StarMirror
/
sandboxed-api
mirror of https://github.com/google/sandboxed-api
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,402 Commits
1 Branch
3 Tags
144 MiB
Commit Graph

924 Commits (main)

Author SHA1 Message Date
Christian Blichmann 64ed644f73 Include-what-you-use fix 
PiperOrigin-RevId: 613568060
Change-Id: Ic81d933b7d16a2dc2ec06d3c2fd127713e608602
 2024-03-07 06:49:05 -08:00
Sandboxed API Team c6bab97690 Added more descriptive Syscall argument types, and an API for introspecting arguments. 
PiperOrigin-RevId: 612904089
Change-Id: Ia0ef7b0559f7eed923981b13fa8224bc891e8c37
 2024-03-05 11:07:06 -08:00
Sandboxed API Team 1f390c279e Adding API for getting the current PolicyBuilder status. 
PiperOrigin-RevId: 612892145
Change-Id: Iaf36e1c1064bac080b0115480212067d96756a2b
 2024-03-05 10:35:54 -08:00
Wiktor Garbacz c8a26fbfa0 Replace usages of deprecated `sapi:✌️:NullPtr` 
PiperOrigin-RevId: 611463218
Change-Id: Id3002f03bff9407c670d6656550b1aa518b7fe58
 2024-02-29 07:25:33 -08:00
Oliver Kunz 86e356b7ee Add `Sandbox::AllocateAndTransferToSandboxee` utility function. 
Create a utility function to copy a hostcode local buffer into the sandboxee. This combines the following steps into one API call:

1) Create a SAPI variable backed with the hostcode local buffer
2) Allocate the SAPI variable in the sandboxee's memory space
3) Transfer the SAPI variable into the sandboxee's memory space

The function returns a `std::unique_ptr` wrapped `sapi:✌️:RemotePtr` which points to the address of the buffer in the sandboxee's memory space.

PiperOrigin-RevId: 611151615
Change-Id: Ie5012bf17826614395d2056d560689fd9e429d75
 2024-02-28 10:39:15 -08:00
Kevin Hamacher 180aa03603 Internal change 
PiperOrigin-RevId: 611097384
Change-Id: Ib4189548bc08e12807e74143591c3ff341d105d4
 2024-02-28 07:37:06 -08:00
Wiktor Garbacz e7c5de0db8 Fix `sapi:✌️:Proto<T>::FromMessage` 
PiperOrigin-RevId: 611076146
Change-Id: I60edf17b83e0ded8ed62aeebba45b6401bac8e53
 2024-02-28 06:01:30 -08:00
Wiktor Garbacz f7f4cdb458 More complete error handling in `SerializeProto` 
PiperOrigin-RevId: 611073556
Change-Id: Id29c3dbe15bb55c7d4e68d9a3e1c82327af0ad23
 2024-02-28 05:47:15 -08:00
Wiktor Garbacz 2430bc8ae8 Use sandboxed libunwind also with sanitizers 
PiperOrigin-RevId: 610710893
Change-Id: Iea2c103e88a848b40c5c5cbf3c9f6b9d7bf166db
 2024-02-27 04:36:56 -08:00
Oliver Kunz 2cacad6008 var_abstract: Use the string representation of Type. 
At the moment some Status and Log messages log the var Type enum which will just be an integer. Change this to use the string representation of the enum type.

PiperOrigin-RevId: 608954450
Change-Id: I24447320b5f6f9f8ed22c91ca41f602bdf2ddbb8
 2024-02-21 05:11:57 -08:00
Wiktor Garbacz 008b45c9b7 PolicyBuilder: ignore duplicate calls to more complex helpers 
PiperOrigin-RevId: 608318563
Change-Id: I3db1dd4e4a8d83a8069b68f1e84a1a8b7277bcdc
 2024-02-19 06:14:02 -08:00
Wiktor Garbacz 34f129dc51 Comms: Always use the inline buffer 
PiperOrigin-RevId: 606974170
Change-Id: I5f384bfd1b0cd5fecf493162bc40f17860b5975b
 2024-02-14 07:12:51 -08:00
Oliver Kunz 4f93af65e6 Improve documentation of `TransferToSandboxee()` and `TransferFromSandboxee()`. 
PiperOrigin-RevId: 606209322
Change-Id: I84e41671e7fa83d330d9217f45d4b61aed991d0d
 2024-02-12 04:21:32 -08:00
A. Cody Schuffelen f708270f35 Add `DefaultAction(TraceAllSyscalls)` variant to `PolicyBuilder` 
This helps write the kind of 'log, but allow' policy described in
[`notify.h`](b9c84a1f75/sandboxed_api/sandbox2/notify.h (L57)) for all system calls not mentioned explicitly. One use case is writing a "permissive mode" runtime to give more information during development.

