Commit Graph

517 Commits

Author SHA1 Message Date
Wiktor Garbacz
3f53e81d0b Remove unused dependency
PiperOrigin-RevId: 509890467
Change-Id: I0189fca5efa93a9e67f6f07eac44793cd17dcfc3
2023-02-15 11:35:14 -08:00
Wiktor Garbacz
e4c0d91e69 Remove leftover debug log
PiperOrigin-RevId: 509473001
Change-Id: I37e1ca609489ed9e2f3303efda3d955ad8408237
2023-02-14 02:51:21 -08:00
Wiktor Garbacz
a5d12903dd Extract SandboxeeProcess and move it down the call chain
PiperOrigin-RevId: 507718207
Change-Id: Ia1f6fc2f09abbde5311f8dc0f596aa605989140d
2023-02-07 02:22:45 -08:00
Wiktor Garbacz
f289855867 Update IfThenChange after monitor split
PiperOrigin-RevId: 506591092
Change-Id: Idf3c0d00e88c622a565fe056b2b12fca27c4b819
2023-02-02 05:17:03 -08:00
Wiktor Garbacz
34b2f6bc90 Remove AllowUnsafeKeepCapabilities()
PiperOrigin-RevId: 506586347
Change-Id: I859a1f695ffbcf3b982a26df425c6b4e03c62da1
2023-02-02 04:47:02 -08:00
Wiktor Garbacz
8f24f2a4f0 Split PtraceMonitor into separate file
PiperOrigin-RevId: 505660957
Change-Id: I6b8fcbb86c9fef294b6d19e2d1ec7120415f843b
2023-01-30 05:09:20 -08:00
Wiktor Garbacz
97d67019d2 Split out policybuilder target
PiperOrigin-RevId: 505053801
Change-Id: Ic0ea4aa2334394e310af6d3a11f961bd4866f9dc
2023-01-27 01:24:51 -08:00
Wiktor Garbacz
4450c5513f Bazel: Do not expose regs.h
PiperOrigin-RevId: 505047592
Change-Id: I207cf46c3f75d0a24cf753888e0cdba53d4193b0
2023-01-27 00:43:38 -08:00
Wiktor Garbacz
f636cd86d6 Split PtraceMonitor out of Monitor
This is a preparatory step to introduce a Sandbox2 mode that does not use ptrace.

PiperOrigin-RevId: 503919613
Change-Id: I446adecc66e697c592ad938627fbfdbea12516e1
2023-01-23 01:42:28 -08:00
Sandboxed API Team
8c107936da Internal BUILD changes
PiperOrigin-RevId: 503417314
Change-Id: Ib368f5600ef39d2ee37fc8c71108d6d11f109328
2023-01-20 05:14:47 -08:00
Sandboxed API Team
adb90a14a0 Internal BUILD changes
PiperOrigin-RevId: 503412719
Change-Id: Idecf094c8c7c8956a9f000204c90ed83d6df599d
2023-01-20 04:43:10 -08:00
Wiktor Garbacz
8bf9868ec3 Protobuf doesn't directly support heterogeneous lookup with absl::string_view
If the platform does not have `std::string_view` (i.e. `absl::string_view` is not an alias of `std::string_view`) the lookup will cause build failure.

PiperOrigin-RevId: 503159858
Change-Id: Ide8229ae0219d1cb6f3b36aba26da8d53183bc4b
2023-01-19 07:32:03 -08:00
Wiktor Garbacz
2f64d3d925 stack_trace: pass fd to sandboxee's memory instead of using process_vm_readv
Libunwind sandbox no longer needs to join sandboxee's userns.
This cleans up a lot of special handling for the libunwind sandbox.

PiperOrigin-RevId: 503140778
Change-Id: I020ea3adda05ae6ff74137b668a5fa7509c138f8
2023-01-19 05:44:50 -08:00
Wiktor Garbacz
f87b6feb18 stack_trace: do not add common libraries when not a custom fork-server
Avoids duplicate entries warnings and tightens the namespace.
Drive-by: modernize the policy.
PiperOrigin-RevId: 503108939
Change-Id: If34d23dd83ca39682799dfb36bd0b9b9ceb19fdc
2023-01-19 02:47:49 -08:00
Sandboxed API Team
bc6937ac82 Add logging of stack traces of all threads that were terminated by a signal or
when the sandboxee did not exit normally.
Disabled by default, enabled with a flag.

