Commit Graph

518 Commits

Author SHA1 Message Date
Sandboxed API Team
9ee3a26e8b Delete deprecated ::sandbox2::Sandbox2::GetPid and its remaining call sites.
PiperOrigin-RevId: 425910086
Change-Id: I2938ce589e83b5441c084994edde6a22c2007642
2022-02-02 09:57:11 -08:00
Christian Blichmann
d451478e26 Change license link to HTTPS URL
PiperOrigin-RevId: 424811734
Change-Id: If5ea692edc56ddc9c99fd478673df41c0246e9cc
2022-01-28 01:39:09 -08:00
Christian Blichmann
8e5771b007 Fix Fedora build, update to latest Abseil
This partially reverts the zlib change in 41e0ca0. Turns out the
`CMakeLists.txt` that ships with zlib leaves much to be desired.

PiperOrigin-RevId: 424800727
Change-Id: I356e3bb8d18461a52f845baa4913adff6549ef00
2022-01-28 00:19:04 -08:00
Rebecca Chen
34551d2cec Add whitespace around keywords to satisfy the LibCST parser.
PiperOrigin-RevId: 424307703
Change-Id: I12949320efe57667624126d64cf99ec0d50edfa5
2022-01-26 03:47:51 -08:00
Copybara-Service
cc6a1114d5 Merge pull request #84 from Vincenzo-Petrolo:main
PiperOrigin-RevId: 424301145
Change-Id: I0336c5ffc2eeefe0ccecb7595b0881df23390bf6
2022-01-26 03:00:06 -08:00
Wiktor Garbacz
67a03326cd Simplify sapi::file::CleanPath
PiperOrigin-RevId: 423792568
Change-Id: Ib213e619d3c3c26fa3e34b506781821f9a9b5292
2022-01-24 05:49:40 -08:00
Wiktor Garbacz
e4436c87e8 Replace deprecate sapi:✌️:Proto ctor calls
PiperOrigin-RevId: 423760615
Change-Id: Id05341221fb6413d8f89d38470a9bc02f9d09b77
2022-01-24 02:10:05 -08:00
Wiktor Garbacz
3c16be8347 Replace deprecated readdir64_r
Plain `readdir` is preferred and while not (yet) specified in POSIX it is thread-safe for different directory streams in popular implementations.

PiperOrigin-RevId: 423321528
Change-Id: I4e1e842f338ff7d690c36e7f699b2f3637609524
2022-01-21 07:48:44 -08:00
Christian Blichmann
6fd650b736 Fix description for OsErrorMessage()
PiperOrigin-RevId: 423075550
Change-Id: I14a36e3cb0cf7647d5845a0a834948f0c51f1d58
2022-01-20 08:36:11 -08:00
Wiktor Garbacz
ae9432bc03 Internal change
PiperOrigin-RevId: 423070471
Change-Id: I876ef8f1d2464383ac319e196c1ba64c46ea4201
2022-01-20 08:09:53 -08:00
Wiktor Garbacz
5c9f01fe3c Move using declarations into unnamed namespace
Also fully qualify

PiperOrigin-RevId: 423066722
Change-Id: Id4dffa21a790ce884db750b1965203f9b056b39f
2022-01-20 07:51:29 -08:00
Wiktor Garbacz
4041fe824b Use the using declarations from ::testing
PiperOrigin-RevId: 423042437
Change-Id: I9ddfacd597c65d3dc6e490201cce4b00678f18cf
2022-01-20 05:16:01 -08:00
Wiktor Garbacz
4a945a1748 Replace deprecated calls
PiperOrigin-RevId: 423037776
Change-Id: Id568d54854dde3778686b778648555e0b48204bc
2022-01-20 04:40:23 -08:00
Wiktor Garbacz
38a1cb707f Switch unnecessary templated functions to regular
PiperOrigin-RevId: 422764920
Change-Id: I44f487b2e114eb9e5ca68d29a7b21fa72917d6f1
2022-01-19 02:37:53 -08:00
Wiktor Garbacz
a339850dbf Fix ::sapi:✌️:Char::ToString()
Also make it correct with scoped enums.

