mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Internal change
PiperOrigin-RevId: 251590551 Change-Id: Ic69f8f5f798006c0d096357b7a746cdc4ce530a3
This commit is contained in:
parent
a3b0949949
commit
ffd4e1270a
|
@ -173,7 +173,7 @@ cc_library(
|
||||||
"//sandboxed_api/sandbox2:client",
|
"//sandboxed_api/sandbox2:client",
|
||||||
"//sandboxed_api/sandbox2:comms",
|
"//sandboxed_api/sandbox2:comms",
|
||||||
"//sandboxed_api/sandbox2:forkingclient",
|
"//sandboxed_api/sandbox2:forkingclient",
|
||||||
"@com_google_absl//absl/flags:flag",
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/strings",
|
"@com_google_absl//absl/strings",
|
||||||
"@com_google_glog//:glog",
|
"@com_google_glog//:glog",
|
||||||
"@com_google_protobuf//:protobuf",
|
"@com_google_protobuf//:protobuf",
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "google/protobuf/descriptor.h"
|
#include "google/protobuf/descriptor.h"
|
||||||
#include "google/protobuf/message.h"
|
#include "google/protobuf/message.h"
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/strings/str_cat.h"
|
#include "absl/strings/str_cat.h"
|
||||||
#include "sandboxed_api/call.h"
|
#include "sandboxed_api/call.h"
|
||||||
#include "sandboxed_api/lenval_core.h"
|
#include "sandboxed_api/lenval_core.h"
|
||||||
|
|
|
@ -28,9 +28,9 @@ cc_test(
|
||||||
"//sandboxed_api:vars",
|
"//sandboxed_api:vars",
|
||||||
"//sandboxed_api/examples/stringop/lib:stringop-sapi",
|
"//sandboxed_api/examples/stringop/lib:stringop-sapi",
|
||||||
"//sandboxed_api/examples/stringop/lib:stringop_params_proto_cc",
|
"//sandboxed_api/examples/stringop/lib:stringop_params_proto_cc",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"//sandboxed_api/util:status",
|
"//sandboxed_api/util:status",
|
||||||
"//sandboxed_api/util:status_matchers",
|
"//sandboxed_api/util:status_matchers",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
"@com_google_absl//absl/time",
|
"@com_google_absl//absl/time",
|
||||||
"@com_google_googletest//:gtest_main",
|
"@com_google_googletest//:gtest_main",
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "gmock/gmock.h"
|
#include "gmock/gmock.h"
|
||||||
#include "gtest/gtest.h"
|
#include "gtest/gtest.h"
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "absl/time/time.h"
|
#include "absl/time/time.h"
|
||||||
#include "sandboxed_api/examples/stringop/lib/sandbox.h"
|
#include "sandboxed_api/examples/stringop/lib/sandbox.h"
|
||||||
|
|
|
@ -26,8 +26,8 @@ cc_binary(
|
||||||
"//sandboxed_api:vars",
|
"//sandboxed_api:vars",
|
||||||
"//sandboxed_api/examples/sum/lib:sum-sapi",
|
"//sandboxed_api/examples/sum/lib:sum-sapi",
|
||||||
"//sandboxed_api/examples/sum/lib:sum_params_proto_cc",
|
"//sandboxed_api/examples/sum/lib:sum_params_proto_cc",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"//sandboxed_api/util:status",
|
"//sandboxed_api/util:status",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
"@com_google_absl//absl/strings",
|
"@com_google_absl//absl/strings",
|
||||||
],
|
],
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "absl/strings/str_cat.h"
|
#include "absl/strings/str_cat.h"
|
||||||
#include "sandboxed_api/examples/sum/lib/sandbox.h"
|
#include "sandboxed_api/examples/sum/lib/sandbox.h"
|
||||||
|
|
|
@ -42,7 +42,7 @@ cc_binary(
|
||||||
":zlib-sapi",
|
":zlib-sapi",
|
||||||
":zlib-sapi_embed",
|
":zlib-sapi_embed",
|
||||||
"//sandboxed_api:vars",
|
"//sandboxed_api:vars",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/base:core_headers",