PiperOrigin-RevId: 502807175
Change-Id: Icb5236cbfac0168a2d855c68967f7a1e8bd13fe3
2023-01-18 01:45:01 -08:00
Wiktor Garbacz
58c3f80d57 Allow MADV_HUGEPAGE used by tcmalloc
PiperOrigin-RevId: 501815420
Change-Id: I22d6408e4e6ca375823b7b9448547cc082fe5421
2023-01-13 04:41:22 -08:00
Wiktor Garbacz
2ae5370cfb Full syscall info in Result::ToString
PiperOrigin-RevId: 501522999
Change-Id: I90c63984c053a5e7deaf4b7619e70c360cc892bb
2023-01-12 03:57:44 -08:00
Sandboxed API Team
1871b173c4 Add __NR_faccessat2 to the list of syscalls allowed by AllowAccess().
PiperOrigin-RevId: 500105471
Change-Id: Ic43c608a511617ba9ca8c2cba440cd709ae80a19
2023-01-06 00:16:46 -08:00
Sandboxed API Team
756176f206 On new process, check for the clone3 syscall.
PiperOrigin-RevId: 499918752
Change-Id: I7279e76593976c224a15be901834bf6225aebe85
2023-01-05 10:02:09 -08:00
Sandboxed API Team
90ee0a7464 Update clients of PolicyBuilder to support architectures other than x86_64.
PiperOrigin-RevId: 499424110
Change-Id: I6e7ed7436db84a65b1920f78dfc00cb2f9894b3c
2023-01-04 01:44:20 -08:00
Wiktor Garbacz
00d42577d5 Use CLONE_VM for starting the global forkserver
PiperOrigin-RevId: 499192311
Change-Id: I054385e9cab5e4987b0f34ab3b763244356405c2
2023-01-03 05:36:40 -08:00
Wiktor Garbacz
2d52191c24 Define PR_SET_VMA* if undefined
PiperOrigin-RevId: 497161397
Change-Id: I65fc11a7ccf34ffe225a03a0444275145fa43b4f
2022-12-22 07:39:44 -08:00
Wiktor Garbacz
fc721da2b9 More precise sycall_defs
PiperOrigin-RevId: 497137823
Change-Id: I374054659ce94e6b53819b999d9ed25df18b4ebd
2022-12-22 05:00:48 -08:00
Wiktor Garbacz
89a8f35f0e Use new helpers in policy_test
PiperOrigin-RevId: 496904765
Change-Id: Id2e4a901ed29c780542423608c55d01ef19eee9a
2022-12-21 06:17:07 -08:00
Wiktor Garbacz
7625c3dd24 Use AllowDup helper in AddNetworkProxyPolicy
PiperOrigin-RevId: 496898835
Change-Id: I76968c5c9b25a9e41865b3fad20463661195f581
2022-12-21 05:36:28 -08:00
Sandboxed API Team
aff27f4559 Update PolicyBuilder to include wrappers for more syscall families that differ between platforms.
New wrappers:

- `AllowEpollWait` (`epoll_wait`, `epoll_pwait`, `epoll_pwait2`)
- `AllowInotifyInit` (`inotify_init`, `inotify_init1`)
- `AllowSelect` (`select`, `pselect6`)
- `AllowDup` (`dup`, `dup2`, `dup3`)
- `AllowPipe` (`pipe`, `pipe2`)
- `AllowChmod` (`chmod`, `fchmod`, `fchmodat`)
- `AllowChown` (`chown`, `lchown`, `fchown`, `fchownat`)
- `AllowReadlink` (`readlink`, `readlinkat`)
- `AllowLink` (`link`, `linkat`)
- `AllowSymlink` (`symlink`, `symlinkat`)
- `AllowMkdir` (`mkdir`, `mkdirat`)
- `AllowUtime` (`utime`, `utimes`, `futimens`, `utimensat`)
- `AllowAlarm` (`alarm`, `setitimer`)
- `AllowGetPGIDs` (`getpgid`, `getpgrp`)
- `AllowPoll` (`poll`, `ppoll`)

Updated wrappers:

- `AllowOpen` now includes `creat`. `openat` already grants the ability to create files, and is the designated replacement for `creat` on newer platforms.
- `AllowStat` now includes `fstatfs` and `fstatfs64`. The comment already claimed that these syscalls were included; I believe they were omitted by accident.
- `AllowUnlink` now includes `rmdir`. `unlinkat` already grants the ability to remove empty directories, and is the designated replacement for `rmdir` on newer platforms.

