mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Sandbox TurboJPEG
Took a few tries to get everything implemented.
This commit is contained in:
parent
585e55a1e0
commit
e613bdfaeb
44
contrib/turbojpeg/CMakeLists.txt
Normal file
44
contrib/turbojpeg/CMakeLists.txt
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
# Copyright 2022 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
cmake_minimum_required(VERSION 3.13)
|
||||||
|
project(turbojpeg-sapi CXX C)
|
||||||
|
|
||||||
|
set(CMAKE_CXX_STANDARD 17)
|
||||||
|
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||||
|
|
||||||
|
if(NOT TARGET sapi::sapi)
|
||||||
|
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||||
|
add_subdirectory("${SAPI_ROOT}"
|
||||||
|
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||||
|
EXCLUDE_FROM_ALL)
|
||||||
|
endif()
|
||||||
|
|
||||||
|
find_package(PkgConfig REQUIRED)
|
||||||
|
pkg_check_modules(TURBOJPEG REQUIRED IMPORTED_TARGET libturbojpeg)
|
||||||
|
|
||||||
|
add_sapi_library(turbojpeg_sapi
|
||||||
|
INPUTS "${TURBOJPEG_INCLUDEDIR}/turbojpeg.h"
|
||||||
|
LIBRARY turbojpeg
|
||||||
|
LIBRARY_NAME TurboJPEG
|
||||||
|
NAMESPACE "turbojpeg_sapi"
|
||||||
|
)
|
||||||
|
|
||||||
|
target_include_directories(turbojpeg_sapi INTERFACE
|
||||||
|
"${PROJECT_BINARY_DIR}"
|
||||||
|
)
|
||||||
|
|
||||||
|
if(SAPI_ENABLE_TESTS)
|
||||||
|
add_subdirectory(tests)
|
||||||
|
endif()
|
26
contrib/turbojpeg/tests/CMakeLists.txt
Normal file
26
contrib/turbojpeg/tests/CMakeLists.txt
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# Copyright 2022 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
include(GoogleTest)
|
||||||
|
|
||||||
|
add_executable(turbojpeg_sapi_test turbojpeg_sapi_test.cc)
|
||||||
|
|
||||||
|
target_link_libraries(turbojpeg_sapi_test PRIVATE
|
||||||
|
turbojpeg_sapi
|
||||||
|
sapi::base
|
||||||
|
gtest
|
||||||
|
gmock
|
||||||
|
)
|
||||||
|
|
||||||
|
gtest_discover_tests(turbojpeg_sapi_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files")
|
BIN
contrib/turbojpeg/tests/sample.jpeg
Normal file
BIN
contrib/turbojpeg/tests/sample.jpeg
Normal file
Binary file not shown.
After Width: | Height: | Size: 257 B |
BIN
contrib/turbojpeg/tests/sample.rgb
Normal file
BIN
contrib/turbojpeg/tests/sample.rgb
Normal file
Binary file not shown.
180
contrib/turbojpeg/tests/turbojpeg_sapi_test.cc
Normal file
180
contrib/turbojpeg/tests/turbojpeg_sapi_test.cc
Normal file
@ -0,0 +1,180 @@
|
|||||||
|
// Copyright 2022 Google LLC
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#define _GNU_SOURCE 1
|
||||||
|
#include <turbojpeg.h>
|
||||||
|
|
||||||
|
#include <cerrno>
|
||||||
|
#include <cstdlib>
|
||||||
|
#include <fstream>
|
||||||
|
#include <iostream>
|
||||||
|
|
||||||
|
#include "../turbojpeg_sapi.h" // NOLINT(build/include)
|
||||||
|
#include "gflags/gflags.h"
|
||||||
|
#include "glog/logging.h"
|
||||||
|
#include "gmock/gmock.h"
|
||||||
|
#include "gtest/gtest.h"
|
||||||
|
#include "sandboxed_api/testing.h"
|
||||||
|
#include "sandboxed_api/util/fileops.h"
|
||||||
|
#include "sandboxed_api/util/path.h"
|
||||||
|
#include "sandboxed_api/util/status_matchers.h"
|
||||||
|
#include "turbojpeg_sapi.sapi.h" // NOLINT(build/include)
|
||||||
|
|
||||||
|
namespace {
|
||||||
|
|
||||||
|
using ::sapi::IsOk;
|
||||||
|
using ::testing::Eq;
|
||||||
|
using ::testing::Not;
|
||||||
|
using ::testing::NotNull;
|
||||||
|
using ::testing::StrEq;
|
||||||
|
|
||||||
|
class TurboJpegSapiSandboxTest : public testing::Test {
|
||||||
|
protected:
|
||||||
|
static void SetUpTestSuite() {
|
||||||
|
ASSERT_THAT(getenv("TEST_FILES_DIR"), NotNull());
|
||||||
|
