StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
1,209 Commits 1 Branch 3 Tags 144 MiB
0caa3e740c
Commit Graph

1209 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Blichmann
7afaaa7c6a Jsonnet: Update with latest Sandboxed API changes 
This fixes some build issues due to changes in Sandboxed API and
upstream Jsonnet.

PiperOrigin-RevId: 423787176
Change-Id: Ia3b9eab6b96e2fca70531f998e441ace04f31e3e
 2022-01-24 05:13:03 -08:00
Wiktor Garbacz
e4436c87e8 Replace deprecate sapi:✌️:Proto ctor calls 
PiperOrigin-RevId: 423760615
Change-Id: Id05341221fb6413d8f89d38470a9bc02f9d09b77
 2022-01-24 02:10:05 -08:00
Wiktor Garbacz
3c16be8347 Replace deprecated readdir64_r 
Plain `readdir` is preferred and while not (yet) specified in POSIX it is thread-safe for different directory streams in popular implementations.

PiperOrigin-RevId: 423321528
Change-Id: I4e1e842f338ff7d690c36e7f699b2f3637609524
 2022-01-21 07:48:44 -08:00
Christian Blichmann
6fd650b736 Fix description for OsErrorMessage() 
PiperOrigin-RevId: 423075550
Change-Id: I14a36e3cb0cf7647d5845a0a834948f0c51f1d58
 2022-01-20 08:36:11 -08:00
Wiktor Garbacz
ae9432bc03 Internal change 
PiperOrigin-RevId: 423070471
Change-Id: I876ef8f1d2464383ac319e196c1ba64c46ea4201
 2022-01-20 08:09:53 -08:00
Wiktor Garbacz
5c9f01fe3c Move using declarations into unnamed namespace 
Also fully qualify

PiperOrigin-RevId: 423066722
Change-Id: Id4dffa21a790ce884db750b1965203f9b056b39f
 2022-01-20 07:51:29 -08:00
Wiktor Garbacz
4041fe824b Use the using declarations from ::testing 
PiperOrigin-RevId: 423042437
Change-Id: I9ddfacd597c65d3dc6e490201cce4b00678f18cf
 2022-01-20 05:16:01 -08:00
Wiktor Garbacz
4a945a1748 Replace deprecated calls 
PiperOrigin-RevId: 423037776
Change-Id: Id568d54854dde3778686b778648555e0b48204bc
 2022-01-20 04:40:23 -08:00
Wiktor Garbacz
38a1cb707f Switch unnecessary templated functions to regular 
PiperOrigin-RevId: 422764920
Change-Id: I44f487b2e114eb9e5ca68d29a7b21fa72917d6f1
 2022-01-19 02:37:53 -08:00
Christian Blichmann
baa1e570b4 CMake build: Skip examples/tests when used via add_subdirectory 
PiperOrigin-RevId: 422512365
Change-Id: I38c6b23d1b33b89346ccf6c6692d50f88c82212b
 2022-01-18 03:23:16 -08:00
Christian Blichmann
066af80c8b CMake build improvements 
- Check for Linux (Android TBD once that lands) and C++17
- Move `SAPI_HARDENED_SOURCE` check after compile options are evaluated
- Use a more modern way to set the required C++ standard, compatible with
  Abseil's `ABSL_PROPAGATE_CXX_STD`.
- Scope `-fno-exceptions` and `POSITION_INDEPENDENT_CODE` to SAPI targets
- Increase maximum stack frame size yet again

PiperOrigin-RevId: 422369190
Change-Id: If75405ee43740de90196f52cddc8938482eae851
 2022-01-17 08:17:07 -08:00
Wiktor Garbacz
a339850dbf Fix ::sapi:✌️:Char::ToString() 
Also make it correct with scoped enums.

PiperOrigin-RevId: 422310326
Change-Id: Ie2db81ec7c8d8ecd8d5fb79573bc9f5040fd8c3b
 2022-01-17 02:04:50 -08:00
Christian Blichmann
9229b3fa82 Fix -Wc++11-narrowing error with Clang introduced in 2546d9e 
PiperOrigin-RevId: 421784429
Change-Id: Ia5d09a980db39bc8d88373dc769cb5889417502d
 2022-01-14 03:40:01 -08:00
Sandboxed API Team
2546d9e85b Ability to inspect a syscall's return value. 
PiperOrigin-RevId: 421552017
Change-Id: I7103720723b5e5828f80731a724c5672895dfa54
 2022-01-13 06:49:19 -08:00
Sandboxed API Team
ebe4475348 Fix typo in log line that displayed decimals with 0x prefix 
PiperOrigin-RevId: 421547286
Change-Id: Ie088bb7871629db919f34f365eb9b6ab7fe65917
 2022-01-13 06:20:47 -08:00
Wiktor Garbacz
99b56fee19 Remove redundant glog dependency for sandbox2::sanitizer 
PiperOrigin-RevId: 421500119
Change-Id: I720a3efef52868099d388685abee45be887ba430
 2022-01-13 01:15:50 -08:00
Sandboxed API Team
85c8ae5125 Automated rollback of commit fac8713fbe. 
PiperOrigin-RevId: 421356226
Change-Id: I4a179aeed226e005449c980e11b049759dad3878
 2022-01-12 11:47:06 -08:00
Sandboxed API Team
fac8713fbe Ability to inspect a syscall's return value. 
PiperOrigin-RevId: 421300791
Change-Id: I93b7e97a532f82c2b077766e22fb2fe9effe6ba2
 2022-01-12 08:09:09 -08:00
Wiktor Garbacz
b0bc17e456 Fix Regs::SkipSyscallReturnValue for Aarch64 
Add a test.

