Commit Graph

126 Commits

Author SHA1 Message Date
Sandboxed API Team
c6bab97690 Added more descriptive Syscall argument types, and an API for introspecting arguments.
PiperOrigin-RevId: 612904089
Change-Id: Ia0ef7b0559f7eed923981b13fa8224bc891e8c37
2024-03-05 11:07:06 -08:00
A. Cody Schuffelen
f708270f35 Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder
This helps write the kind of 'log, but allow' policy described in
[`notify.h`](b9c84a1f75/sandboxed_api/sandbox2/notify.h (L57)) for all system calls not mentioned explicitly. One use case is writing a "permissive mode" runtime to give more information during development.

PiperOrigin-RevId: 603766051
Change-Id: I3c72f433a1e21c330b5dd9f1ede2faa570b75b09
2024-02-02 13:01:37 -08:00
Wiktor Garbacz
1339d0b7f2 Remove unneeded include
PiperOrigin-RevId: 594408507
Change-Id: I7bbfa0c47243755ae8bc0a6f69efe66d881076a1
2023-12-29 01:30:29 -08:00
Wiktor Garbacz
0a992b683f Add special handling for global forkserver
PiperOrigin-RevId: 590533638
Change-Id: Ibbb7685c58bae0ebf340eaa0186ecc794a5a5fea
2023-12-13 03:34:22 -08:00
Wiktor Garbacz
d95df64ebb Add a test for custom forkserver
PiperOrigin-RevId: 590187497
Change-Id: I9e2d4a2ed585a78bd3cb44b3f78d91afd527f6ab
2023-12-12 06:53:33 -08:00
Wiktor Garbacz
227daf4a42 Do 1 level of recursion on libunwind crashes
PiperOrigin-RevId: 566617450
Change-Id: If5e3ce2e9763360c6cbd50145c432dfb62621136
2023-09-19 06:50:05 -07:00
Wiktor Garbacz
1cf45be7df Refactor Comms to split out listening/connecting part
Deprecated APIs slated for removal after migration of internal
clients.

PiperOrigin-RevId: 566598245
Change-Id: I5d7b920f3a788d4eccc6e78f239b660ba903adcc
2023-09-19 05:14:09 -07:00
Wiktor Garbacz
92aeadddee PolicyBuilder: test error conditions for AddPolicyOnSyscalls
PiperOrigin-RevId: 562768777
Change-Id: If756f83ea657cc6cd4c1283339a2909071a47493
2023-09-05 07:13:56 -07:00
Wiktor Garbacz
02d770adcc NetworkProxyTest: test more error conditions
PiperOrigin-RevId: 562708702
Change-Id: Ifedcb0eb2bc84396627a0b53828e1e10e4c562ad
2023-09-05 02:17:25 -07:00
Wiktor Garbacz
5f9698612e Better network proxy tests
Fix sending error on `connect` failure.

PiperOrigin-RevId: 562693682
Change-Id: I70c710a9001f22e172cbe4df328983bfa7188d3d
2023-09-05 00:57:27 -07:00
Wiktor Garbacz
3ea315858d Remove mutexes from Comms
It was never fully thread-safe.
e.g. calling SendProtoBuf concurrently from 2 threads
could result in a data race.
Also not all users need the thread-safety thus it's better left off to be done externally by the ones that require it.

PiperOrigin-RevId: 562548941
Change-Id: Ie32dfca366be9e0c32841e55b688907f4f5f7704
2023-09-04 07:00:57 -07:00
Wiktor Garbacz
2c9ac02b68 Rework network_proxy related tests/examples
PiperOrigin-RevId: 561632543
Change-Id: I85843cc1cac8348273a5593339b38ae08e07592c
2023-08-31 06:06:09 -07:00
Wiktor Garbacz
dc25251af9 Enable sandboxed stack traces for coverage
PiperOrigin-RevId: 561611676
Change-Id: I852eec8fc3728da1ae0b4bca8ccc9a628b8b5adc
2023-08-31 04:05:49 -07:00
Wiktor Garbacz
09a48bac06 Reduce CHECK-failures in unotify monitor
This also fixes a CHECK-failure in Join() when waiting for sandboxee
times out.