PiperOrigin-RevId: 422310326
Change-Id: Ie2db81ec7c8d8ecd8d5fb79573bc9f5040fd8c3b
2022-01-17 02:04:50 -08:00
Christian Blichmann
9229b3fa82 Fix -Wc++11-narrowing error with Clang introduced in 2546d9e
PiperOrigin-RevId: 421784429
Change-Id: Ia5d09a980db39bc8d88373dc769cb5889417502d
2022-01-14 03:40:01 -08:00
Sandboxed API Team
2546d9e85b Ability to inspect a syscall's return value.
PiperOrigin-RevId: 421552017
Change-Id: I7103720723b5e5828f80731a724c5672895dfa54
2022-01-13 06:49:19 -08:00
Sandboxed API Team
ebe4475348 Fix typo in log line that displayed decimals with 0x prefix
PiperOrigin-RevId: 421547286
Change-Id: Ie088bb7871629db919f34f365eb9b6ab7fe65917
2022-01-13 06:20:47 -08:00
Wiktor Garbacz
99b56fee19 Remove redundant glog dependency for sandbox2::sanitizer
PiperOrigin-RevId: 421500119
Change-Id: I720a3efef52868099d388685abee45be887ba430
2022-01-13 01:15:50 -08:00
Sandboxed API Team
85c8ae5125 Automated rollback of commit fac8713fbe.
PiperOrigin-RevId: 421356226
Change-Id: I4a179aeed226e005449c980e11b049759dad3878
2022-01-12 11:47:06 -08:00
Sandboxed API Team
fac8713fbe Ability to inspect a syscall's return value.
PiperOrigin-RevId: 421300791
Change-Id: I93b7e97a532f82c2b077766e22fb2fe9effe6ba2
2022-01-12 08:09:09 -08:00
Wiktor Garbacz
b0bc17e456 Fix Regs::SkipSyscallReturnValue for Aarch64
Add a test.

PiperOrigin-RevId: 420271649
Change-Id: Ifc857ec5351a0fc70547c98f57c22cf792d5d9f9
2022-01-07 05:26:26 -08:00
Christian Blichmann
d54338db3e Upgrade to libunwind 1.6.2
PiperOrigin-RevId: 420066991
Change-Id: I71295329bc3648827f085c771a1164d1aaf02cab
2022-01-06 08:26:05 -08:00
Christian Blichmann
21847a1ef1 Emulate PTRACE_GETREGSET in ptrace wrapper
Newer versions of libunwind use `PTRACE_GETREGSET` to obtain register data.
This change should make it easier to upgrade the libunwind dependency.

PiperOrigin-RevId: 420057842
Change-Id: Ib9abbeff574e457009709715f912ba5962033c5d
2022-01-06 07:33:13 -08:00
Sandboxed API Team
8d7a442b94 Update test to use sapi:✌️:Proto<>::FromMessage factory method
The bare constructor is deprecated.

PiperOrigin-RevId: 419583946
Change-Id: I7647b74e7f4be65e0bbeba1c1393601ffa87fd80
2022-01-04 07:01:28 -08:00
Christian Blichmann
3745d58587
filewrapper: _Exit instead of CHECK failing
Raw `SAPI_RAW_PCHECK` may dump core, depending on environment settings
(issue #89).
This is undesirable in the face of invalid command-line arguments.

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2022-01-03 15:00:35 +01:00
Christian Blichmann
aa3f60148c Do not run static test on AArch64 user mode emulation
PiperOrigin-RevId: 417556328
Change-Id: Ib04b3c6bbe8e5fcece11652c7a751a319899b73c
2021-12-21 00:17:22 -08:00
Wiktor Garbacz
3f5184770d Introduce util::CharPtrArray with proper ownership semantics
Replace existing calls to VecStringToCharPtrArr

PiperOrigin-RevId: 417383812
Change-Id: Ibf9d878df5ada2cb3a0872f7ca7cab96c304a5c1
2021-12-20 05:08:12 -08:00
Sandboxed API Team
a44e57e243 Update references to the new documentation
PiperOrigin-RevId: 416317448
Change-Id: Ic148364e012405cc34840c12428cbd912ed377ae
2021-12-14 09:03:29 -08:00
Christian Blichmann
11619a08f4 Remove SyscallInitializer
PiperOrigin-RevId: 416231431
Change-Id: I83575ee3a51c348912f3d13db600d104ee927265
2021-12-14 00:45:27 -08:00
Christian Blichmann
01ffc2a1c2 #Cleanup PolicyBuilder API using absl::Span
PiperOrigin-RevId: 415979969
Change-Id: I23e00a48ce9ba14c480f8d137c6ae3981a238e13
2021-12-13 01:31:59 -08:00
Christian Blichmann
354cbe89f9 Add more convenience functions to PolicyBuilder
- Allow to specify multiple syscalls with `BlockSyscallsWithErrno()`
- Add functions to allow `unlink()` and `rename()` in all their spellings

PiperOrigin-RevId: 414987303
Change-Id: Ic0e680b785e8e3a3498f20e6a7403737e63fe876
2021-12-08 06:41:21 -08:00
Sandboxed API Team
46c09e0024 Implement WaitForTsan on other sanitizers
__sanitizer_sandbox_on_notify is not tsan specific.
It's empty for other sanitizers now, but we are going to need it soon.