PiperOrigin-RevId: 420271649
Change-Id: Ifc857ec5351a0fc70547c98f57c22cf792d5d9f9
 2022-01-07 05:26:26 -08:00
Christian Blichmann
d54338db3e Upgrade to libunwind 1.6.2 
PiperOrigin-RevId: 420066991
Change-Id: I71295329bc3648827f085c771a1164d1aaf02cab
 2022-01-06 08:26:05 -08:00
Christian Blichmann
21847a1ef1 Emulate PTRACE_GETREGSET in ptrace wrapper 
Newer versions of libunwind use `PTRACE_GETREGSET` to obtain register data.
This change should make it easier to upgrade the libunwind dependency.

PiperOrigin-RevId: 420057842
Change-Id: Ib9abbeff574e457009709715f912ba5962033c5d
 2022-01-06 07:33:13 -08:00
Christian Blichmann
0598ea4687 Remove Bazel workaround for fully_static_link 
The removed setting has been Bazel's default for a while now.

PiperOrigin-RevId: 419776665
Change-Id: I1f91708e244fc24cdc97dbf680ae6e54fb75bbb0
 2022-01-05 01:51:05 -08:00
Christian Blichmann
ba19e48d90 Fix C++ compiler option checks, increase max stack frame size 
The former fixes the actual compiler option checks in `CMakeLists.txt`.

The latter is to avoid a compiler warning in `sandboxed_api/sandbox2/util.cc`,
which needs a stack frame size bigger than pthread's default value (16K).

PiperOrigin-RevId: 419618052
Change-Id: Ieaf72a03bfad0853d774ce0548040e3f2a3ebbc0
 2022-01-04 09:49:21 -08:00
Sandboxed API Team
8d7a442b94 Update test to use sapi:✌️:Proto<>::FromMessage factory method 
The bare constructor is deprecated.

PiperOrigin-RevId: 419583946
Change-Id: I7647b74e7f4be65e0bbeba1c1393601ffa87fd80
 2022-01-04 07:01:28 -08:00
Copybara-Service
c3aa56ff37 Merge pull request #91 from cblichmann:main 
PiperOrigin-RevId: 419577353
Change-Id: Iab4f1234533ec402cb3f60975393c5df14217231
 2022-01-04 06:14:53 -08:00
Copybara-Service
88212456f1 Merge pull request #92 from cblichmann:02action-f35 
PiperOrigin-RevId: 419577239
Change-Id: I632cf658bcfa66daf870a18d8b240e02efa84851
 2022-01-04 06:14:07 -08:00
Christian Blichmann
7c02a04471
Add GitHub action for Fedora 35 and CMake 
Signed-off-by: Christian Blichmann <cblichmann@google.com>
 2022-01-04 14:55:37 +01:00
Christian Blichmann
3745d58587
filewrapper: _Exit instead of CHECK failing 
Raw `SAPI_RAW_PCHECK` may dump core, depending on environment settings
(issue #89).
This is undesirable in the face of invalid command-line arguments.

Signed-off-by: Christian Blichmann <cblichmann@google.com>
 2022-01-03 15:00:35 +01:00
Christian Blichmann
e5a810eef4 Update Google Benchmark dependency 
The newer version includes a fix for a compilation error on newer
systems (specfically, `benchmark_register.h` was missing an include
for the `limits` header).

PiperOrigin-RevId: 417814324
Change-Id: I43464cf48d7a7d3954acffdb78b284850ba60144
 2021-12-22 07:11:20 -08:00
Christian Blichmann
8b61945e93 Remove duplicate CMake variable 
PiperOrigin-RevId: 417812513
Change-Id: I1128ff3e94cba42d59d13ccfddf32d5b30082382
 2021-12-22 06:57:45 -08:00
Christian Blichmann
9d8e43f4d9 Update Googletest dependency 
This fixes a build warning about an uninitialized variable whiche turns into
an error in recent Clang versions.

