Commit Graph

568 Commits

Author SHA1 Message Date
Sandboxed API Team
3323ddc129 Permit sandboxee's bpf() to fail
The default policy causes immediate termination of a sandboxee that
calls `bpf`(2).

This does not allow for try-call use of `bpf()` to test for optional
features.

To support such try-call use cases, sandboxes would like to say:

```
  sandbox2::PolicyBuilder builder;
  builder.BlockSyscallWithErrno(__NR_bpf, EPERM);
```

but this doesn't work because the default policy unconditionally treats
`bpf()` as a sandbox violation.

Remove the bpf violation check from the policy if `bpf()` is explicitly
blocked with an errno.

PiperOrigin-RevId: 345239389
Change-Id: I7fcfd3a938c610c8679edf8e1fa0238b32cc9db4
2020-12-02 08:38:32 -08:00
Wiktor Garbacz
da64459e3f Allow shutting down the global forkserver
PiperOrigin-RevId: 345198374
Change-Id: I3b5c49f6e5abb76d2b0a57078ffeb0609e0be008
2020-12-02 03:05:37 -08:00
Christian Blichmann
6587e571f1 Skip entries with zero inode when parsing /proc/PID/maps
This also skips all entries that point to deleted files.

PiperOrigin-RevId: 344244273
Change-Id: Ic47c6ab0dff4eaf4b4dea2779c45685922adc608
2020-11-25 06:46:39 -08:00
Wiktor Garbacz
5001778443 Use binary search in syscall defs
The lookup is not on the hot path and this removes the SYSCALLS_UNUSED macros.

PiperOrigin-RevId: 344240762
Change-Id: I324bd798945851ac0b92e257206525eab4ec36e5
2020-11-25 06:15:29 -08:00
Wiktor Garbacz
f6247aad9d Fix SyscallTable::get to return proper table
PiperOrigin-RevId: 344236195
Change-Id: Ie370c1a771f1896c98ea387c0a84231a433c9d8c
2020-11-25 05:37:18 -08:00
Kevin Hamacher
510b5079ed Internal Change
PiperOrigin-RevId: 343296855
Change-Id: I995fa76f306fca8524a187f7fd1cbc498a92a885
2020-11-19 08:37:41 -08:00
Copybara-Service
fbf3e84799 Merge pull request #65 from andreimedar:libarchive
PiperOrigin-RevId: 343290002
Change-Id: I1f29e4acfc7d423be63fd52e7a78ceb209d29115
2020-11-19 07:53:41 -08:00
Christian Blichmann
eaff70b558 Use actual ptrace() arguments in example
The semantics of the example remain unchanged. This change is in preparation
for the new Clang based header generator, which will parse most files in C++
mode. `ptrace`'s first argument cannot me implicitly converted from `int` in
C++.

PiperOrigin-RevId: 343280691
Change-Id: Ibc5318b19a48f1dad441e7dcdc318dc5ea6837f6
2020-11-19 06:47:31 -08:00
Copybara-Service
e6bb05a15d Merge pull request #55 from FedericoStazi:libuv
PiperOrigin-RevId: 343278766
Change-Id: I708fdc1cd98d5fbb2abcf3261d1cecd65cec46fe
2020-11-19 06:32:47 -08:00
Christian Blichmann
c2631d88ae Improve syscall argument printing for x86-64
Updates syscall arguments mostly according to this list and more recent kernel sources:
https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md#x86_64-64_bit

The list includes some more syscalls that were recently added.

Follow-up changes will do the same for x86-32, POWER and AArch64.

PiperOrigin-RevId: 341016698
Change-Id: If1771fd37a47b227ca8f572704a64190e4621a38
2020-11-06 02:55:13 -08:00
Wiktor Garbacz
5fb18d3c9d Add policy on both mmap & mmap2
PiperOrigin-RevId: 341007959
Change-Id: I3c2e74cc973d2603cf7b3a858fa8aabd05c41137
2020-11-06 01:30:18 -08:00
Wiktor Garbacz
f8a2729c32 Start global fork-server on demand
Allow disabling global fork-server with a flag.

PiperOrigin-RevId: 340860588
Change-Id: I184603dc3a81eb90f715053e14fb3b8d66a6f104
2020-11-05 08:48:03 -08:00
Christian Blichmann
c99076bf94 Replace std::unique_ptr<uint8_t[]> with vector
No need for the smart pointer indirection when an `std::vector` can also hold
the BPF policy.