PiperOrigin-RevId: 414873197
Change-Id: I251ac38e5c886980b4baa7f05306643599a25090
2021-12-07 17:59:05 -08:00
Wiktor Garbacz
8979b47d7f Remove arg filter on rt_sigprocmask in AllowStaticStartup
PiperOrigin-RevId: 414692179
Change-Id: If2a5f741ad38f626287988911b85bef7a711f80a
2021-12-07 05:04:01 -08:00
Sandboxed API Team
8e8ce0955f Fix unwind module for Android-ARM64
PiperOrigin-RevId: 414673588
Change-Id: Ib40e4f6b53692440591a1a1e9e069f974832f733
2021-12-07 03:33:56 -08:00
Wiktor Garbacz
8562306c97 Add CloseAllFDsExcept test.
Move VecStringToCharPtrArr before fork, so that it cannot deadlock when other thread holds allocation lock.

PiperOrigin-RevId: 414661912
Change-Id: Ie8aa5c36693e6f86c69d67a1da51b7e7ff1ec30b
2021-12-07 02:23:23 -08:00
Wiktor Garbacz
4061666f44 Fix dependencies for sanitizer target
PiperOrigin-RevId: 414659990
Change-Id: I25215d0f03cf998fee068ae7db91b7e438fcc4f5
2021-12-07 02:13:15 -08:00
Sandboxed API Team
84c29dd3bb Relax the policy to allow stat (and possibly stat64).
PiperOrigin-RevId: 414480521
Change-Id: If0ffca2141589ea3cf0dec4b0524c50ca37489b4
2021-12-06 10:23:31 -08:00
Christian Blichmann
60eb52c17f Explicitly narrow size argument for BPF
This fixes a build error introduced in 26da6e6b0a.

PiperOrigin-RevId: 414408033
Change-Id: Ic34d5eeba3bb34f9a5ce46a05547129fbab8bce0
2021-12-06 04:51:28 -08:00
Wiktor Garbacz
4e6cafa934 Readd function comment removed by mistake
PiperOrigin-RevId: 414406963
Change-Id: Id8155b67ce063a9171b70e24b58d407415b30e78
2021-12-06 04:43:32 -08:00
Wiktor Garbacz
245a8c7650 Remove deprecated AddTmpfs
PiperOrigin-RevId: 414387983
Change-Id: I872c2f3bc1ccaf7a20d7ab97a5cb104d4f096a3f
2021-12-06 02:36:02 -08:00
Wiktor Garbacz
2a67805a13 Add prlimit64 to AllowLogForwarding
PiperOrigin-RevId: 414385430
Change-Id: I4e70d25f886f1ef65fab1b62c67e80eb45407bc7
2021-12-06 02:19:03 -08:00
Chris Kennelly
e61a84979a Internal change
PiperOrigin-RevId: 413954176
Change-Id: Ie07c1c8d96019e1605ea3b9ed58030754954ee97
2021-12-03 09:34:32 -08:00
Wiktor Garbacz
e4ef46631d Replace raw_logging with regular logging in Monitor
PiperOrigin-RevId: 413928700
Change-Id: I0bc4dd86b45c0ddd679a435003fbad2aea27fbf2
2021-12-03 07:17:36 -08:00
Wiktor Garbacz
2fa92bf47c Internal change
PiperOrigin-RevId: 413911008
Change-Id: I59cdac60c092f31fb487f032b3489341c0ba626a
2021-12-03 05:21:01 -08:00
Wiktor Garbacz
c3308b56fc Replace deprecated AddTmpfs call
PiperOrigin-RevId: 413907279
Change-Id: I3a32be4b19acab8b2b2092961df3dd9f3699261b
2021-12-03 04:56:40 -08:00
Christian Blichmann
4a6e005155 Make PtrXXX() family of functions public
PiperOrigin-RevId: 413616359
Change-Id: I553c17f0668708b00fdb12a21109ed45aeba6c66
2021-12-02 01:41:59 -08:00
Sandboxed API Team
a096056263 Automated rollback of commit b72078f692.
PiperOrigin-RevId: 413442229
Change-Id: I48d03ce200160da1c86faec29b2ca51fb1ead834
2021-12-01 09:54:44 -08:00
Sandboxed API Team
b72078f692 Automated rollback of commit 6a6c931317.
PiperOrigin-RevId: 413362657
Change-Id: Ie75672101b2aba4183f9aa3e39679a99f309e155
2021-12-01 02:56:59 -08:00
Wiktor Garbacz
f5fbe8cce5 Internal change
PiperOrigin-RevId: 413351344
Change-Id: I93962c43649fab1f73b3960044563e54449af271
2021-12-01 01:48:41 -08:00