PiperOrigin-RevId: 495045432
Change-Id: I41eccb74fda250b27586b6b7fe4c480332e48846
2022-12-13 09:32:17 -08:00
Wiktor Garbacz
5b3450ac8d Internal change
PiperOrigin-RevId: 494153465
Change-Id: Ice7f3e7b95f8de1348ccb281bbfa6fc7164b3353
2022-12-09 06:14:19 -08:00
Wiktor Garbacz
ee58a410d9 Handle S2 unwinding by trapping ptrace
PiperOrigin-RevId: 491893277
Change-Id: I427a2e485173c73fffead43e29511460c58c4f04
2022-11-30 06:00:29 -08:00
Wiktor Garbacz
bd5769d40a Use SyscallTrap in NetworkProxy
PiperOrigin-RevId: 491891500
Change-Id: I2e70dbc44aa264247c217ca88a4de1c0867383fd
2022-11-30 05:47:44 -08:00
Wiktor Garbacz
5bf9b1aef0 Introduce SyscallTrap helper class
PiperOrigin-RevId: 491887840
Change-Id: I5b189969da33e042a3ba38fe14025a758103f160
2022-11-30 05:21:12 -08:00
Wiktor Garbacz
77c80b7213 unwind: Skip Mapping Symbols on ARM
ARM documentation for Mapping Symbols:
https://developer.arm.com/documentation/dui0803/a/Accessing-and-managing-symbols-with-armlink/About-mapping-symbols

PiperOrigin-RevId: 491836684
Change-Id: I2e259e66f2253d80902aa763f2637f3f6fdea414
2022-11-30 00:16:37 -08:00
Wiktor Garbacz
755f29b35e Correct unwinding stop condition
On successful completion, `unw_step()` returns a positive value
  if the updated cursor refers to a valid stack frame,
  or `0` if the previous stack frame was the last frame in the
  chain. On error, the negative value of one of the error-codes
  below is returned.

PiperOrigin-RevId: 491588164
Change-Id: Ie361023ef69eed6c895856832a8208f2791f644d
2022-11-29 03:24:31 -08:00
Sandboxed API Team
11b89c0317 Internal compatible_with change
PiperOrigin-RevId: 491371995
Change-Id: I3f0430d6678992642557320a8fa3cf738a7c5fab
2022-11-28 09:55:57 -08:00
Christian Blichmann
c3889ce379 Fix command-line handling in sandbox2tool
This addresses #164.

PiperOrigin-RevId: 483675926
Change-Id: I1461c9bb2c3865d86cd99f9285e51ce20ac460b8
2022-10-25 08:05:23 -07:00
Christian Blichmann
6fbfb8f9bd Remove Tag constructor, add standard comment for absl::WrapUnique(new T)
PiperOrigin-RevId: 483654433
Change-Id: I16b058a6b186f764f45bc5540f3f49d5a294ddeb
2022-10-25 06:20:51 -07:00
Christian Blichmann
8d04efa62d contrib: Replace uses of CHECK_NOTNULL
Abseil's standard name for this is `ABSL_DIE_IF_NULL`.

PiperOrigin-RevId: 483648443
Change-Id: I9d6826443be72b30f71c18972436fa5f9c05048a
2022-10-25 05:50:59 -07:00
Christian Blichmann
4c87556901 Use Abseil's log/flags instead of glog/gflags
Follow-up changes might be required to fully fix up the contrib sandboxes.

PiperOrigin-RevId: 482475998
Change-Id: Iff631eb838a024b2f047a1be61bb27e35a8ff2f4
2022-10-20 06:48:51 -07:00
Christian Blichmann
79b6784b82 #Cleanup: Consistently use std::make_unique
PiperOrigin-RevId: 480597371
Change-Id: I145586382ad7a7694384cc672986132376a47465
2022-10-12 05:23:42 -07:00
Wiktor Garbacz
cb8efdc270 Sandbox2: Graciously handle mapping over Comms/Exec fds
Try to move the affected FDs transparently to avoid conflict.

