Commit Graph

1353 Commits

Author SHA1 Message Date
Wiktor Garbacz
cb8efdc270 Sandbox2: Graciously handle mapping over Comms/Exec fds
Try to move the affected FDs transparently to avoid conflict.

PiperOrigin-RevId: 480105375
Change-Id: I0cd093fce120505d1cd4a1d081b3c0e63bf0210a
2022-10-10 09:39:01 -07:00
Christian Blichmann
b9c2830ebc Use new sandbox2::Comms ctor for default connection params
This change allows Sandbox2 to change how the default FD for comms is chosen.

PiperOrigin-RevId: 479526309
Change-Id: I69add85a244bc0385eaa164ab0ea3b036503c6d3
2022-10-07 02:08:20 -07:00
Sandboxed API Team
859e282d3b Use new sandbox2::Comms ctor for default connection params
This change allows Sandbox2 to change how the default FD for comms is chosen.

PiperOrigin-RevId: 479521810
Change-Id: Ia2ca1df95eb21783207ffb625c924790de20480d
2022-10-07 01:44:46 -07:00
Wiktor Garbacz
3198ff06d3 Explicit Comms constructor with default params
This is to abstract the FD number away, so that we can change the way the FD number is chosen/communicated.

PiperOrigin-RevId: 479282707
Change-Id: Ic6726bcd0a17e97bde60804476ecbca2ffbf6525
2022-10-06 04:56:18 -07:00
Christian Blichmann
5b61445de9 Internal change
We have removed an internal-only sandbox mechanism that has been deprecated
for years. Some formatting/include changes may leak into the OSS version.

PiperOrigin-RevId: 475230500
Change-Id: Ib4efdf3282529ea50e8302e5ef7acfdd7d4c68e5
2022-09-19 01:58:32 -07:00
Wiktor Garbacz
d2c8c70d8e Internal change
PiperOrigin-RevId: 475224729
Change-Id: Id7c05c7542c44f58e7f4027c6932acd42f3a7857
2022-09-19 01:17:22 -07:00
Christian Blichmann
4d24c4c01b Update to latest Abseil and Protobuf
This is the first in a series of changes that will remove our custom logging
implementation in favor of the newly released Abseil log library.

PiperOrigin-RevId: 475221012
Change-Id: I5d21ad104049dc70abe2a8d49659128e9cf3e9c0
2022-09-19 00:52:35 -07:00
Christian Blichmann
8de530036f Internal change.
Some includes may leak to OSS.

PiperOrigin-RevId: 474748898
Change-Id: Iff9dc4f91af211572ff4bbcf57330b36d7a957ab
2022-09-16 00:37:02 -07:00
Christian Blichmann
39a1bc9d7a Skip system headers in Clang generator
When not requesting any particular function, `sapi_library()` will try and
make available _all_ functions it finds. In this case, system headers should
be skipped to avoid inflating the API surface. Standard library functions
can still be manually requested by adding them to the `functions` (Bazel)/
`FUNCTIONS` (CMake) argument.

PiperOrigin-RevId: 472272506
Change-Id: I8f8d79796d3044e598eebb7f87ce4cf464b47ed7
2022-09-05 07:15:46 -07:00
Sandboxed API Team
75c7081622 For the SECCOMP event, check if the event msg is in the range of one of the known architectures.
If it isn't, assume that the process has exited and the event msg contains an exit code.

PiperOrigin-RevId: 471258449
Change-Id: I44408c30fe7fb39e20b55cea871f3efb68fcde67
2022-08-31 08:09:37 -07:00
Sandboxed API Team
e541f79abd forkserver_bin is usually embedded via cc_embed_data. So there is no real reason why it should be stamped.
PiperOrigin-RevId: 470013947
Change-Id: I7ff11fafdebb49e14c2b5dcae48c31fda6da2833
2022-08-25 09:54:24 -07:00
Christian Blichmann
7008aa21b6 Remove leftover definition from move to SyscallTable
PiperOrigin-RevId: 467930784
Change-Id: Id149fe9ef85718f28fcb396b03b574c32dc846d8
2022-08-16 08:24:56 -07:00
Sandboxed API Team
28504f1817 Make code not have a -Warray-parameter warning.
PiperOrigin-RevId: 467842322
Change-Id: Ic262a3f98fa823ef524ac02d08b2f5b8f4adf71d
2022-08-15 22:55:51 -07:00
Sandboxed API Team
deb3c8e77b Batch threads waiting for the monitor's attention.
Instead of doing waitpid() and processing one thread at a time, gather all waiting threads and then process them.