|
"@com_google_absl//absl/base:core_headers",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/base/macros.h"
|
#include "absl/base/macros.h"
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "sandboxed_api/examples/zlib/zlib-sapi.sapi.h"
|
#include "sandboxed_api/examples/zlib/zlib-sapi.sapi.h"
|
||||||
#include "sandboxed_api/examples/zlib/zlib-sapi_embed.h"
|
#include "sandboxed_api/examples/zlib/zlib-sapi_embed.h"
|
||||||
#include "sandboxed_api/vars.h"
|
#include "sandboxed_api/vars.h"
|
||||||
|
|
|
@ -184,8 +184,8 @@ cc_library(
|
||||||
":syscall",
|
":syscall",
|
||||||
":violation_proto_cc",
|
":violation_proto_cc",
|
||||||
"//sandboxed_api/sandbox2/util:bpf_helper",
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/base:core_headers",
|
"@com_google_absl//absl/base:core_headers",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
"@com_google_absl//absl/types:optional",
|
"@com_google_absl//absl/types:optional",
|
||||||
"@org_kernel_libcap//:libcap",
|
"@org_kernel_libcap//:libcap",
|
||||||
],
|
],
|
||||||
|
@ -302,7 +302,7 @@ cc_library(
|
||||||
"@com_google_absl//absl/base:core_headers",
|
"@com_google_absl//absl/base:core_headers",
|
||||||
"@com_google_absl//absl/container:flat_hash_map",
|
"@com_google_absl//absl/container:flat_hash_map",
|
||||||
"@com_google_absl//absl/container:flat_hash_set",
|
"@com_google_absl//absl/container:flat_hash_set",
|
||||||
"@com_google_absl//absl/flags:flag",
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
"@com_google_absl//absl/strings",
|
"@com_google_absl//absl/strings",
|
||||||
"@com_google_absl//absl/strings:str_format",
|
"@com_google_absl//absl/strings:str_format",
|
||||||
|
@ -728,8 +728,8 @@ cc_test(
|
||||||
"//sandboxed_api/sandbox2/util:bpf_helper",
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
||||||
"//sandboxed_api/sandbox2/util:fileops",
|
"//sandboxed_api/sandbox2/util:fileops",
|
||||||
"//sandboxed_api/sandbox2/util:temp_file",
|
"//sandboxed_api/sandbox2/util:temp_file",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"//sandboxed_api/util:status_matchers",
|
"//sandboxed_api/util:status_matchers",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
"@com_google_absl//absl/strings",
|
"@com_google_absl//absl/strings",
|
||||||
"@com_google_googletest//:gtest_main",
|
"@com_google_googletest//:gtest_main",
|
||||||
|
|
|
@ -187,7 +187,6 @@ add_library(sandbox2_policy STATIC
|
||||||
add_library(sandbox2::policy ALIAS sandbox2_policy)
|
add_library(sandbox2::policy ALIAS sandbox2_policy)
|
||||||
target_link_libraries(sandbox2_policy PRIVATE
|
target_link_libraries(sandbox2_policy PRIVATE
|
||||||
absl::core_headers
|
absl::core_headers
|
||||||
absl::flags
|
|
||||||
absl::optional
|
absl::optional
|
||||||
libcap::libcap
|
libcap::libcap
|
||||||
sandbox2::bpf_helper
|
sandbox2::bpf_helper
|
||||||
|
@ -198,6 +197,7 @@ target_link_libraries(sandbox2_policy PRIVATE
|
||||||
sandbox2::syscall
|
sandbox2::syscall
|
||||||
sandbox2::violation_proto
|
sandbox2::violation_proto
|
||||||
sapi::base
|
sapi::base
|
||||||
|
sapi::flags
|
||||||
)
|
)
|
||||||
|
|
||||||
# sandboxed_api/sandbox2:notify
|
# sandboxed_api/sandbox2:notify
|
||||||
|
@ -284,7 +284,6 @@ add_library(sandbox2::sandbox2 ALIAS sandbox2_sandbox2)
|
||||||
target_link_libraries(sandbox2_sandbox2
|
target_link_libraries(sandbox2_sandbox2
|
||||||
PRIVATE absl::core_headers
|
PRIVATE absl::core_headers
|
||||||