PiperOrigin-RevId: 340809220
Change-Id: I8a63567e8042d9ff875cba739e8552db87b6901a
2020-11-05 02:03:46 -08:00
Christian Blichmann
7c30aebe2d Use Abseil hash maps instead of std::map<T>
PiperOrigin-RevId: 340807499
Change-Id: I2689bd1d32be45e3085dcc7a0ba4b8fedd7d53b0
2020-11-05 01:49:14 -08:00
Peter Lundblad
2955d20c9f Enable log forwarding from sandboxee if enabled by the supervisor.
If the sandboxer calls `IPC::EnableLogServer()` (and modifies the sandbox policy
accordingly), sandbox logs will be sent back to the sandboxer.

PiperOrigin-RevId: 340663308
Change-Id: I5e8d89314178dfd1b49fc25b8cd2dd02642be43a
2020-11-04 09:24:50 -08:00
Christian Blichmann
2acec65a58 Add an AllowAccess() convenience function to PolicyBuilder
Drive-by: Apply convenience functions in policies.
PiperOrigin-RevId: 340404977
Change-Id: I906106b61c1837d23ddaff15d8792ec79d3d3189
2020-11-03 02:21:21 -08:00
Copybara-Service
8952d2ce04 Merge pull request #66 from cblichmann:master
PiperOrigin-RevId: 339616485
Change-Id: Iaa427e0aa5712f36ae1c176bffbaf00b2b342373
2020-10-29 00:46:47 -07:00
Christian Blichmann
728355da87 Emit non-type template args as part of forward decls
This change allows us to emit forward declarations to classes that are
templated. For headers generated by the proto compiler this is sometimes
necessary.

Note:
- This will only emit types for a single level of template instantiations.
  That is, template template arguments are not supported.
- Typedefs only occurring in template arguments will be fully desugared
  and thus will not be available under their aliased name in the generated
  API code. This is consistent with the Python based generator (which
  does not emit these at all and relies on text extraction).

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2020-10-28 16:48:04 +01:00
Sandboxed API Team
ea379ef4d6 Cleans up statusor.h includes.
PiperOrigin-RevId: 339050213
Change-Id: Iea5747f907b294503cdb37e1c25cf787c7e83dcf
2020-10-26 09:08:41 -07:00
Christian Blichmann
609a370634 Build fixes and parameter passing for the Clang header generator
PiperOrigin-RevId: 338994867
Change-Id: I40f03738ae38bac4bf217c24bd935d5d3572c1f2
2020-10-26 01:42:47 -07:00
Christian Blichmann
19a8e38a51 Support AArch64 and PPC64 in third party dependencies
PiperOrigin-RevId: 338992825
Change-Id: I2f77ea8379e55007a22ad0461efc98f41a01ad44
2020-10-26 01:22:23 -07:00
Maciej Szawłowski
28bb32add6 Allow empty sapi_embedded_dir flag in the header generator - empty sapi_embedded_name still disallowed
PiperOrigin-RevId: 338656398
Change-Id: Ib2ca3d63ff9bed654669d948286f73d430753a20
2020-10-23 05:36:01 -07:00
Christian Blichmann
040d76be28 Simplify libunwind build files
Sandbox2 and SAPI only use the `unwind-ptrace-wrapped` target.