PiperOrigin-RevId: 417768690
Change-Id: I5c3407d5e51a1411db8cc312e49694de0866eb45
 2021-12-22 01:08:00 -08:00
Christian Blichmann
aa3f60148c Do not run static test on AArch64 user mode emulation 
PiperOrigin-RevId: 417556328
Change-Id: Ib04b3c6bbe8e5fcece11652c7a751a319899b73c
 2021-12-21 00:17:22 -08:00
Wiktor Garbacz
3f5184770d Introduce util::CharPtrArray with proper ownership semantics 
Replace existing calls to VecStringToCharPtrArr

PiperOrigin-RevId: 417383812
Change-Id: Ibf9d878df5ada2cb3a0872f7ca7cab96c304a5c1
 2021-12-20 05:08:12 -08:00
Sandboxed API Team
a44e57e243 Update references to the new documentation 
PiperOrigin-RevId: 416317448
Change-Id: Ic148364e012405cc34840c12428cbd912ed377ae
 2021-12-14 09:03:29 -08:00
Christian Blichmann
11619a08f4 Remove SyscallInitializer 
PiperOrigin-RevId: 416231431
Change-Id: I83575ee3a51c348912f3d13db600d104ee927265
 2021-12-14 00:45:27 -08:00
Christian Blichmann
01ffc2a1c2 #Cleanup PolicyBuilder API using absl::Span 
PiperOrigin-RevId: 415979969
Change-Id: I23e00a48ce9ba14c480f8d137c6ae3981a238e13
 2021-12-13 01:31:59 -08:00
Christian Blichmann
354cbe89f9 Add more convenience functions to PolicyBuilder 
- Allow to specify multiple syscalls with `BlockSyscallsWithErrno()`
- Add functions to allow `unlink()` and `rename()` in all their spellings

PiperOrigin-RevId: 414987303
Change-Id: Ic0e680b785e8e3a3498f20e6a7403737e63fe876
 2021-12-08 06:41:21 -08:00
Sandboxed API Team
46c09e0024 Implement WaitForTsan on other sanitizers 
__sanitizer_sandbox_on_notify is not tsan specific.
It's empty for other sanitizers now, but we are going to need it soon.

PiperOrigin-RevId: 414873197
Change-Id: I251ac38e5c886980b4baa7f05306643599a25090
 2021-12-07 17:59:05 -08:00
Wiktor Garbacz
8979b47d7f Remove arg filter on rt_sigprocmask in AllowStaticStartup 
PiperOrigin-RevId: 414692179
Change-Id: If2a5f741ad38f626287988911b85bef7a711f80a
 2021-12-07 05:04:01 -08:00
Sandboxed API Team
8e8ce0955f Fix unwind module for Android-ARM64 
PiperOrigin-RevId: 414673588
Change-Id: Ib40e4f6b53692440591a1a1e9e069f974832f733
 2021-12-07 03:33:56 -08:00
Wiktor Garbacz
8562306c97 Add CloseAllFDsExcept test. 
Move VecStringToCharPtrArr before fork, so that it cannot deadlock when other thread holds allocation lock.

PiperOrigin-RevId: 414661912
Change-Id: Ie8aa5c36693e6f86c69d67a1da51b7e7ff1ec30b
 2021-12-07 02:23:23 -08:00
Wiktor Garbacz
4061666f44 Fix dependencies for sanitizer target 
PiperOrigin-RevId: 414659990
Change-Id: I25215d0f03cf998fee068ae7db91b7e438fcc4f5
 2021-12-07 02:13:15 -08:00
Sandboxed API Team
84c29dd3bb Relax the policy to allow stat (and possibly stat64). 
PiperOrigin-RevId: 414480521
Change-Id: If0ffca2141589ea3cf0dec4b0524c50ca37489b4
 2021-12-06 10:23:31 -08:00
Christian Blichmann
60eb52c17f Explicitly narrow size argument for BPF 
This fixes a build error introduced in 26da6e6b0a.

PiperOrigin-RevId: 414408033
Change-Id: Ic34d5eeba3bb34f9a5ce46a05547129fbab8bce0
 2021-12-06 04:51:28 -08:00
Wiktor Garbacz
4e6cafa934 Readd function comment removed by mistake 
PiperOrigin-RevId: 414406963
Change-Id: Id8155b67ce063a9171b70e24b58d407415b30e78
 2021-12-06 04:43:32 -08:00
Wiktor Garbacz
245a8c7650 Remove deprecated AddTmpfs 
PiperOrigin-RevId: 414387983
Change-Id: I872c2f3bc1ccaf7a20d7ab97a5cb104d4f096a3f
 2021-12-06 02:36:02 -08:00
Wiktor Garbacz
2a67805a13 Add prlimit64 to AllowLogForwarding 
PiperOrigin-RevId: 414385430
Change-Id: I4e70d25f886f1ef65fab1b62c67e80eb45407bc7
 2021-12-06 02:19:03 -08:00
Chris Kennelly
e61a84979a Internal change 
PiperOrigin-RevId: 413954176
Change-Id: Ie07c1c8d96019e1605ea3b9ed58030754954ee97
 2021-12-03 09:34:32 -08:00
Wiktor Garbacz
e4ef46631d Replace raw_logging with regular logging in Monitor 
PiperOrigin-RevId: 413928700
Change-Id: I0bc4dd86b45c0ddd679a435003fbad2aea27fbf2
 2021-12-03 07:17:36 -08:00
Wiktor Garbacz
2fa92bf47c Internal change 
PiperOrigin-RevId: 413911008
Change-Id: I59cdac60c092f31fb487f032b3489341c0ba626a
 2021-12-03 05:21:01 -08:00