PiperOrigin-RevId: 561282248
Change-Id: I5568c3b9e6b8dce531167c267f7896996326d2e2
2023-08-30 02:56:16 -07:00
Wiktor Garbacz
4a6b0d4633 Always override forkservers comms_fd in sandboxee
PiperOrigin-RevId: 561276110
Change-Id: I8bd1ce7e2f363b5e371a431b1e6db6534023e401
2023-08-30 02:20:56 -07:00
Wiktor Garbacz
37f00991b9 Final round of IWYU fixes for Sandbox2
PiperOrigin-RevId: 560077736
Change-Id: Id810db20b0042b8cd4f8f7a352b2cc571de51b71
2023-08-25 06:50:29 -07:00
Wiktor Garbacz
127176d72f Bulk IWYU and build_cleaner fixes
PiperOrigin-RevId: 559733768
Change-Id: Ia38f4c176e9f0abbfdb3a8f1109f482d8870eb0f
2023-08-24 06:23:36 -07:00
Wiktor Garbacz
6986af58bb IWYU fixes
PiperOrigin-RevId: 559444773
Change-Id: If92cdc4f978a22bfdbd61b0c9e0b43ea272bca8d
2023-08-23 09:04:00 -07:00
Wiktor Garbacz
9dcc9db919 Replace StrError with PLOG
PiperOrigin-RevId: 559380593
Change-Id: Ia7d2bcb3908b5e739ac5c4aaec1559fb6f86f383
2023-08-23 04:09:02 -07:00
Sandboxed API Team
41003aae83 Automated rollback of commit 1e26cd50dc.
PiperOrigin-RevId: 559102360
Change-Id: I5dd175d5f0b9ece602f5c26454ad1f1e2e3a60fc
2023-08-22 07:12:09 -07:00
Wiktor Garbacz
1e26cd50dc Always override forkservers comms_fd in sandboxee
PiperOrigin-RevId: 558721787
Change-Id: I331efd38b0571877b53cdc14190bae0ed639ce3f
2023-08-21 02:15:52 -07:00
Wiktor Garbacz
b258535161 Treat libunwind sandbox as a ~regular sandboxee
This removes dependency on unwind from forkserver,
which should reduce binary size for all the custom forkservers (also the SAPI generated ones).
Unwind was only ever used by the global forkserver anyhow

PiperOrigin-RevId: 557921074
Change-Id: Iea4904da0506fee5a00f970538f512cba7b02326
2023-08-17 13:32:44 -07:00
Wiktor Garbacz
0a0bf05dc3 Readd VLOGs removed by mistake
PiperOrigin-RevId: 557739843
Change-Id: I21497028fc26388fec8a45ee1bfa2f11cf9022d2
2023-08-17 01:13:21 -07:00
Wiktor Garbacz
7a57d32711 forkserver: Remove waitpid flag
It was superseded by sandboxee rusage when using unotify monitor

PiperOrigin-RevId: 557396642
Change-Id: I41f84149227f62d4b7727030f9359834a9b61dbc
2023-08-16 01:33:12 -07:00
Wiktor Garbacz
3079d2b4e0 Make Policy a simple copyable type
PiperOrigin-RevId: 555146979
Change-Id: I83d7260d65d4291c418e6c8e80385cbdc8fbc758
2023-08-09 06:44:22 -07:00
Wiktor Garbacz
dd664400d7 More verbose logging on graceful exit timeout
PiperOrigin-RevId: 554382651
Change-Id: I7205fed9285b2aaff93860782d65d3dc829bb5f9
2023-08-07 00:28:10 -07:00
Wiktor Garbacz
e86462db77 Remove redundant buffer test
It tested Comms rather than different Buffer functionality.

PiperOrigin-RevId: 549880115
Change-Id: I095464540fa21cc4b3bee1d87e1e046807b6f18c
2023-07-21 01:53:54 -07:00
Wiktor Garbacz
9b307fc204 Remove leftover stack_trace sources from sandbox2 target
PiperOrigin-RevId: 531168602
Change-Id: Ib9c0942e5ba9cf0d577f88a6091245ca02d5674e
2023-05-11 04:59:29 -07:00
Kevin Hamacher
fb1571c801 Automated rollback of commit f6fd27618b.
PiperOrigin-RevId: 529395980
Change-Id: I6a5d451ed84f8d4a522777815c6cc2d7d7a8923c
2023-05-04 06:53:48 -07:00
Oliver Kunz
9ab20c5411 Implements the ability to control who is allowed to enable unrestricted networking.
PiperOrigin-RevId: 529309275
Change-Id: Icd88a4469b0c36af96638d44f9e909085c7120d5
2023-05-03 23:29:34 -07:00
Sandboxed API Team
f6fd27618b Automated rollback of commit 8c53262539.
PiperOrigin-RevId: 529101664
Change-Id: Ica452c6ee8f54b78be09fa830a09d6a89800cf44
2023-05-03 08:45:11 -07:00
Kevin Hamacher
8c53262539 Allow forkserver to use waitpid as alternative to sa_nochldwait
PiperOrigin-RevId: 529074278
Change-Id: If63015586673610e111ee589995e5264523be7a7
2023-05-03 06:41:07 -07:00
Wiktor Garbacz
5efae5cdf5 Do not exit from within ForkServer to get more precise coverage data
PiperOrigin-RevId: 520273079
Change-Id: I3f37d9eacc2c284c45f37842e1e63364cf64faf2
2023-03-29 02:22:16 -07:00
Wiktor Garbacz
a4d602298b Dump coverage prior to execveat
PiperOrigin-RevId: 520002416
Change-Id: Ic792b0b71b8e7b2f00b669db9b6831acd8341c5c
2023-03-28 05:50:43 -07:00
Wiktor Garbacz
b50bc23138 Remove no longer needed friend declaration
Drive-by dependencies cleanup

