||
.BuildOrDie();
|
||||
}
|
||||
};
|
||||
|
||||
#endif // CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
Loading…
Reference in New Issue
Block a user