PiperOrigin-RevId: 603766051
Change-Id: I3c72f433a1e21c330b5dd9f1ede2faa570b75b09
 2024-02-02 13:01:37 -08:00
Wiktor Garbacz 044ba1cb90 Return ENOSYS instead of hard denying clone3 
It's currently not possible to properly inspect arguments of clone3 via seccomp.
As userspace (notably glibc) started using clone3, other sandbox solutions (e.g. in Firefox and Chrome) switched to returning ENOSYS for that syscall, which usually will result in libraries falling back to clone/clone2.

PiperOrigin-RevId: 603332131
Change-Id: If2483f6f42eca46e1c8958ef17ca3c02fa82b658
 2024-02-01 04:39:02 -08:00
Wiktor Garbacz 29a3b8cd39 Add AllowAccess to SAPI's default policy 
The syscalls are fairly common and low risk.

PiperOrigin-RevId: 603312020
Change-Id: Id06bddc4e7fcc879cad567361ae5b0bad9533142
 2024-02-01 02:51:48 -08:00
Chris Kennelly b9c84a1f75 Allow restartable sequences access to poll. 
This is used as part of reading the proc files that tell us how many CPUs are
present.

PiperOrigin-RevId: 602953725
Change-Id: I0b64c8d3992119bb956d262cd0f39500a680cc60
 2024-01-30 23:48:37 -08:00
Chris Kennelly 0e98cceb32 Permit TCMalloc to use MAP_FIXED_NOREPLACE. 
PiperOrigin-RevId: 602616926
Change-Id: I6337f740baebea6f8c63622a502a200c6f7bdb47
 2024-01-29 23:13:59 -08:00
Oliver Kunz f2840b37a3 NullPtr: Change SAPI to accept regular `nullptr` for sandboxed API calls. 
This change allows to use a `nullptr` instead to having to instantiate a `sapi:✌️:NullPtr` object.

```
sapi:✌️:NullPtr null;
SAPI_RETURN_IF_ERROR(api.testNullPtr(&null);
```

Becomes:

```
SAPI_RETURN_IF_ERROR(api.testNullPtr(nullptr);
```

PiperOrigin-RevId: 602333882
Change-Id: Ie2517dbedab8c514d7a102c4ef4bad90b34a219d
 2024-01-29 03:23:45 -08:00
Wiktor Garbacz fa5360351b Use `absl::string_view` consistently 
PiperOrigin-RevId: 600363060
Change-Id: I14e4b78c90d1f66e6b429436b09fad9dcd0f2cfc
 2024-01-21 23:42:32 -08:00
Sandboxed API Team 25cfb5ef03 Adding missing syscalls to the syscall tables. 
PiperOrigin-RevId: 599971082
Change-Id: Icbec577ccf30a3868e4ac6ec356c3544c3d86aab
 2024-01-19 16:46:15 -08:00
Sandboxed API Team 824d894822 Make sandbox2::SyscallTable::GetEntry public and add new helper GetEntries. 
PiperOrigin-RevId: 599967495
Change-Id: Iae524c2c9b2829cbdcd51117134223d08e993a01
 2024-01-19 16:28:20 -08:00
Wiktor Garbacz 28b45670c2 Allow `sched_getaffinity` in `AllowLlvmSanitizers` 
Otherwise sanitizers might CHECK-fail at `pthread_getattr_np` call.