This avoids starving older threads when newer threads raise a lot of events.

PiperOrigin-RevId: 466366533
Change-Id: I81a878f038feac86407a8e961ecba181004f0f8a
2022-08-09 08:28:03 -07:00
Sandboxed API Team
26b2519aed Integrate LLVM at llvm/llvm-project@ea460b7ddb
Updates LLVM usage to match
[ea460b7ddb8a](https://github.com/llvm/llvm-project/commit/ea460b7ddb8a)

PiperOrigin-RevId: 465026637
Change-Id: Ie32d8e89e2824b6e7d4b3f8f1588e55b6c72bb1e
2022-08-03 04:55:55 -07:00
Sandboxed API Team
78ee270388 Remove information about in-progress syscalls on process exit.
PiperOrigin-RevId: 463091104
Change-Id: I402cb61e9e816a20a87274ea874cddf91c101e14
2022-07-25 08:28:25 -07:00
Sandboxed API Team
4d906e7143 Fix visibility
PiperOrigin-RevId: 461617454
Change-Id: Id77bfbec2cc095005a434251c056b19c3c6a64c4
2022-07-18 07:44:38 -07:00
Wiktor Garbacz
1e4cf06f69 Block installing user notify inside Sandbox2
PiperOrigin-RevId: 458781163
Change-Id: Ifcaf940d8a70a9a4ab5b24aefdaaae622cfce4f3
2022-07-03 11:20:31 -07:00
Sandboxed API Team
055839ab11 Update rules that require a cpp toolchain to use a helper function that defines the toolchain type.
PiperOrigin-RevId: 457645244
Change-Id: Ia99251f24e4baec9deb0ff57b86cb388c9cdfb68
2022-06-27 22:24:54 -07:00
Sandboxed API Team
e5bc3e69cd "Stack traces have been disabled" message goes to VLOG instead of INFO.
PiperOrigin-RevId: 456755121
Change-Id: I7eb7badcd5901a33dd2b2afc0833f00eeedacada
2022-06-23 06:42:35 -07:00
Christian Blichmann
82e164949b CMake: Move proto import path replacement to build time
With this change, the generated build system can now decide when the SAPI
protos are out of date and need to be rebuilt. Previously, the protos had
to always be regenerated which meant compiling a big part of the codebase
after each CMake configure run, even if nothing else changed.

PiperOrigin-RevId: 455599389
Change-Id: If75b6e870cd37f3136681fc73a404c5678623e52
2022-06-17 05:56:31 -07:00
Sandboxed API Team
81871a98f7 Internal-only change.
PiperOrigin-RevId: 455553721
Change-Id: I923ab39b9bcd92a6a8e0dd8f95b01cc135ace919
2022-06-17 00:37:39 -07:00
Christian Blichmann
57a4e7e7bc GitHub Actions: Rename workflows, fix libxls
- Shorter names, as build matrix already contains OS/compiler or
  OS/contrib-package combinations
- libxls was missing `gettext` and `autoconf-archive` packages

PiperOrigin-RevId: 455079247
Change-Id: Iae55644a818f3e1840cc18344caa9cc4277d012b
2022-06-15 02:59:23 -07:00
Christian Blichmann
1ef1fd90ec libidn2: Use pkg-config for include dir
PiperOrigin-RevId: 455050938
Change-Id: I73db6d3036ade8fc4638d7a3a5cfd659dd83555c
2022-06-15 00:07:28 -07:00
Christian Blichmann
e29e5cb1a2 GitHub Actions: Add libzip and tests
- Update Sandbox policy
- Compile libzip wrapper functions as part of libzip in CMake

