Wiktor Garbacz
008b45c9b7
PolicyBuilder: ignore duplicate calls to more complex helpers
...
PiperOrigin-RevId: 608318563
Change-Id: I3db1dd4e4a8d83a8069b68f1e84a1a8b7277bcdc
2024-02-19 06:14:02 -08:00
Wiktor Garbacz
34f129dc51
Comms: Always use the inline buffer
...
PiperOrigin-RevId: 606974170
Change-Id: I5f384bfd1b0cd5fecf493162bc40f17860b5975b
2024-02-14 07:12:51 -08:00
A. Cody Schuffelen
f708270f35
Add DefaultAction(TraceAllSyscalls)
variant to PolicyBuilder
...
This helps write the kind of 'log, but allow' policy described in
[`notify.h`](b9c84a1f75/sandboxed_api/sandbox2/notify.h (L57)
) for all system calls not mentioned explicitly. One use case is writing a "permissive mode" runtime to give more information during development.
PiperOrigin-RevId: 603766051
Change-Id: I3c72f433a1e21c330b5dd9f1ede2faa570b75b09
2024-02-02 13:01:37 -08:00
Wiktor Garbacz
044ba1cb90
Return ENOSYS instead of hard denying clone3
...
It's currently not possible to properly inspect arguments of clone3 via seccomp.
As userspace (notably glibc) started using clone3, other sandbox solutions (e.g. in Firefox and Chrome) switched to returning ENOSYS for that syscall, which usually will result in libraries falling back to clone/clone2.
PiperOrigin-RevId: 603332131
Change-Id: If2483f6f42eca46e1c8958ef17ca3c02fa82b658
2024-02-01 04:39:02 -08:00
Chris Kennelly
b9c84a1f75
Allow restartable sequences access to poll.
...
This is used as part of reading the proc files that tell us how many CPUs are
present.
PiperOrigin-RevId: 602953725
Change-Id: I0b64c8d3992119bb956d262cd0f39500a680cc60
2024-01-30 23:48:37 -08:00
Chris Kennelly
0e98cceb32
Permit TCMalloc to use MAP_FIXED_NOREPLACE.
...
PiperOrigin-RevId: 602616926
Change-Id: I6337f740baebea6f8c63622a502a200c6f7bdb47
2024-01-29 23:13:59 -08:00
Wiktor Garbacz
fa5360351b
Use absl::string_view
consistently
...
PiperOrigin-RevId: 600363060
Change-Id: I14e4b78c90d1f66e6b429436b09fad9dcd0f2cfc
2024-01-21 23:42:32 -08:00
Sandboxed API Team
25cfb5ef03
Adding missing syscalls to the syscall tables.
...
PiperOrigin-RevId: 599971082
Change-Id: Icbec577ccf30a3868e4ac6ec356c3544c3d86aab
2024-01-19 16:46:15 -08:00
Sandboxed API Team
824d894822
Make sandbox2::SyscallTable::GetEntry public and add new helper GetEntries.
...
PiperOrigin-RevId: 599967495
Change-Id: Iae524c2c9b2829cbdcd51117134223d08e993a01
2024-01-19 16:28:20 -08:00
Wiktor Garbacz
28b45670c2
Allow sched_getaffinity
in AllowLlvmSanitizers
...
Otherwise sanitizers might CHECK-fail at `pthread_getattr_np` call.
PiperOrigin-RevId: 598809849
Change-Id: I221b25ecc640672586acfa350e2748769e38c70c
2024-01-16 05:18:55 -08:00
Wiktor Garbacz
fbfc2b9eac
Handle prlimit64
in Allow*RLimit
...
PiperOrigin-RevId: 598794581
Change-Id: If7898294aab1cf77f9b8007e4a9dc8bd74449f9b
2024-01-16 04:00:31 -08:00
Chris Kennelly
a56660f542
Allow restartable sequences' mmaps to name their VMAs.
...
PiperOrigin-RevId: 596593499
Change-Id: Ice231b633758667947ec31da5c22f146847e6c6f
2024-01-08 07:57:34 -08:00
Sandboxed API Team
fc610b7c7a
Fix UB caused by uninitialized value.
...
PiperOrigin-RevId: 595332410
Change-Id: I88ca3e826853b8731e2c9a0c8b327cf13aeca046
2024-01-03 01:48:45 -08:00
Wiktor Garbacz
1339d0b7f2
Remove unneeded include
...
PiperOrigin-RevId: 594408507
Change-Id: I7bbfa0c47243755ae8bc0a6f69efe66d881076a1
2023-12-29 01:30:29 -08:00
Wiktor Garbacz
52babc15d4
logserver: Support non-UTF8 log messages
...
PiperOrigin-RevId: 594244338
Change-Id: Icc6bf1bea0dd8ad62e6fa274979cecd01e9b8283
2023-12-28 06:35:09 -08:00
Sandboxed API Team
e5370e93ca
Minor cleanups, no functional change.
...
PiperOrigin-RevId: 594091580
Change-Id: Id870592374069840fedf51cd228c9ed2f84b7542
2023-12-27 13:39:58 -08:00
Wiktor Garbacz
36e4b80f9a
Introduce and prefer AllowMmapWithoutExec
...