absl::flat_hash_map
|
absl::flat_hash_map
|
||||||
absl::flags
|
|
||||||
absl::flat_hash_set
|
absl::flat_hash_set
|
||||||
absl::memory
|
absl::memory
|
||||||
absl::optional
|
absl::optional
|
||||||
|
@ -319,7 +318,8 @@ target_link_libraries(sandbox2_sandbox2
|
||||||
sapi::base
|
sapi::base
|
||||||
sapi::status
|
sapi::status
|
||||||
sapi::statusor
|
sapi::statusor
|
||||||
PUBLIC sandbox2::logsink
|
PUBLIC sapi::flags
|
||||||
|
sandbox2::logsink
|
||||||
)
|
)
|
||||||
|
|
||||||
# sandboxed_api/sandbox2:client
|
# sandboxed_api/sandbox2:client
|
||||||
|
@ -779,7 +779,6 @@ add_dependencies(stack-trace_test
|
||||||
sandbox2::testcase_symbolize
|
sandbox2::testcase_symbolize
|
||||||
)
|
)
|
||||||
target_link_libraries(stack-trace_test PRIVATE
|
target_link_libraries(stack-trace_test PRIVATE
|
||||||
absl::flags
|
|
||||||
absl::memory
|
absl::memory
|
||||||
absl::strings
|
absl::strings
|
||||||
sandbox2::bpf_helper
|
sandbox2::bpf_helper
|
||||||
|
@ -789,6 +788,7 @@ target_link_libraries(stack-trace_test PRIVATE
|
||||||
sandbox2::temp_file
|
sandbox2::temp_file
|
||||||
sandbox2::testing
|
sandbox2::testing
|
||||||
sandbox2::util
|
sandbox2::util
|
||||||
|
sapi::flags
|
||||||
sapi::status_matchers
|
sapi::status_matchers
|
||||||
sapi::test_main
|
sapi::test_main
|
||||||
)
|
)
|
||||||
|
@ -805,12 +805,12 @@ add_dependencies(ipc_test
|
||||||
sandbox2::testcase_ipc
|
sandbox2::testcase_ipc
|
||||||
)
|
)
|
||||||
target_link_libraries(ipc_test PRIVATE
|
target_link_libraries(ipc_test PRIVATE
|
||||||
absl::flags
|
|
||||||
absl::memory
|
absl::memory
|
||||||
sandbox2::bpf_helper
|
sandbox2::bpf_helper
|
||||||
sandbox2::comms
|
sandbox2::comms
|
||||||
sandbox2::sandbox2
|
sandbox2::sandbox2
|
||||||
sandbox2::testing
|
sandbox2::testing
|
||||||
|
sapi::flags
|
||||||
sapi::status_matchers
|
sapi::status_matchers
|
||||||
sapi::test_main
|
sapi::test_main
|
||||||
)
|
)
|
||||||
|
@ -854,7 +854,6 @@ add_dependencies(policybuilder_test
|
||||||
sandbox2::testcase_print_fds
|
sandbox2::testcase_print_fds
|
||||||
)
|
)
|
||||||
target_link_libraries(policybuilder_test PRIVATE
|
target_link_libraries(policybuilder_test PRIVATE
|
||||||
absl::flags
|
|
||||||
absl::memory
|
absl::memory
|
||||||
absl::strings
|
absl::strings
|
||||||
glog::glog
|
glog::glog
|
||||||
|
@ -862,6 +861,7 @@ target_link_libraries(policybuilder_test PRIVATE
|
||||||
sandbox2::comms
|
sandbox2::comms
|
||||||
sandbox2::sandbox2
|
sandbox2::sandbox2
|
||||||
sandbox2::testing
|
sandbox2::testing
|
||||||
|
sapi::flags
|
||||||
sapi::status_matchers
|
sapi::status_matchers
|
||||||
sapi::test_main
|
sapi::test_main
|
||||||
)
|
)
|
||||||
|
|
|
@ -34,8 +34,7 @@ cc_binary(
|
||||||
"//sandboxed_api/sandbox2:comms",
|
"//sandboxed_api/sandbox2:comms",
|
||||||
"//sandboxed_api/sandbox2/util:bpf_helper",
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
||||||
"//sandboxed_api/sandbox2/util:runfiles",
|
"//sandboxed_api/sandbox2/util:runfiles",
|
||||||
"@com_google_absl//absl/flags:flag",
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/flags:parse",
|
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
@ -49,9 +48,8 @@ cc_binary(
|
||||||
"//sandboxed_api/sandbox2:client",
|
"//sandboxed_api/sandbox2:client",
|
||||||
"//sandboxed_api/sandbox2:comms",
|
"//sandboxed_api/sandbox2:comms",
|
||||||
"//sandboxed_api/sandbox2:util",
|
"//sandboxed_api/sandbox2:util",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/base:core_headers",