PiperOrigin-RevId: 518551045
Change-Id: I132dfc42945f500e8efec58a4d58d3bee4d1f191
2023-03-22 06:27:21 -07:00
Wiktor Garbacz
99931c2ad6 Move abort into ExecuteProcess and mark it noreturn
PiperOrigin-RevId: 518528953
Change-Id: Ieaa03af484188bb35f9734d69d987eabbdcc23ab
2023-03-22 04:07:10 -07:00
Wiktor Garbacz
cb63dfead5 Add tests for util.cc
PiperOrigin-RevId: 516439597
Change-Id: I2ac88b6188738e47f0e0bdb04382a50aa5aa9366
2023-03-14 00:04:14 -07:00
Wiktor Garbacz
0d3d5d4bcb Seccomp_unotify based monitor
Unotify based monitor should bring big performance wins
if the sandboxee heavily uses threading or signals.
Some of the features are not supported in that mode:
- execveat is always allowed instead of just the initial one
- stack traces are not collected on normal exit or if the process is terminated by signal

PiperOrigin-RevId: 515040101
Change-Id: Ia5574d34b4ff7e91e3601edb8c9cb913e011fbf6
2023-03-08 08:09:34 -08:00
Wiktor Garbacz
e3b2d232b4 Add test for bpf disassembler
Also always handle the new return values.

PiperOrigin-RevId: 514698931
Change-Id: Ib4ce06e4f17c438271a0452053d3b0bc368e9970
2023-03-07 05:04:09 -08:00
Wiktor Garbacz
526401166e Migrate namespaces related tests out of policybuilder_test
PiperOrigin-RevId: 514325688
Change-Id: I9c581d14da3ac9fe5c3c0b43e156d8ad8d90c73f
2023-03-06 07:08:49 -08:00
Wiktor Garbacz
e09c2bc215 Run more tests with coverage and sanitizers contd
PiperOrigin-RevId: 513815467
Change-Id: I31d0df2c69b20eb126aaa8dde7f45fa7c0e1e6a8
2023-03-03 06:51:06 -08:00
Wiktor Garbacz
cd945565f5 Run more tests with coverage and sanitizers
Running with a permissive test policy should not interfere with sanitizers
or coverage.
Most tests should run with such a permissive policy.
The exception are tests which actually tests policy enforcement.

PiperOrigin-RevId: 513548936
Change-Id: I9a4c2cc8074997cff08cc22d15f4736219ce4d63
2023-03-02 08:46:07 -08:00
Wiktor Garbacz
d74dac096a Rework stack_trace_test
PiperOrigin-RevId: 513467290
Change-Id: Iab630412052fa5e7333514f3864ebdfb7f10e1ef
2023-03-02 01:25:38 -08:00
Wiktor Garbacz
5a8a25e9ac Change the default action instead of appending ALLOW
Also create a visibility restricted version of the function.

PiperOrigin-RevId: 513209752
Change-Id: I031fe62d5ccd81995536479b9af890ad111e336c
2023-03-01 05:36:24 -08:00
Wiktor Garbacz
e1246332d1 Rename and move CreateDirRecursive
PiperOrigin-RevId: 510186053
Change-Id: I0e68cc8fff44780ab98f1d57f829ff900790eed5
2023-02-16 10:44:01 -08:00
Wiktor Garbacz
6db17e7ab3 Use namespaced policy in most tests
Drive-by some test cleanups.

PiperOrigin-RevId: 510134967
Change-Id: I40328a644690865c5cc0a0eb265222ebf7ff83e0
2023-02-16 07:12:46 -08:00
Wiktor Garbacz
71692bb50b Decouple sandboxed stack tracing
This allows to split monitor & stack_trace related targets.
Also move stack traces related functionality into MonitorBase.

PiperOrigin-RevId: 510112916
Change-Id: I60eabf9c9b3204dc369713edd8ae05fded306875
2023-02-16 06:07:15 -08:00
Wiktor Garbacz
d2dbbbae76 Remove redundant tests
UID/GID is checked in namespace test and open fds in santizier test

PiperOrigin-RevId: 510084559
Change-Id: I1aac4d30d44aa2390447f24d228afbb1c3b04e2b
2023-02-16 02:28:52 -08:00
Wiktor Garbacz
3f53e81d0b Remove unused dependency
PiperOrigin-RevId: 509890467
Change-Id: I0189fca5efa93a9e67f6f07eac44793cd17dcfc3
2023-02-15 11:35:14 -08:00
Wiktor Garbacz
a5d12903dd Extract SandboxeeProcess and move it down the call chain
PiperOrigin-RevId: 507718207
Change-Id: Ia1f6fc2f09abbde5311f8dc0f596aa605989140d
2023-02-07 02:22:45 -08:00