PiperOrigin-RevId: 454837665
Change-Id: Ife6cc99296873e030b9613959eff88d4b0746a5e
2022-06-14 05:42:12 -07:00
Christian Blichmann
3cb19e7378 GitHub Actions: Add libxls and tests
PiperOrigin-RevId: 454835693
Change-Id: I575ef9519ca829a2d4815e2dde4348cb9a42f36c
2022-06-14 05:27:46 -07:00
Christian Blichmann
45d4b1ba5b GitHub Actions: Add libidn2 and tests
PiperOrigin-RevId: 454784764
Change-Id: Id8de7f34a0a5e0236f2fb92841e117cdcf386d2c
2022-06-14 00:05:25 -07:00
Christian Blichmann
2a65b72ea6 Add c-blosc and hunspell and their tests to CI
- Minor reformatting in `CMakeLists.txt`
- Update c-blosc to latest revision

PiperOrigin-RevId: 454148849
Change-Id: I7a659c0786b1dc35d94059a518a0ec2859055432
2022-06-10 06:15:34 -07:00
Christian Blichmann
4ec09d0061 Update and move lodepng to contrib/
- Drop patch from `CMakeLists.txt` in favor forcing C compilation
- Use `sapi` namespace and new logging integration
- Update sandbox policy to allow to retrieve thread ids
- Add tests to GitHub Workflow

PiperOrigin-RevId: 454133584
Change-Id: I50946245c723eb1e496ed1403b70ba08d977494e
2022-06-10 04:24:12 -07:00
Christian Blichmann
b11ce4b24a Add brotli and tests to CI
Drive-by:
- Update sandbox policy
- Formatting fixes
- Updated comments
PiperOrigin-RevId: 453901669
Change-Id: I40e0fbd26525ba564d4e062c79752a0102c48b15
2022-06-09 05:28:31 -07:00
Christian Blichmann
4872ba6569 libraw: Fix left-over from cleanup
Our internal builds do not build the `contrib/` sandboxes, so I didn't notice
the failing libraw build :-/

PiperOrigin-RevId: 453868469
Change-Id: Ic084b066197ace6f52c3e7ed541a811c501d20b1
2022-06-09 02:04:39 -07:00
Christian Blichmann
95afede8a0 GitHub Actions: Add Ubuntu 22.04 builds
Ubuntu 22.04 is an LTS version, so we should add it. This change set
`ignore-errors = true`, as the corresponding build environment is still in
beta on GitHub.

PiperOrigin-RevId: 453868434
Change-Id: I988e38cda30deedd0704314f21a1f4c33c1456a0
2022-06-09 02:03:48 -07:00
Piotr Bartman
0e7abb70fe Copybara import of the project:
--
656cd15cb6 by Piotr Bartman <prbartman@gmail.com>:

LibRaw

--
a505222184 by Piotr Bartman <prbartman@gmail.com>:

CMake cleanup

--
7fc66b2026 by Piotr Bartman <prbartman@gmail.com>:

cleanup + img.raw

--
1b1c085cfe by Piotr Bartman <prbartman@gmail.com>:

libraw: data checking

--
7e76425c37 by Piotr Bartman <prbartman@gmail.com>:

libraw: CR @cblichmann
PiperOrigin-RevId: 453859071
Change-Id: Ib9e1887f97d48ecbebda05c5c6df01e3642bbfba
2022-06-09 00:55:24 -07:00
Christian Blichmann
de836031d4 cmake: Use configure_file() to implement forced C++ linkage
This finally prevents Ninja from rebuilding everything needlessly each time a
CMake reconfiguration was triggered. The root cause is that we used
`file(WRITE ...)`, which always unconditionally overwrites, so Ninja sees
those files as "dirty".