|
"@com_google_absl//absl/base:core_headers",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
"@com_google_absl//absl/flags:parse",
|
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -21,8 +21,7 @@
|
||||||
#include <cstring>
|
#include <cstring>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/flags/parse.h"
|
|
||||||
#include "sandboxed_api/sandbox2/client.h"
|
#include "sandboxed_api/sandbox2/client.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
#include "sandboxed_api/sandbox2/util.h"
|
#include "sandboxed_api/sandbox2/util.h"
|
||||||
|
@ -47,7 +46,7 @@ static uint32_t ComputeCRC4Impl(const uint8_t* ptr, uint64_t len) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int main(int argc, char** argv) {
|
int main(int argc, char** argv) {
|
||||||
absl::ParseCommandLine(argc, argv);
|
google::ParseCommandLineFlags(&argc, &argv, false);
|
||||||
|
|
||||||
// Set-up the sandbox2::Client object, using a file descriptor (1023).
|
// Set-up the sandbox2::Client object, using a file descriptor (1023).
|
||||||
sandbox2::Comms comms(sandbox2::Comms::kSandbox2ClientCommsFD);
|
sandbox2::Comms comms(sandbox2::Comms::kSandbox2ClientCommsFD);
|
||||||
|
|
|
@ -28,8 +28,7 @@
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/flags/parse.h"
|
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
#include "sandboxed_api/sandbox2/executor.h"
|
#include "sandboxed_api/sandbox2/executor.h"
|
||||||
|
@ -42,7 +41,7 @@
|
||||||
#include "sandboxed_api/sandbox2/util/bpf_helper.h"
|
#include "sandboxed_api/sandbox2/util/bpf_helper.h"
|
||||||
#include "sandboxed_api/sandbox2/util/runfiles.h"
|
#include "sandboxed_api/sandbox2/util/runfiles.h"
|
||||||
|
|
||||||
ABSL_FLAG(std::string, input, "", "Input to calculate CRC4 of.");
|
ABSL_FLAG(string, input, "", "Input to calculate CRC4 of.");
|
||||||
ABSL_FLAG(bool, call_syscall_not_allowed, false,
|
ABSL_FLAG(bool, call_syscall_not_allowed, false,
|
||||||
"Have sandboxee call clone (violation).");
|
"Have sandboxee call clone (violation).");
|
||||||
|
|
||||||
|
@ -83,7 +82,7 @@ bool SandboxedCRC4(sandbox2::Comms* comms, uint32_t* crc4) {
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
||||||
int main(int argc, char** argv) {
|
int main(int argc, char** argv) {
|
||||||
absl::ParseCommandLine(argc, argv);
|
google::ParseCommandLineFlags(&argc, &argv, true);
|
||||||
google::InitGoogleLogging(argv[0]);
|
google::InitGoogleLogging(argv[0]);
|
||||||
|
|
||||||
if (absl::GetFlag(FLAGS_input).empty()) {
|
if (absl::GetFlag(FLAGS_input).empty()) {
|
||||||
|
|
|
@ -31,9 +31,9 @@ cc_binary(
|
||||||
"//sandboxed_api/sandbox2:comms",
|
"//sandboxed_api/sandbox2:comms",
|
||||||
"//sandboxed_api/sandbox2:forkserver",
|
"//sandboxed_api/sandbox2:forkserver",
|
||||||
"//sandboxed_api/sandbox2/util:runfiles",
|
"//sandboxed_api/sandbox2/util:runfiles",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"//sandboxed_api/util:raw_logging",
|
"//sandboxed_api/util:raw_logging",
|
||||||
"@com_google_absl//absl/base:core_headers",
|
"@com_google_absl//absl/base:core_headers",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
@ -46,7 +46,7 @@ cc_binary(
|
||||||
deps = [
|
deps = [
|
||||||
"//sandboxed_api/sandbox2:comms",
|
"//sandboxed_api/sandbox2:comms",
|
||||||
"//sandboxed_api/sandbox2:forkingclient",
|
"//sandboxed_api/sandbox2:forkingclient",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"//sandboxed_api/util:raw_logging",
|