PiperOrigin-RevId: 593968486
Change-Id: I4f7d4d8a6f593d94c0a7e7672826074c4cefc230
2023-12-27 02:51:13 -08:00
Wiktor Garbacz
0a992b683f
Add special handling for global forkserver
...
PiperOrigin-RevId: 590533638
Change-Id: Ibbb7685c58bae0ebf340eaa0186ecc794a5a5fea
2023-12-13 03:34:22 -08:00
Wiktor Garbacz
d95df64ebb
Add a test for custom forkserver
...
PiperOrigin-RevId: 590187497
Change-Id: I9e2d4a2ed585a78bd3cb44b3f78d91afd527f6ab
2023-12-12 06:53:33 -08:00
Wiktor Garbacz
19d8f4729a
Add clone3 to syscall defs
...
PiperOrigin-RevId: 588688163
Change-Id: I7f309c8d05ca1bce5ddf160d1a33203b17317697
2023-12-07 00:46:35 -08:00
Wiktor Garbacz
5ed720eeb1
SAPI_RAW_CHECK expects NUL-terminated strings
...
PiperOrigin-RevId: 586244294
Change-Id: I85492eb2f4833a1b31312981265ad3d715dfaa72
2023-11-29 01:03:45 -08:00
Wiktor Garbacz
15fb5b9608
Allow sigaltstack
...
`absl::GetStackTrace` on Aarch64 since
bb7bbb12c7
will call sigaltstack.
PiperOrigin-RevId: 581914257
Change-Id: I316bdd64d1cef8a6327838681bda0067a0dc50fc
2023-11-13 04:22:29 -08:00
Wiktor Garbacz
bc3c0ec17a
Internal change
...
PiperOrigin-RevId: 581252235
Change-Id: I4de5fa0af11daa087172a81d2f81d51b51b1bace
2023-11-10 07:27:10 -08:00
Wiktor Garbacz
1bad376e42
Block sigaltstack
with ENOSYS
by default
...
`absl::GetStackTrace` on Aarch64 since
bb7bbb12c7
will call sigaltstack.
`absl::Mutex` in debug mode uses `absl::GetStackTrace` causing many new syscall violations. An error in the sigaltstack should be tolerated, so this will fix the issue without opening up the policy too much.
PiperOrigin-RevId: 580885547
Change-Id: I1acf28bff0e2f6f236a262c0ca8fa74a6c57fada
2023-11-09 06:32:16 -08:00
Sandboxed API Team
6f90a6ef2a
don't drop CAP_SYS_PTRACE as it is apparently needed by sandbox
...
running as root when combined with apparmor (or possibly yama) LSM
PiperOrigin-RevId: 578762678
Change-Id: I60803b4ed78c6750f8ce0e0c909e5cec4f619da8
2023-11-02 00:42:33 -07:00
Sandboxed API Team
79ab44c981
drop almost all capabilities during sandbox creation
...
PiperOrigin-RevId: 578096197
Change-Id: I900cfab378f0069e8daac60b5eb41c5eb7401692
2023-10-31 01:31:41 -07:00
Wiktor Garbacz
0940a9ee4a
Export config.h
from syscall.h
for sapi::cpu::Architecture
...
PiperOrigin-RevId: 569433347
Change-Id: I49b031d46f426f23cbf4556f8e22a69d6adc2c74
2023-09-29 02:32:49 -07:00
Wiktor Garbacz
37a7432178
Remove deprecated comms functions
...
PiperOrigin-RevId: 568510723
Change-Id: I517d739e44cb61eec8b0fd9fe6aa473e1bb8ec06
2023-09-26 05:45:27 -07:00
Wiktor Garbacz
fadfa79d7a
Add missing return
...
PiperOrigin-RevId: 568125662
Change-Id: If9d4990de32c9503a2b78393b944d6bcb58c5477
2023-09-24 23:47:01 -07:00
Sandboxed API Team
ee7b76f592
Automated rollback of commit 4ae281b6a2
.
...
PiperOrigin-RevId: 567287128
Change-Id: Ia12646e9ad1ebc94f6e26ae1b893b885c0908ca9
2023-09-21 06:17:56 -07:00
Wiktor Garbacz
4ae281b6a2
Remove deprecated comms functions
...
PiperOrigin-RevId: 567239465
Change-Id: Ic890404fa8b7e9797b2399a3b346c1339fbe133a
2023-09-21 02:31:16 -07:00
Wiktor Garbacz
9a985f91a7
Replace use of deprecated sandbox2::Comms
functions
...
PiperOrigin-RevId: 566863078
Change-Id: Ida96eb8046ff96bdd41cec4a1427073ae43930d9
2023-09-19 23:55:05 -07:00
Wiktor Garbacz
227daf4a42
Do 1 level of recursion on libunwind crashes
...
PiperOrigin-RevId: 566617450
Change-Id: If5e3ce2e9763360c6cbd50145c432dfb62621136
2023-09-19 06:50:05 -07:00
Wiktor Garbacz
1cf45be7df
Refactor Comms to split out listening/connecting part
...
