This is a work in progress:
- Syscall tables need work
- Only tested on real hardware using one of our test hosts
As a drive-by, this change also enables the open source version to function on
POWER.
Another side-effect of this change is that the default policies no longer
check for different host architectures at runtime. On x86_64, we do not need
to check for PPC or AArch64 specifice and vice versa.
PiperOrigin-RevId: 331137472
Change-Id: Ic6d6be5cbe61d83dbe13d5a0be036871754b2eb8
This allows us to remove some uses of macros.
Related changes:
- Make it clear that we support hosting sandboxed binaries from 64-bit
processes only. CPU architectures are x86-64 and POWER64 (little endian).
- Introduced CPU architecture macros, abstracting away compiler specifics
PiperOrigin-RevId: 330918134
Change-Id: Ife7ad5f14723eec9f68055127b0583b8aecd38dd
This removes our own fork of `absl::StatusOr<>`. Sandboxed API still includes
a custom matcher for Googletest, as that is not open source yet. For
compatibility, the `statusor.h` header is still retained and now aliases
`sapi::StatusOr<>` to `absl::StatusOr<>`.
PiperOrigin-RevId: 329916309
Change-Id: I0544b73a9e312dce499bc4128c28457e04ab9929
- Use default initialization
- Rely on `static_assert()` and use `if constexpr` when checking SAPI
variable type
- Small style fixes
PiperOrigin-RevId: 322107281
Change-Id: I48cf43f354b60e31e6207552dbbfa16e3acd5615
- Drop `delim` argument from the `GetStackTrace()` family of functions.
We only ever used plain spaces.
- Use an `std::vector<std::string>` for the symbolized stack frames and
adjust the unwind proto accordingly.
This change now prints each stack frame on its own line while skipping
duplicate ones:
```
I20200717 11:47:16.811381 3636246 monitor.cc:326] Stack trace: [
I20200717 11:47:16.811415 3636246 monitor.cc:337] map:/lib/x86_64-linux-gnu/libc-2.30.so+0xceee7(0x7fb871602ee7)
I20200717 11:47:16.811420 3636246 monitor.cc:337] Rot13File+0x130(0x55ed24615995)
I20200717 11:47:16.811424 3636246 monitor.cc:337] ffi_call_unix64+0x55(0x55ed2461f2dd)
I20200717 11:47:16.811429 3636246 monitor.cc:337] map:[stack]+0x1ec80(0x7ffee4257c80)
I20200717 11:47:16.811455 3636246 monitor.cc:339] (last frame repeated 196 times)
I20200717 11:47:16.811460 3636246 monitor.cc:347] ]
```
PiperOrigin-RevId: 322089140
Change-Id: I05b0de2f4118fed90fe920c06bbd70ea0d1119e2
This way, one can just run `ctest .` in the build directory and it will only
run Sandboxed API and Sandbox2 tests.
PiperOrigin-RevId: 321342543
Change-Id: I42537e64bfb3127dca00bd92a3f7b35ca64004d9
Initializing `absl::Span`s like by assigning them from a temporary
array leaves them pointing to invalid data. Due to the way the linker
initializes these constant tables, _most_ of them will still be valid
_most_ of the time, leading to crashes when running sandboxees with the
`--sandbox2_danger_danger_permit_all_and_log` option.
PiperOrigin-RevId: 321112099
Change-Id: I891118da08cbb6000b3e2e275618bc4edaa1d020
Bazel 3.x now requires specifying `commit`, `tag` or `branch` in its
`git_repository` rule.
PiperOrigin-RevId: 320572176
Change-Id: I81048d997f595202f4dfbd3c1e9c8321240a28a3
Otherwise ExecuteProcess is implicitly `[[noreturn]]` and this
might cause policy violations in `__asan_handle_no_return`
for ASAN builds.
PiperOrigin-RevId: 319203128
Change-Id: I5c8ba71ce88261f803aa3f16730eccea0d803dd1
This is done by simply building libffi in-tree. Normally, this is not
desirable, but in our case is actually ok, as this is an external
dependency to be pulled in and cleaning the source tree is easy in this
case.
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
--
fd2e99fa87c34f2fb1a20052c030ad7a4139b4e1 by Christian Blichmann <mail@blichmann.eu>:
Support LLVM >= 7.0.1 in Clang based header generator
This change glosses over small API changes introduced since LLVM/Clang
7.0.1, which ships with Debian Stable "Buster". Ubuntu 18.04 LTS "Bionic"
also shipped this (and subsequently updated to version 9).
Hence, compiling the generator should now work on all reasonable Debian
based distributions.
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/sandboxed-api/pull/44 from cblichmann:20200609-llvm-version-compat fd2e99fa87c34f2fb1a20052c030ad7a4139b4e1
PiperOrigin-RevId: 315637014
Change-Id: I6585041d8bebade15e44c057b1a69287bbc0e733
The "hello_sapi" example lives in a different WORKSPACE as it is intended to
show how to embed SAPI in your own projects. However, this is not compatible
with simply running `bazel build //sandboxed_api/...` after checkout.
This change simply replace `copts = ["-I."]` with `includes = ["."]`, so that
generated headers can be found reliably, regardless of how the example is
compiled.
PiperOrigin-RevId: 313782756
Change-Id: Iac26e828146b01545c81d9500f5f68fa0f2d4ddf
- Extract dependent types directly from the Clang AST and re-serialize
back into compilable code
- Collect types and emit diagnostics
- Format generated code
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
This change contains a "hello world"-style example library to be
sandboxed. It consists of a stand-alone CMake and Bazel project that
uses Sandboxed API as its dependency.
To use Sandboxed API in an external project, it should be enough to
copy the files in the `sandboxed_api/examples/hello_sapi` directory
as a starting point.