PiperOrigin-RevId: 480105375
Change-Id: I0cd093fce120505d1cd4a1d081b3c0e63bf0210a
2022-10-10 09:39:01 -07:00
Christian Blichmann
b9c2830ebc Use new sandbox2::Comms ctor for default connection params
This change allows Sandbox2 to change how the default FD for comms is chosen.

PiperOrigin-RevId: 479526309
Change-Id: I69add85a244bc0385eaa164ab0ea3b036503c6d3
2022-10-07 02:08:20 -07:00
Wiktor Garbacz
3198ff06d3 Explicit Comms constructor with default params
This is to abstract the FD number away, so that we can change the way the FD number is chosen/communicated.

PiperOrigin-RevId: 479282707
Change-Id: Ic6726bcd0a17e97bde60804476ecbca2ffbf6525
2022-10-06 04:56:18 -07:00
Christian Blichmann
5b61445de9 Internal change
We have removed an internal-only sandbox mechanism that has been deprecated
for years. Some formatting/include changes may leak into the OSS version.

PiperOrigin-RevId: 475230500
Change-Id: Ib4efdf3282529ea50e8302e5ef7acfdd7d4c68e5
2022-09-19 01:58:32 -07:00
Wiktor Garbacz
d2c8c70d8e Internal change
PiperOrigin-RevId: 475224729
Change-Id: Id7c05c7542c44f58e7f4027c6932acd42f3a7857
2022-09-19 01:17:22 -07:00
Christian Blichmann
8de530036f Internal change.
Some includes may leak to OSS.

PiperOrigin-RevId: 474748898
Change-Id: Iff9dc4f91af211572ff4bbcf57330b36d7a957ab
2022-09-16 00:37:02 -07:00
Sandboxed API Team
75c7081622 For the SECCOMP event, check if the event msg is in the range of one of the known architectures.
If it isn't, assume that the process has exited and the event msg contains an exit code.

PiperOrigin-RevId: 471258449
Change-Id: I44408c30fe7fb39e20b55cea871f3efb68fcde67
2022-08-31 08:09:37 -07:00
Sandboxed API Team
e541f79abd forkserver_bin is usually embedded via cc_embed_data. So there is no real reason why it should be stamped.
PiperOrigin-RevId: 470013947
Change-Id: I7ff11fafdebb49e14c2b5dcae48c31fda6da2833
2022-08-25 09:54:24 -07:00
Christian Blichmann
7008aa21b6 Remove leftover definition from move to SyscallTable
PiperOrigin-RevId: 467930784
Change-Id: Id149fe9ef85718f28fcb396b03b574c32dc846d8
2022-08-16 08:24:56 -07:00
Sandboxed API Team
28504f1817 Make code not have a -Warray-parameter warning.
PiperOrigin-RevId: 467842322
Change-Id: Ic262a3f98fa823ef524ac02d08b2f5b8f4adf71d
2022-08-15 22:55:51 -07:00
Sandboxed API Team
deb3c8e77b Batch threads waiting for the monitor's attention.
Instead of doing waitpid() and processing one thread at a time, gather all waiting threads and then process them.

This avoids starving older threads when newer threads raise a lot of events.