Deprecated APIs slated for removal after migration of internal
clients.
PiperOrigin-RevId: 566598245
Change-Id: I5d7b920f3a788d4eccc6e78f239b660ba903adcc
2023-09-19 05:14:09 -07:00
Wiktor Garbacz
d26262d82e
Remove stale comment
...
PiperOrigin-RevId: 566559462
Change-Id: Iafc1e05ff4a958480c14b69b4139b370cdc63149
2023-09-19 02:04:50 -07:00
Sandboxed API Team
37b3a51ca6
Use empty instead of length
...
PiperOrigin-RevId: 566219114
Change-Id: I123e3cb8253d092b5d2d9c8e2a85cf5348c64a58
2023-09-18 00:46:50 -07:00
Chris Kennelly
f5830c93cd
Ensure that TCMalloc can execute NumCPUs.
...
PiperOrigin-RevId: 565683514
Change-Id: I391ab5f184f487ef3ffc553d10581cd6eaee54de
2023-09-15 08:21:13 -07:00
Wiktor Garbacz
700f8fa547
Skip sanitizers for limits_test
...
PiperOrigin-RevId: 565645224
Change-Id: I4441562e368ab8e0b95abbf9e3fbaa792ae59ffd
2023-09-15 04:57:24 -07:00
Wiktor Garbacz
1475458939
namespace_test: use lstat instead of stat, don't descent into procfs & sysfs
...
PiperOrigin-RevId: 565303140
Change-Id: I7600b60613f52260410098e617b00a2e4272b2fb
2023-09-14 02:09:12 -07:00
Wiktor Garbacz
4289b64aa7
Disallow clone3, unsafe clone and unshare flags
...
Ability to create new namespaces and getting capabilities in there exposes a big kernel attack surface.
PiperOrigin-RevId: 564703131
Change-Id: I3dcf4c78dca9f51a4b068df16e1b1a69916d727c
2023-09-12 06:30:45 -07:00
Wiktor Garbacz
77f62ccb1f
Remove unused NetworkProxyClient::ConnectHandler
...
PiperOrigin-RevId: 563750900
Change-Id: Ib848aab0520032dbdcc879cb11861b133e26c4c6
2023-09-08 07:51:13 -07:00
Wiktor Garbacz
f614862e07
Remove deprecated VecStringToCharPtrArr
...
PiperOrigin-RevId: 563374332
Change-Id: I6873ca0d45fd5de6ad8eab1cbc395032130e9697
2023-09-07 03:09:30 -07:00
Wiktor Garbacz
b350a41a10
Gather more coverage data
...
Switch to ForkWithFlags for InitProcess (it will not reset coverage).
Explicitly dump coverage after initial namespace setup.
Return instead of exiting from libunwind sandbox.
PiperOrigin-RevId: 563368599
Change-Id: I3b764db015a71bd091ee7b4b5b614281cbb84832
2023-09-07 02:43:04 -07:00
Wiktor Garbacz
f6ec787902
PtraceMonitor: Add a hard deadline for waiting for kill to take effect
...
PiperOrigin-RevId: 563064233
Change-Id: Id340ba3793b82737f1976638a57df513c3d4136c
2023-09-06 04:38:51 -07:00
Wiktor Garbacz
98d7f91b4d
Run more tests with sanitizers and coverage
...
PiperOrigin-RevId: 562768789
Change-Id: I2ee9e05a75a1f4e46887ef4c6587628f36ba16eb
2023-09-05 07:14:49 -07:00
Wiktor Garbacz
92aeadddee
PolicyBuilder: test error conditions for AddPolicyOnSyscalls
...
PiperOrigin-RevId: 562768777
Change-Id: If756f83ea657cc6cd4c1283339a2909071a47493
2023-09-05 07:13:56 -07:00
Wiktor Garbacz
02d770adcc
NetworkProxyTest: test more error conditions
...
PiperOrigin-RevId: 562708702
Change-Id: Ifedcb0eb2bc84396627a0b53828e1e10e4c562ad
2023-09-05 02:17:25 -07:00
Wiktor Garbacz
b088c01ab2
Add missing Aarch64 syscall entries
...
PiperOrigin-RevId: 562705740
Change-Id: Ie75c13b4b1669cc7bcd45baa51119c633e120993
2023-09-05 02:03:36 -07:00
Wiktor Garbacz
5f9698612e
Better network proxy tests
...
Fix sending error on `connect` failure.
PiperOrigin-RevId: 562693682
Change-Id: I70c710a9001f22e172cbe4df328983bfa7188d3d
2023-09-05 00:57:27 -07:00
Wiktor Garbacz
3ea315858d
Remove mutexes from Comms
...
It was never fully thread-safe.
e.g. calling SendProtoBuf concurrently from 2 threads
could result in a data race.
Also not all users need the thread-safety thus it's better left off to be done externally by the ones that require it.
PiperOrigin-RevId: 562548941
Change-Id: Ie32dfca366be9e0c32841e55b688907f4f5f7704
2023-09-04 07:00:57 -07:00