Create a utility function to copy a hostcode local buffer into the sandboxee. This combines the following steps into one API call:
1) Create a SAPI variable backed with the hostcode local buffer
2) Allocate the SAPI variable in the sandboxee's memory space
3) Transfer the SAPI variable into the sandboxee's memory space
The function returns a `std::unique_ptr` wrapped `sapi:✌️:RemotePtr` which points to the address of the buffer in the sandboxee's memory space.
PiperOrigin-RevId: 611151615
Change-Id: Ie5012bf17826614395d2056d560689fd9e429d75
CRIU while restoring memfd sometimes reopens them, which might result in ETXTBUSY on execveat.
PiperOrigin-RevId: 553114741
Change-Id: I11ee7aabe48a2853a8921a270c6cdcc70b50a518
This should only affect the Bazel `BUILD.bazel` files and their formatting.
PiperOrigin-RevId: 538426054
Change-Id: I0162726d3fb4bcb4d7938cddc6f39e0d9f2b4a3d
Running with a permissive test policy should not interfere with sanitizers
or coverage.
Most tests should run with such a permissive policy.
The exception are tests which actually tests policy enforcement.
PiperOrigin-RevId: 513548936
Change-Id: I9a4c2cc8074997cff08cc22d15f4736219ce4d63
Follow-up changes might be required to fully fix up the contrib sandboxes.
PiperOrigin-RevId: 482475998
Change-Id: Iff631eb838a024b2f047a1be61bb27e35a8ff2f4
Instead of calling `google::InitGoogleLogging()` directly, introduce an
indirection via a new utility library. After this change, Sandboxed API
should consistently use `sapi::InitLogging()` everywhere.
For now, `sapi::InitLogging()` simply calls its glog equivalent. However,
this enables us to migrate away from the gflags dependency and use Abseil
flags. Once a follow-up change lands, `sapi::InitLogging()` will instead
initialize the google logging library with flags defined from Aseil.
Later still, once Abseil releases logging, we can then drop the glog
dependency entirely.
PiperOrigin-RevId: 445363592
Change-Id: Ia23a7dc88b8ffe65a422ea4d5233bba7bdd1303a
This change is a first step to make the SAPI variable hierarchy more sensible.
It turns the `Reg<T>` class into a descendant of `Pointable`, but without
making its `PtrXXX()` methods public (hence the `using` statements). Further
changes are needed to restructure this.
There are no functional changes and the class sizes, including vtables, should
not change.
PiperOrigin-RevId: 413333120
Change-Id: I90ceeaeb7aea482016f8f4bee81489d5a9db9ade
This is mainly so that the structure of the examples follows what we do
internally (not having separate directories).
PiperOrigin-RevId: 402298115
Change-Id: I0f542607b88597572de39532364816f80a076697
This was missing a friend declaration in order to actually compile.
It's now being used in the "stringop" example, so we test it as well.
Drive-by:
- Do not copy the proto's bytes the constructor, but use `std::move`
PiperOrigin-RevId: 387774353
Change-Id: Ic8824af911ac744e2e68130e1f4673c4dddd4939
On x86 `long double` has 10 bytes of meaningful data, but `sizeof(long double)` is 16 - the remaining bytes are random garbage.
Roll forward after fixing a bug in the original commit.
PiperOrigin-RevId: 368170639
Change-Id: I4a1d2d95b92eed6b71c37145726f7320cfc00ba0
On x86 `long double` has 10 bytes of meaningful data, but `sizeof(long double)` is 16 - the remaining bytes are random garbage.
PiperOrigin-RevId: 367423349
Change-Id: I769b3444ce4fa60f941ccd2115b0b09ccc809f13
Using C++17 means we can get rid of many `#ifdef`s by using `if constexpr`.
This way, we ensure that both branches compile and still retain zero runtime
overhead.
Note that open source builds of Sandboxed API do not ship with sanitizer
configurations yet. This will be added in follow-up changes.
PiperOrigin-RevId: 354932160
Change-Id: I3678dffc47ea873919f0a8c01f3a7d999fc29a5b
This change should make it less confusing where utility code comes from.
Having it in two places made sense when we were debating whether to publish
Sandbox2 separately, but not any longer.
Follow-up changes will move `sandbox2/util.h` and rename the remaining
`sandbox2/util` folder.
PiperOrigin-RevId: 351601640
Change-Id: I6256845261f610e590c25e2c59851cc51da2d778
If the sandboxer calls `IPC::EnableLogServer()` (and modifies the sandbox policy
accordingly), sandbox logs will be sent back to the sandboxer.
PiperOrigin-RevId: 340663308
Change-Id: I5e8d89314178dfd1b49fc25b8cd2dd02642be43a
These where inadvertently introduced in an internal cleanup change.
This change also removes a C++17-ism in var_proto.h. To make things easier for
downstream projects, we should stick to C++11 for the time being.
PiperOrigin-RevId: 271117700
Change-Id: I4eaacec88be16e1a561d3f77a61acce0a1af0b9d
Oliver Kunz
Wiktor Garbacz
Christian Blichmann
Sandboxed API Team
Peter Lundblad
Kevin Hamacher