sandbox_ = new TurboJpegSapiSandbox();
|
||||||
|
ASSERT_THAT(sandbox_->Init(), IsOk());
|
||||||
|
api_ = new turbojpeg_sapi::TurboJPEGApi(sandbox_);
|
||||||
|
}
|
||||||
|
static void TearDownTestSuite() {
|
||||||
|
delete api_;
|
||||||
|
delete sandbox_;
|
||||||
|
}
|
||||||
|
|
||||||
|
static std::string GetTurboJpegErrorStr(sapi::v::Ptr* handle) {
|
||||||
|
auto errmsg_ptr = api_->tjGetErrorStr2(handle);
|
||||||
|
if (!errmsg_ptr.ok()) return "Error getting error message";
|
||||||
|
auto errmsg =
|
||||||
|
sandbox_->GetCString(sapi::v::RemotePtr(errmsg_ptr.value()), 256);
|
||||||
|
if (!errmsg.ok()) return "Error getting error message";
|
||||||
|
return errmsg.value();
|
||||||
|
}
|
||||||
|
static turbojpeg_sapi::TurboJPEGApi* api_;
|
||||||
|
static TurboJpegSapiSandbox* sandbox_;
|
||||||
|
};
|
||||||
|
|
||||||
|
turbojpeg_sapi::TurboJPEGApi* TurboJpegSapiSandboxTest::api_;
|
||||||
|
TurboJpegSapiSandbox* TurboJpegSapiSandboxTest::sandbox_;
|
||||||
|
|
||||||
|
std::string GetTestFilePath(const std::string& filename) {
|
||||||
|
return sapi::file::JoinPath(getenv("TEST_FILES_DIR"), filename);
|
||||||
|
}
|
||||||
|
|
||||||
|
std::streamsize GetStreamSize(std::ifstream& stream) {
|
||||||
|
stream.seekg(0, std::ios_base::end);
|
||||||
|
std::streamsize ssize = stream.tellg();
|
||||||
|
stream.seekg(0, std::ios_base::beg);
|
||||||
|
|
||||||
|
return ssize;
|
||||||
|
}
|
||||||
|
|
||||||
|
absl::StatusOr<std::vector<uint8_t>> ReadFile(const std::string& in_file,
|
||||||
|
size_t expected_size = SIZE_MAX) {
|
||||||
|
std::ifstream f(GetTestFilePath(in_file));
|
||||||
|
if (!f.is_open()) {
|
||||||
|
return absl::UnavailableError("File could not be opened");
|
||||||
|
}
|
||||||
|
std::streamsize ssize = GetStreamSize(f);
|
||||||
|
if (expected_size != SIZE_MAX && ssize != expected_size) {
|
||||||
|
return absl::UnavailableError("Incorrect size of file");
|
||||||
|
}
|
||||||
|
std::vector<uint8_t> inbuf((ssize));
|
||||||
|
f.read(reinterpret_cast<char*>(inbuf.data()), ssize);
|
||||||
|
if (ssize != f.gcount()) {
|
||||||
|
return absl::UnavailableError("Premature end of file");
|
||||||
|
}
|
||||||
|
if (f.fail() || f.eof()) {
|
||||||
|
return absl::UnavailableError("Error reading file");
|
||||||
|
}
|
||||||
|
return inbuf;
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(TurboJpegSapiSandboxTest, Compressor) {
|
||||||
|
absl::StatusOr<void*> compression_handle_raw = api_->tjInitCompress();
|
||||||
|
ASSERT_THAT(compression_handle_raw, IsOk());
|
||||||
|
ASSERT_THAT(compression_handle_raw.value(), NotNull());
|
||||||
|
sapi::v::RemotePtr compression_handle{compression_handle_raw.value()};
|
||||||
|
auto result = ReadFile("sample.rgb", 12 * 67 * 3);
|
||||||
|
ASSERT_THAT(result, IsOk());
|
||||||
|
sapi::v::Array array(result->data(), result->size());
|
||||||
|
|
||||||
|
sapi::v::GenericPtr buffer;
|
||||||
|
unsigned long actual_length;
|
||||||
|
{
|
||||||
|
sapi::v::ULong length{0};
|
||||||
|
auto result = api_->tjCompress2(&compression_handle, array.PtrBefore(), 12,
|
||||||
|
36, 67, TJPF_RGB, buffer.PtrAfter(),
|
||||||
|
length.PtrBoth(), TJSAMP_444, 10, 0);
|
||||||
|
ASSERT_THAT(result, IsOk());
|
||||||
|
ASSERT_THAT(result.value(), Eq(0))
|
||||||
|
<< "Error from sandboxee: "
|
||||||
|
<< GetTurboJpegErrorStr(&compression_handle);
|
||||||
|
ASSERT_TRUE(buffer.GetValue());
|
||||||
|
ASSERT_TRUE(buffer.GetRemote());
|
||||||
|
ASSERT_TRUE((actual_length = length.GetValue()));
|
||||||
|
}
|
||||||
|
auto value = buffer.GetValue();
|
||||||
|
|
||||||
|
auto destroy_result = api_->tjDestroy(&compression_handle);
|
||||||
|
ASSERT_THAT(destroy_result, IsOk());