"//sandboxed_api/util:raw_logging",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
#include <cstdint>
|
#include <cstdint>
|
||||||
|
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
#include "sandboxed_api/sandbox2/forkingclient.h"
|
#include "sandboxed_api/sandbox2/forkingclient.h"
|
||||||
#include "sandboxed_api/util/raw_logging.h"
|
#include "sandboxed_api/util/raw_logging.h"
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
#include "sandboxed_api/sandbox2/executor.h"
|
#include "sandboxed_api/sandbox2/executor.h"
|
||||||
|
|
|
@ -33,7 +33,7 @@ cc_binary(
|
||||||
"//sandboxed_api/sandbox2",
|
"//sandboxed_api/sandbox2",
|
||||||
"//sandboxed_api/sandbox2/util:bpf_helper",
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
||||||
"//sandboxed_api/sandbox2/util:runfiles",
|
"//sandboxed_api/sandbox2/util:runfiles",
|
||||||
"@com_google_absl//absl/flags:flag",
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "sandboxed_api/sandbox2/executor.h"
|
#include "sandboxed_api/sandbox2/executor.h"
|
||||||
#include "sandboxed_api/sandbox2/ipc.h"
|
#include "sandboxed_api/sandbox2/ipc.h"
|
||||||
|
|
|
@ -33,7 +33,7 @@ cc_binary(
|
||||||
"//sandboxed_api/sandbox2",
|
"//sandboxed_api/sandbox2",
|
||||||
"//sandboxed_api/sandbox2:util",
|
"//sandboxed_api/sandbox2:util",
|
||||||
"//sandboxed_api/sandbox2/util:bpf_helper",
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
||||||
"@com_google_absl//absl/flags:flag",
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
"@com_google_absl//absl/strings",
|
"@com_google_absl//absl/strings",
|
||||||
"@com_google_absl//absl/strings:str_format",
|
"@com_google_absl//absl/strings:str_format",
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "absl/strings/str_format.h"
|
#include "absl/strings/str_format.h"
|
||||||
#include "absl/strings/str_split.h"
|
#include "absl/strings/str_split.h"
|
||||||
|
@ -69,9 +69,9 @@ ABSL_FLAG(uint64_t, sandbox2tool_walltime_timeout, 60U,
|
||||||
"Wall-time timeout in seconds (if >0)");
|
"Wall-time timeout in seconds (if >0)");
|
||||||
ABSL_FLAG(uint64_t, sandbox2tool_file_size_creation_limit, 1024U,
|
ABSL_FLAG(uint64_t, sandbox2tool_file_size_creation_limit, 1024U,
|
||||||
"Maximum size of created files");
|
"Maximum size of created files");
|
||||||
ABSL_FLAG(std::string, sandbox2tool_cwd, "/",
|
ABSL_FLAG(string, sandbox2tool_cwd, "/",
|
||||||
"If not empty, chdir to the directory before sandboxed");
|
"If not empty, chdir to the directory before sandboxed");
|
||||||
ABSL_FLAG(std::string, sandbox2tool_additional_bind_mounts, "",
|
ABSL_FLAG(string, sandbox2tool_additional_bind_mounts, "",
|
||||||
"If user namespaces are enabled, this option will add additional "
|
"If user namespaces are enabled, this option will add additional "
|
||||||
"bind mounts. Mounts are separated by comma and can optionally "
|
"bind mounts. Mounts are separated by comma and can optionally "
|
||||||
"specify a target using \"=>\" "
|
"specify a target using \"=>\" "
|
||||||
|
|
|
@ -27,7 +27,7 @@ cc_binary(
|
||||||
"//sandboxed_api/sandbox2:comms",
|
"//sandboxed_api/sandbox2:comms",
|
||||||
"//sandboxed_api/sandbox2/util:bpf_helper",
|
"//sandboxed_api/sandbox2/util:bpf_helper",
|
||||||
"//sandboxed_api/sandbox2/util:runfiles",
|
"//sandboxed_api/sandbox2/util:runfiles",
|
||||||
"@com_google_absl//absl/flags:flag",
|
"//sandboxed_api/util:flags",
|
||||||
"@com_google_absl//absl/memory",
|