PiperOrigin-RevId: 466366533
Change-Id: I81a878f038feac86407a8e961ecba181004f0f8a
2022-08-09 08:28:03 -07:00
Sandboxed API Team
78ee270388 Remove information about in-progress syscalls on process exit.
PiperOrigin-RevId: 463091104
Change-Id: I402cb61e9e816a20a87274ea874cddf91c101e14
2022-07-25 08:28:25 -07:00
Sandboxed API Team
4d906e7143 Fix visibility
PiperOrigin-RevId: 461617454
Change-Id: Id77bfbec2cc095005a434251c056b19c3c6a64c4
2022-07-18 07:44:38 -07:00
Wiktor Garbacz
1e4cf06f69 Block installing user notify inside Sandbox2
PiperOrigin-RevId: 458781163
Change-Id: Ifcaf940d8a70a9a4ab5b24aefdaaae622cfce4f3
2022-07-03 11:20:31 -07:00
Sandboxed API Team
e5bc3e69cd "Stack traces have been disabled" message goes to VLOG instead of INFO.
PiperOrigin-RevId: 456755121
Change-Id: I7eb7badcd5901a33dd2b2afc0833f00eeedacada
2022-06-23 06:42:35 -07:00
Sandboxed API Team
81871a98f7 Internal-only change.
PiperOrigin-RevId: 455553721
Change-Id: I923ab39b9bcd92a6a8e0dd8f95b01cc135ace919
2022-06-17 00:37:39 -07:00
Oliver Kunz
598b00103a This change introduces internal experimental support for Android.
PiperOrigin-RevId: 453669315
Change-Id: I6c3278804071caa2bb347cfeb584975339cb50d5
2022-06-08 06:51:41 -07:00
Oliver Kunz
546fda8f1e Internal change
PiperOrigin-RevId: 451384097
Change-Id: Ib1177bbb147074dfff8719a0733417f4f1afc9da
2022-05-27 06:45:58 -07:00
Sandboxed API Team
5513e560eb Add option to block the ptrace system call instead of denying it.
PiperOrigin-RevId: 451347905
Change-Id: Iaed0f6f116bca3be4e6e7009dddd4dd6267823bb
2022-05-27 02:57:37 -07:00
Sandboxed API Team
65487bca39 Fix typo.
PiperOrigin-RevId: 451345082
Change-Id: Id443348448fa4cb6e682d18be64d39e363e20e0c
2022-05-27 02:42:14 -07:00
Wiktor Garbacz
88b0a9e2e5 Fix possible crash when multiple termination conditions occur simultaneously
E.g. a failed `KillSandboxee` for a timeout would already set the exit status code while there could be an external kill pending at the same time which would try to `KillSandboxee` again and thus set exit status code again.

PiperOrigin-RevId: 448464765
Change-Id: Ic5744a576c4255504bfb1d5c4f33253b5bb32b6f
2022-05-13 04:35:27 -07:00
Wiktor Garbacz
5e61ce0853 More permissive ptrace handling in edge cases
This should make multithreaded sandboxees that exec (or send `SIGKILL`) behave more reliably.

PiperOrigin-RevId: 447458426
Change-Id: Ifdace340462199dc24c8cdf25d589ef6b24991e1
2022-05-09 06:58:27 -07:00
Sandboxed API Team
84673bbe3e Allow readlinkat with sanitizers
Required after https://reviews.llvm.org/D124212

PiperOrigin-RevId: 445551132
Change-Id: I140c67544d0cf18ee6c75aa9407777bd3414d929
2022-04-29 18:23:59 -07:00
Christian Blichmann
51799f99ae Introduce a transitional logging utility library
Instead of calling `google::InitGoogleLogging()` directly, introduce an
indirection via a new utility library. After this change, Sandboxed API
should consistently use `sapi::InitLogging()` everywhere.

For now, `sapi::InitLogging()` simply calls its glog equivalent. However,
this enables us to migrate away from the gflags dependency and use Abseil
flags. Once a follow-up change lands, `sapi::InitLogging()` will instead
initialize the google logging library with flags defined from Aseil.

Later still, once Abseil releases logging, we can then drop the glog
dependency entirely.

PiperOrigin-RevId: 445363592
Change-Id: Ia23a7dc88b8ffe65a422ea4d5233bba7bdd1303a
2022-04-29 02:14:06 -07:00
Oliver Kunz
905c252e71 Remove AllowStaticStartup because AllowDynamicStartup calls this as well
PiperOrigin-RevId: 445349786
Change-Id: I28686ede2e22e641a8f90caacedf289b2d5c9a2e
2022-04-29 00:48:37 -07:00
Christian Blichmann
6cbde854d6 #Cleanup: Consistently use char* argv[] instead of char**
PiperOrigin-RevId: 444782296
Change-Id: If8e7647be28f794392675ae001abbe9b809da0ac
2022-04-27 00:43:51 -07:00
Christian Blichmann
ff9009458c Disable deprecation warnings
Internally, we rely on clang-tidy to warn about using deprecated declarations.
And for using deprecated declarations within SAPI itself, we should not warn.

Drive-by:
- Fix warning in `mounts_test.cc`
PiperOrigin-RevId: 443634512
Change-Id: I7ef66f0ba77201026490baab07766510c1c55c6a
2022-04-22 04:58:02 -07:00
Christian Blichmann
a60ff1a95c Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
#Cleanup

PiperOrigin-RevId: 443359044
Change-Id: I2b3e385a1846feac79edd28fcbf6e85b1429a44a
2022-04-21 06:15:38 -07:00
Christian Blichmann
839914d6dd cmake: Rename build options to follow Abseil naming
`BUILD_TESTING` is a CMake provided option and we should use similar naming,
just like how Abseil does it.