|
||||||
|
ASSERT_THAT(destroy_result.value(), Eq(0));
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(TurboJpegSapiSandboxTest, Decompressor) {
|
||||||
|
absl::StatusOr<void*> decompression_handle_raw = api_->tjInitDecompress();
|
||||||
|
ASSERT_THAT(decompression_handle_raw, IsOk());
|
||||||
|
ASSERT_THAT(decompression_handle_raw.value(), NotNull());
|
||||||
|
sapi::v::RemotePtr decompression_handle{decompression_handle_raw.value()};
|
||||||
|
auto result = ReadFile("sample.jpeg");
|
||||||
|
ASSERT_THAT(result, IsOk());
|
||||||
|
sapi::v::Array array(result->data(), result->size());
|
||||||
|
|
||||||
|
sapi::v::Int width{0};
|
||||||
|
sapi::v::Int height{0};
|
||||||
|
sapi::v::Int subsamp{0};
|
||||||
|
sapi::v::Int colorspace{0};
|
||||||
|
auto decompress_result = api_->tjDecompressHeader3(
|
||||||
|
&decompression_handle, array.PtrBefore(), result->size(),
|
||||||
|
width.PtrAfter(), height.PtrAfter(), subsamp.PtrAfter(),
|
||||||
|
colorspace.PtrAfter());
|
||||||
|
ASSERT_THAT(decompress_result, IsOk());
|
||||||
|
ASSERT_THAT(decompress_result.value(), Eq(0))
|
||||||
|
<< "Error from sandboxee: "
|
||||||
|
<< GetTurboJpegErrorStr(&decompression_handle);
|
||||||
|
|
||||||
|
ASSERT_THAT(width.GetValue(), Eq(67));
|
||||||
|
ASSERT_THAT(height.GetValue(), Eq(12));
|
||||||
|
ASSERT_THAT(subsamp.GetValue(), Eq(TJSAMP_GRAY));
|
||||||
|
ASSERT_THAT(colorspace.GetValue(), Eq(TJCS_GRAY));
|
||||||
|
|
||||||
|
auto arr = sapi::v::Array<unsigned char>(12 * 67 * 3);
|
||||||
|
decompress_result = api_->tjDecompress2(
|
||||||
|
&decompression_handle, array.PtrBefore(), result->size(), arr.PtrAfter(),
|
||||||
|
12, 36, 67, TJCS_RGB, 0);
|
||||||
|
ASSERT_THAT(decompress_result, IsOk());
|
||||||
|
EXPECT_THAT(decompress_result.value(), Eq(0))
|
||||||
|
<< "Error from sandboxee: "
|
||||||
|
<< GetTurboJpegErrorStr(&decompression_handle);
|
||||||
|
|
||||||
|
decompress_result = api_->tjDestroy(&decompression_handle);
|
||||||
|
ASSERT_THAT(decompress_result, IsOk());
|
||||||
|
ASSERT_THAT(decompress_result.value(), Eq(0));
|
||||||
|
}
|
||||||
|
} // namespace
|
||||||
|
|
||||||
|
int main(int argc, char* argv[]) {
|
||||||
|
::google::InitGoogleLogging(program_invocation_short_name);
|
||||||
|
::testing::InitGoogleTest(&argc, argv);
|
||||||
|
return RUN_ALL_TESTS();
|
||||||
|
}
|
44
contrib/turbojpeg/turbojpeg_sapi.h
Normal file
44
contrib/turbojpeg/turbojpeg_sapi.h
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
// Copyright 2022 Google LLC
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#ifndef CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
||||||
|
#define CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
||||||
|
|
||||||
|
#include <syscall.h>
|
||||||
|
|
||||||
|
#include "turbojpeg_sapi.sapi.h" // NOLINT(build/include)
|
||||||
|
#include "sandboxed_api/util/fileops.h"
|
||||||
|
class TurboJpegSapiSandbox : public turbojpeg_sapi::TurboJPEGSandbox {
|
||||||
|
public:
|
||||||
|
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
|
||||||
|
sandbox2::PolicyBuilder*) override {
|
||||||
|
return sandbox2::PolicyBuilder()
|
||||||
|
.AllowSystemMalloc()
|
||||||
|
.AllowRead()
|
||||||
|
.AllowStat()
|
||||||
|
.AllowWrite()
|
||||||
|
.AllowExit()
|
||||||
|
.AllowSyscalls({
|
||||||
|
__NR_futex,
|
||||||
|
__NR_close,
|
||||||
|
__NR_lseek,
|
||||||
|
__NR_getpid,
|
||||||
|
__NR_clock_gettime,
|
||||||
|
})
|
||||||
|
.AllowLlvmSanitizers()
|
||||||
|
.BuildOrDie();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif // CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_
|
Loading…
x
Reference in New Issue
Block a user