"@com_google_absl//absl/memory",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
#include "sandboxed_api/sandbox2/executor.h"
|
#include "sandboxed_api/sandbox2/executor.h"
|
||||||
|
@ -40,8 +40,8 @@
|
||||||
#include "sandboxed_api/sandbox2/util/bpf_helper.h"
|
#include "sandboxed_api/sandbox2/util/bpf_helper.h"
|
||||||
#include "sandboxed_api/sandbox2/util/runfiles.h"
|
#include "sandboxed_api/sandbox2/util/runfiles.h"
|
||||||
|
|
||||||
ABSL_FLAG(std::string, input, "", "Input file");
|
ABSL_FLAG(string, input, "", "Input file");
|
||||||
ABSL_FLAG(std::string, output, "", "Output file");
|
ABSL_FLAG(string, output, "", "Output file");
|
||||||
ABSL_FLAG(bool, decompress, false, "Decompress instead of compress.");
|
ABSL_FLAG(bool, decompress, false, "Decompress instead of compress.");
|
||||||
|
|
||||||
namespace {
|
namespace {
|
||||||
|
|
|
@ -42,7 +42,7 @@
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "absl/strings/str_cat.h"
|
#include "absl/strings/str_cat.h"
|
||||||
#include "absl/strings/str_format.h"
|
#include "absl/strings/str_format.h"
|
||||||
|
@ -69,7 +69,7 @@ ABSL_FLAG(bool, sandbox2_report_on_sandboxee_timeout, true,
|
||||||
"Report sandbox2 sandboxee timeouts");
|
"Report sandbox2 sandboxee timeouts");
|
||||||
|
|
||||||
ABSL_DECLARE_FLAG(bool, sandbox2_danger_danger_permit_all);
|
ABSL_DECLARE_FLAG(bool, sandbox2_danger_danger_permit_all);
|
||||||
ABSL_DECLARE_FLAG(std::string, sandbox2_danger_danger_permit_all_and_log);
|
ABSL_DECLARE_FLAG(string, sandbox2_danger_danger_permit_all_and_log);
|
||||||
|
|
||||||
namespace sandbox2 {
|
namespace sandbox2 {
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "external/org_kernel_libcap/libcap/include/sys/capability.h"
|
#include "external/org_kernel_libcap/libcap/include/sys/capability.h"
|
||||||
#include "sandboxed_api/sandbox2/bpfdisassembler.h"
|
#include "sandboxed_api/sandbox2/bpfdisassembler.h"
|
||||||
#include "sandboxed_api/sandbox2/comms.h"
|
#include "sandboxed_api/sandbox2/comms.h"
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
|
|
||||||
ABSL_FLAG(bool, sandbox2_danger_danger_permit_all, false,
|
ABSL_FLAG(bool, sandbox2_danger_danger_permit_all, false,
|
||||||
"Allow all syscalls, useful for testing");
|
"Allow all syscalls, useful for testing");
|
||||||
ABSL_FLAG(std::string, sandbox2_danger_danger_permit_all_and_log, "",
|
ABSL_FLAG(string, sandbox2_danger_danger_permit_all_and_log, "",
|
||||||
"Allow all syscalls and log them into specified file");
|
"Allow all syscalls and log them into specified file");
|
||||||
|
|
||||||
namespace sandbox2 {
|
namespace sandbox2 {
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
#include <glog/logging.h>
|
#include <glog/logging.h>
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "absl/strings/numbers.h"
|
#include "absl/strings/numbers.h"
|
||||||
#include "absl/strings/str_cat.h"
|
#include "absl/strings/str_cat.h"
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
#include <memory>
|
#include <memory>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "sandboxed_api/sandbox2/mounts.h"
|
#include "sandboxed_api/sandbox2/mounts.h"
|
||||||
#include "sandboxed_api/sandbox2/policy.h"
|
#include "sandboxed_api/sandbox2/policy.h"
|
||||||
#include "sandboxed_api/sandbox2/regs.h"
|
#include "sandboxed_api/sandbox2/regs.h"
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
#include "gmock/gmock.h"
|
#include "gmock/gmock.h"
|
||||||
#include "gtest/gtest.h"
|
#include "gtest/gtest.h"
|
||||||