PiperOrigin-RevId: 598809849
Change-Id: I221b25ecc640672586acfa350e2748769e38c70c
 2024-01-16 05:18:55 -08:00
Wiktor Garbacz fbfc2b9eac Handle `prlimit64` in `Allow*RLimit` 
PiperOrigin-RevId: 598794581
Change-Id: If7898294aab1cf77f9b8007e4a9dc8bd74449f9b
 2024-01-16 04:00:31 -08:00
Sandboxed API Team 9a06f3ac0c Change the order of including system include paths. 
PiperOrigin-RevId: 596657109
Change-Id: I4a50253561cf251b271623c607769e14e66a3de2
 2024-01-08 11:39:17 -08:00
Chris Kennelly a56660f542 Allow restartable sequences' mmaps to name their VMAs. 
PiperOrigin-RevId: 596593499
Change-Id: Ice231b633758667947ec31da5c22f146847e6c6f
 2024-01-08 07:57:34 -08:00
Sandboxed API Team fc610b7c7a Fix UB caused by uninitialized value. 
PiperOrigin-RevId: 595332410
Change-Id: I88ca3e826853b8731e2c9a0c8b327cf13aeca046
 2024-01-03 01:48:45 -08:00
Wiktor Garbacz 1339d0b7f2 Remove unneeded include 
PiperOrigin-RevId: 594408507
Change-Id: I7bbfa0c47243755ae8bc0a6f69efe66d881076a1
 2023-12-29 01:30:29 -08:00
Wiktor Garbacz 52babc15d4 logserver: Support non-UTF8 log messages 
PiperOrigin-RevId: 594244338
Change-Id: Icc6bf1bea0dd8ad62e6fa274979cecd01e9b8283
 2023-12-28 06:35:09 -08:00
Sandboxed API Team e5370e93ca Minor cleanups, no functional change. 
PiperOrigin-RevId: 594091580
Change-Id: Id870592374069840fedf51cd228c9ed2f84b7542
 2023-12-27 13:39:58 -08:00
Wiktor Garbacz 36e4b80f9a Introduce and prefer `AllowMmapWithoutExec` 
PiperOrigin-RevId: 593968486
Change-Id: I4f7d4d8a6f593d94c0a7e7672826074c4cefc230
 2023-12-27 02:51:13 -08:00
Oliver Kunz 1255f57108 Provide an option to use the unotify monitor instead of the ptrace monitor. 
PiperOrigin-RevId: 590847415
Change-Id: I45b1c392e108694f990a9762a2077e19d72f7b05
 2023-12-14 00:48:21 -08:00
Wiktor Garbacz 0a992b683f Add special handling for global forkserver 
PiperOrigin-RevId: 590533638
Change-Id: Ibbb7685c58bae0ebf340eaa0186ecc794a5a5fea
 2023-12-13 03:34:22 -08:00
Wiktor Garbacz d95df64ebb Add a test for custom forkserver 
PiperOrigin-RevId: 590187497
Change-Id: I9e2d4a2ed585a78bd3cb44b3f78d91afd527f6ab
 2023-12-12 06:53:33 -08:00
Oliver Kunz 39e49549e6 The current implementation of `Sandbox::Terminate` results in timeout's being reported to coroner in cases where a Restart or Terminate with graceful exit is requested. 
This change requests an exit from the sandboxee and then awaits the result either with a timeout of 1 second (the grace period) or else with infinite duration - which would then report the timeout again.

PiperOrigin-RevId: 589128986
Change-Id: Icc948b37f13f46af907fd1eab649cabb5ed50b25
 2023-12-08 07:48:18 -08:00
Wiktor Garbacz 19d8f4729a Add clone3 to syscall defs 
PiperOrigin-RevId: 588688163
Change-Id: I7f309c8d05ca1bce5ddf160d1a33203b17317697
 2023-12-07 00:46:35 -08:00
Dmitri Gribenko 4d34bdb145 Integrate LLVM at llvm/llvm-project@3287ae8f65 
Updates LLVM usage to match
[3287ae8f6520](https://github.com/llvm/llvm-project/commit/3287ae8f6520)

