Commit Graph

20 Commits

Author SHA1 Message Date
Christian Blichmann
354cbe89f9 Add more convenience functions to PolicyBuilder
- Allow to specify multiple syscalls with `BlockSyscallsWithErrno()`
- Add functions to allow `unlink()` and `rename()` in all their spellings

PiperOrigin-RevId: 414987303
Change-Id: Ic0e680b785e8e3a3498f20e6a7403737e63fe876
2021-12-08 06:41:21 -08:00
Christian Blichmann
221e929018 Include shell-based tests in OSS builds
These were previously dependent on an internal-only testing target.

For now, this only works with Bazel, but should enable us to have better test coverage in GitHub actions.
Eventually, all of these shell-based tests should be converted to `cc_test`s.

PiperOrigin-RevId: 400713615
Change-Id: I1cabb5b72977987ef4a1803480f699b58c4d56e9
2021-10-04 07:18:36 -07:00
Christian Blichmann
98e590463b Internal change
PiperOrigin-RevId: 400144449
Change-Id: Ic0cbd6a3b27012cfb406694bdf2944a5b9905580
2021-10-04 07:18:06 -07:00
Sandboxed API Team
fb81c00fd1 Replace auto with explicit type declarations
PiperOrigin-RevId: 399419917
Change-Id: I4b7acd8ab6e2542e2971b29bed0745378b2b6743
2021-09-28 05:50:57 -07:00
Christian Blichmann
55a8373ec3 Avoid sanitizer macros use Abseil's where necessary
Using C++17 means we can get rid of many `#ifdef`s by using `if constexpr`.
This way, we ensure that both branches compile and still retain zero runtime
overhead.

Note that open source builds of Sandboxed API do not ship with sanitizer
configurations yet. This will be added in follow-up changes.

PiperOrigin-RevId: 354932160
Change-Id: I3678dffc47ea873919f0a8c01f3a7d999fc29a5b
2021-02-01 07:11:15 -08:00
Christian Blichmann
19fd11b91e Move GetInternalDataDependencyFilePath() into internal namespace
Implements #79

PiperOrigin-RevId: 351778836
Change-Id: I726837d8e75880bf5ddfb1a327249dd666adec53
2021-01-14 05:11:22 -08:00
Christian Blichmann
dbaf95c724 Move utility code into sandboxed_api/util
This change should make it less confusing where utility code comes from.
Having it in two places made sense when we were debating whether to publish
Sandbox2 separately, but not any longer.

Follow-up changes will move `sandbox2/util.h` and rename the remaining
`sandbox2/util` folder.

PiperOrigin-RevId: 351601640
Change-Id: I6256845261f610e590c25e2c59851cc51da2d778
2021-01-13 09:25:52 -08:00
Anton D. Kachalov
0e8d16e011 Enable shared libraries build and cross-compilation
This allows resource-constrained environments to benefit from the
space savings of dynamic linking. This is not meant to be used in
the general case.

PiperOrigin-RevId: 347398828
Change-Id: Ia634959148a31159878f48c44255dd733424a2b8
2020-12-14 09:16:14 -08:00
Wiktor Garbacz
742fafa433 Prefixed (unique) names for executables in cmake
PiperOrigin-RevId: 347335966
Change-Id: Ic8cc22b882fa489d37b636406a1a5fe51745d808
2020-12-14 01:13:31 -08:00
Christian Blichmann
21f7373e76 Initial changes to support AArch64
This is a work in progress:
- Syscall tables need work
- Only tested on real hardware using one of our test hosts

As a drive-by, this change also enables the open source version to function on
POWER.

Another side-effect of this change is that the default policies no longer
check for different host architectures at runtime. On x86_64, we do not need
to check for PPC or AArch64 specifice and vice versa.

PiperOrigin-RevId: 331137472
Change-Id: Ic6d6be5cbe61d83dbe13d5a0be036871754b2eb8
2020-09-11 06:34:27 -07:00
Christian Blichmann
441201884a Update license header with recommended best practices
PiperOrigin-RevId: 290250533
Change-Id: Ic34b253446463cf971a055b70a242df93a598ee3
2020-01-17 05:05:29 -08:00
Christian Blichmann
c6b8e301e4 This fixes broken _proto_cc_cc_proto build target suffixes.
These where inadvertently introduced in an internal cleanup change.

This change also removes a C++17-ism in var_proto.h. To make things easier for
downstream projects, we should stick to C++11 for the time being.

PiperOrigin-RevId: 271117700
Change-Id: I4eaacec88be16e1a561d3f77a61acce0a1af0b9d
2019-09-25 07:13:58 -07:00
Wiktor Garbacz
d6ca9d9564 Use proper return code for static_sandbox example
Also bump FSIZE limit to make it less likely to fail.

PiperOrigin-RevId: 268857718
Change-Id: I955ed4a10d8a49585ae330ab668a0bd891bb6ed6
2019-09-13 01:22:36 -07:00
Wiktor Garbacz
2e22b13b39 Enable namespaces by default
PiperOrigin-RevId: 268417712
Change-Id: I496d76e8a90665627b9be2bb5f9872a5df1c84e4
2019-09-11 02:39:49 -07:00
Christian Blichmann
dfbfb5cc43 Add CMake builds for the examples
PiperOrigin-RevId: 252045309
Change-Id: I57ffc3debbe64010b1f20b2e6df900b9916fa37f
2019-06-07 07:27:33 -07:00
Christian Blichmann
9b78e331fa Use newer gflags namespace for command-line flags
PiperOrigin-RevId: 251639941
Change-Id: I3037ce9510a3bc62cf5c899c64f2e7d344a8b4ee
2019-06-05 07:39:38 -07:00
Christian Blichmann
ffd4e1270a Internal change
PiperOrigin-RevId: 251590551
Change-Id: Ic69f8f5f798006c0d096357b7a746cdc4ce530a3
2019-06-05 00:26:14 -07:00
Christian Blichmann
5f3c7171b7 Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44
PiperOrigin-RevId: 247424939
Change-Id: I22a4696f705f9dcfa7394b329c78bd126f42bd16
2019-05-09 07:57:55 -07:00
Christian Blichmann
7800fd7402 Disable compiler warnings for consistency with internal settings.
PiperOrigin-RevId: 247405215
Change-Id: I236170f7b47d9ecd32324db907ef7afc2e797d9a
2019-05-09 05:21:34 -07:00
Christian Blichmann
177b969e8c
Sandboxed API OSS release.
PiperOrigin-RevId: 238996664
Change-Id: I9646527e2be68ee0b6b371572b7aafe967102e57

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2019-03-18 19:00:48 +01:00