PiperOrigin-RevId: 338450188
Change-Id: Iee7d7aeda244cad90dae8b5228316f506efc3deb
2020-10-22 05:03:15 -07:00
Copybara-Service
cba334a9d1 Merge pull request #64 from bohdanty:gdal_sandbox
PiperOrigin-RevId: 337856019
Change-Id: Ib1d9c5614f02da4df8d624f006f31ea09bb5c560
2020-10-19 08:08:03 -07:00
happyCoder92
2e3b118ec9
Merge branch 'master' into gdal_sandbox 2020-10-19 10:05:44 +02:00
Bohdan Tyshchenko
5159b67d7d Moved test data to paths to environment variables
Added environment variables to remove relative paths from the code
2020-10-16 09:15:11 -07:00
Sandboxed API Team
834d356bce Cleans up statusor.h includes.
PiperOrigin-RevId: 337370254
Change-Id: Ibcbc2921f96d32675720ddc7adb621dd53894dfa
2020-10-15 13:25:30 -07:00
Bohdan Tyshchenko
5711a66d77 Comments fix, code update to correspond latest SAPI version
Comments fix
Changed sapi::StatusOr to absl::StatusOr
Code changes according to new CStr(absl::string_view) constructor
2020-10-15 08:13:11 -07:00
Wiktor Garbacz
29e5d03201 Use string_view instead of char* in CStr ctor
PiperOrigin-RevId: 337045297
Change-Id: If97b405cc2bf1904456bf502fc7d027c7df2ac7a
2020-10-14 02:04:05 -07:00
Bohdan Tyshchenko
b1a1aef39e Project architecture redesign, coding style update
Put duplicated code inside the transaction, which is used by both tests and raster_to_gtiff
Removed <filesystem> header, reimplemented one of its utilities for file checking
Code style changes
Replaced .data() with .c_str() for std::string
Updated README to show how to build both GDAL and PROJ inside the build folder and how to link them to the sandbox
2020-10-13 13:03:04 -07:00
Andrei Medar
150fd02ed4 Implemented requested changes 2020-10-09 13:52:17 +00:00
Andrei Medar
519b5af157 Added ld_preload example usage 2020-10-08 10:58:21 +00:00
Copybara-Service
33bc36ae3d Merge pull request #62 from andreimedar:libarchive
PiperOrigin-RevId: 336042102
Change-Id: I7b1ceaa794851c10e07dbdef4f4e37000edc25d4
2020-10-08 02:06:50 -07:00
Andrei Medar
f038f7aa3f added empty line at the end of files (was removed by clang-format) 2020-10-07 14:36:24 +00:00
root
c63302f731 Changed constants naming in unit tests. 2020-10-07 12:52:55 +00:00
Andrei Medar
04f4ff5960 Removed computer specific code 2020-10-07 11:51:59 +00:00
Andrei Medar
e87e583bca Merge remote-tracking branch 'upstream/master' into libarchive
Merge fork with upstream for pull request.
2020-10-07 10:10:08 +00:00
Andrei Medar
efff53149d Implemented requested changes (variable names, functions return absl::Status/absl::StatusOr) 2020-10-07 10:07:13 +00:00
Bohdan Tyshchenko
48348d6aa5 Headers order fix, NOLINT project headers 2020-10-07 01:33:20 -07:00
Bohdan Tyshchenko
19612c642f Removed unnecessary code 2020-10-06 04:21:29 -07:00
Bohdan Tyshchenko
8e0141cc9a Readme fix 2020-10-06 04:12:50 -07:00
Bohdan Tyshchenko
22a8cee4ea Updated CMake and tests, wrote README
Added instructions on how to build GDAL Sandbox using GDAL and PROJ build from sources
Updated test data
2020-10-06 04:06:54 -07:00
Christian Blichmann
afa232cc17 Clang generator: Remember "seen" types when collecting related types
This change includes a small refactoring to remember which types the generator
has already seen during header generations. Otherwise we may loop indefinitely
on certain complex types. One such type is `std::FILE` in Clang's libc++.

PiperOrigin-RevId: 335589238
Change-Id: I5bbe03b6c7fc89c743163f5534075d7912ed4e58
2020-10-06 01:04:49 -07:00
Bohdan Tyshchenko
5442d8c6e0 Updated sandbox construction logic and CMakeLists
More flexible CMake file with variables
Added logic to check whether proj.db exists and fetch it from the environment variable
2020-10-05 11:01:15 -07:00
Christian Blichmann
b74cf8839b Minor ForkClient improvements
- Use a `constexpr inline` string constant for the forkserver env var
- Add annotation for the comms channel mutex

PiperOrigin-RevId: 335395005
Change-Id: Ic058c19c3704f182aa7ed7b8e8964b2fc5082800
2020-10-05 05:10:16 -07:00
Andrei Medar
725f665b79 Added one extra test 2020-10-02 16:52:13 +00:00
Andrei Medar
589776b6f9 Modified sandbox to limit ioctl. Use .value() instead of manually checking .ok(). 2020-10-02 15:52:29 +00:00
Copybara-Service
569c7d84b0 Merge pull request #54 from Manwi23:jsonnet
PiperOrigin-RevId: 335017461
Change-Id: I583444057bb4d8c8c33694fbba4d3717bb22101a
2020-10-02 06:47:45 -07:00
Andrei Medar
7e1d9179e5 Solved some pr comments 2020-10-02 10:56:14 +00:00
Copybara-Service
47ba5c8e39 Merge pull request #61 from FedericoStazi:curl
PiperOrigin-RevId: 334994112
Change-Id: Iedd065f33cdb5ebda796722d0a4d158ba719ff2c
2020-10-02 03:15:25 -07:00