PiperOrigin-RevId: 586379104
Change-Id: Id69e27932def712bbb0f4a58112dfeb5b4f76275
 2023-11-29 10:14:05 -08:00
Wiktor Garbacz 5ed720eeb1 SAPI_RAW_CHECK expects NUL-terminated strings 
PiperOrigin-RevId: 586244294
Change-Id: I85492eb2f4833a1b31312981265ad3d715dfaa72
 2023-11-29 01:03:45 -08:00
Oliver Kunz a0ba1c520f Enable the ability to change the sandboxee's malloc implementation. The default is set to "@bazel_tools//tools/cpp:malloc", which is also the default for Bazel's cc_binary [1]. 
[1] https://bazel.build/reference/be/c-cpp#cc_binary

PiperOrigin-RevId: 583081047
Change-Id: I08e7f6d0dffb1926e7bf9a9a96a7d6727d4cd3d6
 2023-11-16 10:01:21 -08:00
Wiktor Garbacz 15fb5b9608 Allow sigaltstack 
`absl::GetStackTrace` on Aarch64 since
bb7bbb12c7 will call sigaltstack.

PiperOrigin-RevId: 581914257
Change-Id: I316bdd64d1cef8a6327838681bda0067a0dc50fc
 2023-11-13 04:22:29 -08:00
Wiktor Garbacz bc3c0ec17a Internal change 
PiperOrigin-RevId: 581252235
Change-Id: I4de5fa0af11daa087172a81d2f81d51b51b1bace
 2023-11-10 07:27:10 -08:00
Wiktor Garbacz 1bad376e42 Block `sigaltstack` with `ENOSYS` by default 
`absl::GetStackTrace` on Aarch64 since
bb7bbb12c7 will call sigaltstack.
`absl::Mutex` in debug mode uses `absl::GetStackTrace` causing many new syscall violations. An error in the sigaltstack should be tolerated, so this will fix the issue without opening up the policy too much.

PiperOrigin-RevId: 580885547
Change-Id: I1acf28bff0e2f6f236a262c0ca8fa74a6c57fada
 2023-11-09 06:32:16 -08:00
Sandboxed API Team 6f90a6ef2a don't drop CAP_SYS_PTRACE as it is apparently needed by sandbox 
running as root when combined with apparmor (or possibly yama) LSM

PiperOrigin-RevId: 578762678
Change-Id: I60803b4ed78c6750f8ce0e0c909e5cec4f619da8
 2023-11-02 00:42:33 -07:00
Sandboxed API Team 79ab44c981 drop almost all capabilities during sandbox creation 
PiperOrigin-RevId: 578096197
Change-Id: I900cfab378f0069e8daac60b5eb41c5eb7401692
 2023-10-31 01:31:41 -07:00
Wiktor Garbacz 4630346fd1 Fix unaligned load 
PiperOrigin-RevId: 577106224
Change-Id: Icd0e113031d367fa30557d4e77571abc78e8e378
 2023-10-27 00:35:10 -07:00
Wiktor Garbacz 0940a9ee4a Export `config.h` from `syscall.h` for `sapi::cpu::Architecture` 
PiperOrigin-RevId: 569433347
Change-Id: I49b031d46f426f23cbf4556f8e22a69d6adc2c74
 2023-09-29 02:32:49 -07:00
Wiktor Garbacz 37a7432178 Remove deprecated comms functions 
PiperOrigin-RevId: 568510723
Change-Id: I517d739e44cb61eec8b0fd9fe6aa473e1bb8ec06
 2023-09-26 05:45:27 -07:00
Wiktor Garbacz fadfa79d7a Add missing return 
PiperOrigin-RevId: 568125662
Change-Id: If9d4990de32c9503a2b78393b944d6bcb58c5477
 2023-09-24 23:47:01 -07:00
Sandboxed API Team ee7b76f592 Automated rollback of commit 4ae281b6a2. 
PiperOrigin-RevId: 567287128
Change-Id: Ia12646e9ad1ebc94f6e26ae1b893b885c0908ca9
 2023-09-21 06:17:56 -07:00
Wiktor Garbacz 4ae281b6a2 Remove deprecated comms functions 
PiperOrigin-RevId: 567239465
Change-Id: Ic890404fa8b7e9797b2399a3b346c1339fbe133a
 2023-09-21 02:31:16 -07:00