- `SAPI_ENABLE_TESTS` -> `SAPI_BUILD_TESTING`
- `SAPI_ENABLE_CONTRIB_TESTS` -> `SAPI_CONTRIB_BUILD_TESTING`
- `SAPI_ENABLE_EXAMPLES` -> `SAPI_BUILD_EXAMPLES`

Drive-by:
- Fix option name in GitHub action
PiperOrigin-RevId: 443305932
Change-Id: Ice2b42be1229a0f9ae7c2ceda9ce87187baf22c4
2022-04-21 01:17:39 -07:00
Christian Blichmann
c0cfeed925 cmake: Include CTest in all projects, honor BUILD_TESTING setting
Including the `CTest` modules ensures that the `BUILD_TESTING` option is
defined and automatically calls `enable_testing()` if needed. It does not
change the default or introduce any dependencies on its own.

This follows what Abseil already does in their top-level `CMakeLists.txt`.

PiperOrigin-RevId: 443305646
Change-Id: If067c17470f497437c7748aab4aab5227c26e84f
2022-04-21 01:15:34 -07:00
Christian Blichmann
456d9f341e Sandbox2: Check for substring in CRC4 test
PiperOrigin-RevId: 442793060
Change-Id: If2483e13a9bdab5803e949bc4b568caa9569a818
2022-04-19 06:15:34 -07:00
Sandboxed API Team
ce5da915a2 Add default member initializer for sandbox2::Executor::Process members
PiperOrigin-RevId: 440877694
Change-Id: I0899393b05d064cd8318e11eef796f89b3c0ad0e
2022-04-11 06:59:17 -07:00
Sandboxed API Team
1db315207a Allow access to /sys/devices/system/cpu/
PiperOrigin-RevId: 439506287
Change-Id: I5d41ed234860f02329c960144b1da725e24549dd
2022-04-05 00:29:08 -07:00
Oliver Kunz
ed853afbe5 Extend ValidateInterpreter with Android_Arm64 interpreter
PiperOrigin-RevId: 438325813
Change-Id: I13fc285f19ff333e56ef018a77ec5c789d8b09ff
2022-03-30 09:45:58 -07:00
Oliver Kunz
c1ac5c3833 Changes to comms_test module to run unittests with --config=android_arm64
PiperOrigin-RevId: 438017732
Change-Id: I10a8ec154793f57f194a265e590f39b36c3d3043
2022-03-29 07:16:43 -07:00
Christian Blichmann
f928f1dd7c Fix stack traces on Fedora
This fixes the main issue (#118) with stack traces on Fedora, which uses a
`/lib64` and `/usr/lib64`.