#include "absl/flags/flag.h"
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "absl/memory/memory.h"
|
#include "absl/memory/memory.h"
|
||||||
#include "absl/strings/match.h"
|
#include "absl/strings/match.h"
|
||||||
#include "absl/strings/str_cat.h"
|
#include "absl/strings/str_cat.h"
|
||||||
|
@ -48,7 +48,7 @@ namespace {
|
||||||
template <typename T>
|
template <typename T>
|
||||||
class TemporaryFlagOverride {
|
class TemporaryFlagOverride {
|
||||||
public:
|
public:
|
||||||
using Flag = absl::Flag<T>;
|
using Flag = T;
|
||||||
TemporaryFlagOverride(Flag* flag, T value)
|
TemporaryFlagOverride(Flag* flag, T value)
|
||||||
: flag_(flag), original_value_(absl::GetFlag(*flag)) {
|
: flag_(flag), original_value_(absl::GetFlag(*flag)) {
|
||||||
absl::SetFlag(flag, value);
|
absl::SetFlag(flag, value);
|
||||||
|
|
|
@ -221,9 +221,9 @@ cc_library(
|
||||||
copts = sapi_platform_copts(),
|
copts = sapi_platform_copts(),
|
||||||
deps = [
|
deps = [
|
||||||
":file_base",
|
":file_base",
|
||||||
|
"//sandboxed_api/util:flags",
|
||||||
"//sandboxed_api/util:raw_logging",
|
"//sandboxed_api/util:raw_logging",
|
||||||
"@bazel_tools//tools/cpp/runfiles",
|
"@bazel_tools//tools/cpp/runfiles",
|
||||||
"@com_google_absl//absl/flags:flag",
|
|
||||||
"@com_google_absl//absl/strings",
|
"@com_google_absl//absl/strings",
|
||||||
"@com_google_absl//absl/strings:str_format",
|
"@com_google_absl//absl/strings:str_format",
|
||||||
],
|
],
|
||||||
|
|
|
@ -214,10 +214,10 @@ add_library(sandbox2_util_runfiles STATIC
|
||||||
)
|
)
|
||||||
add_library(sandbox2::runfiles ALIAS sandbox2_util_runfiles)
|
add_library(sandbox2::runfiles ALIAS sandbox2_util_runfiles)
|
||||||
target_link_libraries(sandbox2_util_runfiles PRIVATE
|
target_link_libraries(sandbox2_util_runfiles PRIVATE
|
||||||
absl::flags
|
|
||||||
absl::str_format
|
absl::str_format
|
||||||
absl::strings
|
absl::strings
|
||||||
sandbox2::file_base
|
sandbox2::file_base
|
||||||
sapi::base
|
sapi::base
|
||||||
|
sapi::flags
|
||||||
sapi::raw_logging
|
sapi::raw_logging
|
||||||
)
|
)
|
||||||
|
|
|
@ -14,10 +14,10 @@
|
||||||
|
|
||||||
#include <cstdlib>
|
#include <cstdlib>
|
||||||
|
|
||||||
#include "absl/flags/internal/program_name.h"
|
|
||||||
#include "absl/strings/str_format.h"
|
#include "absl/strings/str_format.h"
|
||||||
#include "sandboxed_api/sandbox2/util/path.h"
|
#include "sandboxed_api/sandbox2/util/path.h"
|
||||||
#include "sandboxed_api/sandbox2/util/runfiles.h"
|
#include "sandboxed_api/sandbox2/util/runfiles.h"
|
||||||
|
#include "sandboxed_api/util/flag.h"
|
||||||
#include "sandboxed_api/util/raw_logging.h"
|
#include "sandboxed_api/util/raw_logging.h"
|
||||||
#include "tools/cpp/runfiles/runfiles.h"
|
#include "tools/cpp/runfiles/runfiles.h"
|
||||||
|
|
||||||
|
@ -28,8 +28,7 @@ namespace sandbox2 {
|
||||||
std::string GetDataDependencyFilePath(absl::string_view relative_path) {
|
std::string GetDataDependencyFilePath(absl::string_view relative_path) {
|
||||||
static Runfiles* runfiles = []() {
|
static Runfiles* runfiles = []() {
|
||||||
std::string error;
|
std::string error;
|
||||||
auto* runfiles =
|
auto* runfiles = Runfiles::Create(gflags::GetArgv0(), &error);
|
||||||
Runfiles::Create(absl::flags_internal::ProgramInvocationName(), &error);
|
|
||||||
SAPI_RAW_CHECK(runfiles != nullptr, "%s", error);
|
SAPI_RAW_CHECK(runfiles != nullptr, "%s", error);
|
||||||
|
|
||||||
// Setup environment for child processes.