PiperOrigin-RevId: 453849514
Change-Id: Ib878df21371387baa7bf791a0a054e1ea5d6b6ae
2022-06-08 23:38:50 -07:00
Oliver Kunz
598b00103a This change introduces internal experimental support for Android.
PiperOrigin-RevId: 453669315
Change-Id: I6c3278804071caa2bb347cfeb584975339cb50d5
2022-06-08 06:51:41 -07:00
Sandboxed API Team
a8a558c66d Fix SAPI_VLOG_LEVEL handling so that VLOGs at level <= the specified level are printed.
PiperOrigin-RevId: 453652875
Change-Id: Ibd0f2c54a0e5c6bab7e65633b5b5680dbe36f5ae
2022-06-08 04:52:59 -07:00
Christian Blichmann
eef4707cd1 libtiff: Fix include path in example
PiperOrigin-RevId: 453617334
Change-Id: Id93d1914fa9309ba2646d7ca44369ce651084f23
2022-06-08 00:51:50 -07:00
Christian Blichmann
d805286343 Move libtiff sandbox to contrib/, add to tests
PiperOrigin-RevId: 453410018
Change-Id: I7a9815d844e43fe4b6a1971104179c5b854b2f0a
2022-06-07 05:05:19 -07:00
Christian Blichmann
9ac0400186 Fix jsonnet test failure
PiperOrigin-RevId: 452041179
Change-Id: I972e87ecbad1360970d4b42a81465bb016354d0e
2022-05-31 07:30:21 -07:00
Oliver Kunz
546fda8f1e Internal change
PiperOrigin-RevId: 451384097
Change-Id: Ib1177bbb147074dfff8719a0733417f4f1afc9da
2022-05-27 06:45:58 -07:00
Sandboxed API Team
5513e560eb Add option to block the ptrace system call instead of denying it.
PiperOrigin-RevId: 451347905
Change-Id: Iaed0f6f116bca3be4e6e7009dddd4dd6267823bb
2022-05-27 02:57:37 -07:00
Sandboxed API Team
65487bca39 Fix typo.
PiperOrigin-RevId: 451345082
Change-Id: Id443348448fa4cb6e682d18be64d39e363e20e0c
2022-05-27 02:42:14 -07:00
Oliver Kunz
a761362d71 Internal Changes
PiperOrigin-RevId: 449714418
Change-Id: I12241fff9fdf97f22258d4a18ff4d54b2587d6dc
2022-05-19 04:55:24 -07:00
Wiktor Garbacz
88b0a9e2e5 Fix possible crash when multiple termination conditions occur simultaneously
E.g. a failed `KillSandboxee` for a timeout would already set the exit status code while there could be an external kill pending at the same time which would try to `KillSandboxee` again and thus set exit status code again.

PiperOrigin-RevId: 448464765
Change-Id: Ic5744a576c4255504bfb1d5c4f33253b5bb32b6f
2022-05-13 04:35:27 -07:00
Wiktor Garbacz
5e61ce0853 More permissive ptrace handling in edge cases
This should make multithreaded sandboxees that exec (or send `SIGKILL`) behave more reliably.

PiperOrigin-RevId: 447458426
Change-Id: Ifdace340462199dc24c8cdf25d589ef6b24991e1
2022-05-09 06:58:27 -07:00
Christian Blichmann
69ed3d6946 clang_generator: Fix build breakage with most recent LLVM
PiperOrigin-RevId: 447443100
Change-Id: I7b7ca475be159dc5e2c2f4e6f1596ff7bb0438e2
2022-05-09 05:24:25 -07:00
Sandboxed API Team
84673bbe3e Allow readlinkat with sanitizers
Required after https://reviews.llvm.org/D124212

PiperOrigin-RevId: 445551132
Change-Id: I140c67544d0cf18ee6c75aa9407777bd3414d929
2022-04-29 18:23:59 -07:00
Christian Blichmann
51799f99ae Introduce a transitional logging utility library
Instead of calling `google::InitGoogleLogging()` directly, introduce an
indirection via a new utility library. After this change, Sandboxed API
should consistently use `sapi::InitLogging()` everywhere.

For now, `sapi::InitLogging()` simply calls its glog equivalent. However,
this enables us to migrate away from the gflags dependency and use Abseil
flags. Once a follow-up change lands, `sapi::InitLogging()` will instead
initialize the google logging library with flags defined from Aseil.

Later still, once Abseil releases logging, we can then drop the glog
dependency entirely.

PiperOrigin-RevId: 445363592
Change-Id: Ia23a7dc88b8ffe65a422ea4d5233bba7bdd1303a
2022-04-29 02:14:06 -07:00
Oliver Kunz
905c252e71 Remove AllowStaticStartup because AllowDynamicStartup calls this as well
PiperOrigin-RevId: 445349786
Change-Id: I28686ede2e22e641a8f90caacedf289b2d5c9a2e
2022-04-29 00:48:37 -07:00
Christian Blichmann
a420682099 Use an env var instead of -logtostderr
This should make it easier to migrate away from gflags.

PiperOrigin-RevId: 444834240
Change-Id: If9717131b7a803a8459992b68933491a0945182e
2022-04-27 06:00:37 -07:00