|
// Setup environment for child processes.
|
||||||
|
|
|
@ -115,6 +115,14 @@ cc_test(
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Compatibility layer for Abseil's flags vs. gFlags
|
||||||
|
cc_library(
|
||||||
|
name = "flags",
|
||||||
|
hdrs = ["flag.h"],
|
||||||
|
copts = sapi_platform_copts(),
|
||||||
|
deps = ["@com_github_gflags_gflags//:gflags"],
|
||||||
|
)
|
||||||
|
|
||||||
# Small support library emulating verbose logging using Abseil's raw logging
|
# Small support library emulating verbose logging using Abseil's raw logging
|
||||||
# facility.
|
# facility.
|
||||||
cc_library(
|
cc_library(
|
||||||
|
|
|
@ -81,6 +81,15 @@ target_link_libraries(status_test PRIVATE
|
||||||
)
|
)
|
||||||
gtest_discover_tests(status_test)
|
gtest_discover_tests(status_test)
|
||||||
|
|
||||||
|
# sandboxed_api/util:flag
|
||||||
|
add_library(sapi_util_flags STATIC
|
||||||
|
flag.h
|
||||||
|
)
|
||||||
|
add_library(sapi::flags ALIAS sapi_util_flags)
|
||||||
|
target_link_libraries(sapi_util_flags PUBLIC
|
||||||
|
gflags
|
||||||
|
)
|
||||||
|
|
||||||
# sandboxed_api/util:raw_logging
|
# sandboxed_api/util:raw_logging
|
||||||
add_library(sapi_util_raw_logging STATIC
|
add_library(sapi_util_raw_logging STATIC
|
||||||
raw_logging.cc
|
raw_logging.cc
|
||||||
|
|
49
sandboxed_api/util/flag.h
Normal file
49
sandboxed_api/util/flag.h
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
// Copyright 2019 Google LLC. All Rights Reserved.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#ifndef SANDBOXED_API_UTIL_FLAG_H_
|
||||||
|
#define SANDBOXED_API_UTIL_FLAG_H_
|
||||||
|
|
||||||
|
#include <gflags/gflags.h>
|
||||||
|
|
||||||
|
#define ABSL_FLAG(type, name, default_value, help) \
|
||||||
|
DEFINE_##type(name, default_value, help)
|
||||||
|
#define ABSL_RETIRED_FLAG ABSL_FLAG
|
||||||
|
#define ABSL_DECLARE_FLAG(type, name) DECLARE_##type(name)
|
||||||
|
|
||||||
|
// Internal defines for compatility with gflags and standard integer types.
|
||||||
|
#define DECLARE_int32_t DECLARE_int32
|
||||||
|
#define DECLARE_int64_t DECLARE_int64
|
||||||
|
#define DECLARE_uint32_t DECLARE_uint32
|
||||||
|
#define DECLARE_uint64_t DECLARE_uint64
|
||||||
|
#define DEFINE_int32_t DEFINE_int32
|
||||||
|
#define DEFINE_int64_t DEFINE_int64
|
||||||
|
#define DEFINE_uint32_t DEFINE_uint32
|
||||||
|
#define DEFINE_uint64_t DEFINE_uint64
|
||||||
|
|
||||||
|
namespace absl {
|
||||||
|
|
||||||
|
template <typename T>
|
||||||
|
const T& GetFlag(const T& flag) {
|
||||||
|
return flag;
|
||||||
|
}
|
||||||
|
|
||||||
|
template <typename T>
|
||||||
|
void SetFlag(T* flag, const T& value) {
|
||||||
|
*flag = value;
|
||||||
|
}
|
||||||
|
|
||||||
|
} // namespace absl
|
||||||
|
|
||||||
|
#endif // SANDBOXED_API_UTIL_FLAG_H_
|
Loading…
Reference in New Issue
Block a user