PiperOrigin-RevId: 437717858
Change-Id: I6986aa84c2be57ae1d9f8d0cb9b508768d27f1c1
2022-03-28 04:05:36 -07:00
Oliver Kunz
44cd37c94e Make use of the new AllowPrctlSetName convenience function.
PiperOrigin-RevId: 436727461
Change-Id: Iab1945c422b8db98a220cdeacdec7c9868ea9e84
2022-03-23 06:59:40 -07:00
Oliver Kunz
ab9c4afb15 Create a convencience function to set the name of a thread/process
PiperOrigin-RevId: 436661002
Change-Id: Ia66cef2f3eda829c65bc07e2ac43a0b2c878eb7b
2022-03-22 23:39:06 -07:00
Sandboxed API Team
df8a2f77eb Automated rollback of commit 809fb49341.
PiperOrigin-RevId: 436285752
Change-Id: I0607d9db08343e23d22ba9cb945cb6ef74739a14
2022-03-21 13:09:36 -07:00
Oliver Kunz
809fb49341 Create a convencience function to set the name of a thread/process
PiperOrigin-RevId: 436215084
Change-Id: I17dc8930a117fe67bd1b87e2ae3d4652875780df
2022-03-21 08:36:01 -07:00
Oliver Kunz
d0f5f547cb Patch sandbox2/comms module to build for Android.
PiperOrigin-RevId: 435318451
Change-Id: If0e40bab30f3cb68d7e79f26d2336c638742f1ac
2022-03-17 05:27:07 -07:00
Oliver Kunz
ee11d9fdb7 Migration of remaining protobufs from proto2 to proto3
PiperOrigin-RevId: 434973223
Change-Id: I5518aa3944cab94d33ce0538bed8ee82f90d4b3a
2022-03-16 00:43:46 -07:00
Oliver Kunz
206547591b Migrate forkserver.proto to proto3 syntax
PiperOrigin-RevId: 434458725
Change-Id: I277f76a1a5ebd3eed15c6b3f3e7f849bf6edacea
2022-03-14 07:28:23 -07:00
Oliver Kunz
68eaa815ce Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
PiperOrigin-RevId: 434435260
Change-Id: Ie4cfe04bf1a9357e63b6159c3d5a8b95388b5292
2022-03-14 05:15:15 -07:00
Wiktor Garbacz
50c55e8ac0 Provide clearer error message when global forkserver is chrooted
PiperOrigin-RevId: 433686276
Change-Id: Ieb01f9dcafdce7bcb548807169f429cc8a181e56
2022-03-10 01:32:55 -08:00
Wiktor Garbacz
52d1ea8984 Avoid hard failures in StartSubProcess
PiperOrigin-RevId: 433453289
Change-Id: Ib8b08ddd31c4daa9a377960d52f0a7eb7b17de19
2022-03-09 05:17:15 -08:00
Oliver Kunz
c5565241c1 Rewrite IsEquivalentNode without the use of MessageDifferencer
PiperOrigin-RevId: 433422767
Change-Id: I891a8f5f027115898590a43bed5d25c51c1db944
2022-03-09 01:56:50 -08:00
Wiktor Garbacz
612ff57913 Replace deprecated SetWalltimeLimit call
PiperOrigin-RevId: 433414976
Change-Id: I0597a2d8215d4b228794da409e3533651972a98c
2022-03-09 01:01:49 -08:00
Wiktor Garbacz
20edaae54f Add an option to allow mount propagation
PiperOrigin-RevId: 433211924
Change-Id: I653f000d44de10b668b375fd2dfff3c668cbf673
2022-03-08 08:01:19 -08:00
Oliver Kunz
2650834d7c Add unittest for IsEquivalentNode
PiperOrigin-RevId: 433172902
Change-Id: Ie6fb44e682be947fb9f8b856c5e804aa91647a6d
2022-03-08 04:04:57 -08:00
Wiktor Garbacz
8a5740fbb1 Better handle invalid read-write mounts
PiperOrigin-RevId: 433136095
Change-Id: I17eb347c0a5cfef5e05c3717dfdd83055d967e35
2022-03-07 23:57:57 -08:00
Sandboxed API Team
32d19f9e57 Disable compress_stack_depot in sandbox
The feature is pure optimization, but it requires
additional syscalls.

PiperOrigin-RevId: 432954277
Change-Id: I1f345f8a26c86e09611fd575cb6ee080f24cc717
2022-03-07 08:43:42 -08:00
Wiktor Garbacz
d1995bdca5 Add a helper for allowing epoll
PiperOrigin-RevId: 432879710
Change-Id: I7cc991358ce25729b002210a04bacb3ae91d8a1f
2022-03-07 00:54:21 -08:00
Sandboxed API Team
8e82b900f4 Automated rollback of commit 5f34d11e77.
PiperOrigin-RevId: 432491462
Change-Id: Id92eabbb140df85b7b48f6f107ef9f44c3c6dff5
2022-03-04 11:19:19 -08:00
Wiktor Garbacz
5f34d11e77 Add a helper for allowing epoll
PiperOrigin-RevId: 432387441
Change-Id: I52865ab4abd4ebaf9842859b5f2718b204f4c6ea
2022-03-04 01:24:55 -08:00
Wiktor Garbacz
1cf2d840dd Add PolicyBuilder::OverridableBlockSyscallWithErrno
PiperOrigin-RevId: 432201719
Change-Id: I5cac1a03a7ec95598bae87ff13d38e4bedf62beb
2022-03-03 08:37:04 -08:00
Oliver Kunz
077203fcf2 Change to proto2::MessageLite and resolve reflextion for mobile builds
PiperOrigin-RevId: 432164927
Change-Id: I0821cf443393b0bb16a68fc5750a9633a3f27725
2022-03-03 04:48:30 -08:00
Sandboxed API Team
e1a9513783 Move few policies from tsan to All section.
munmap is widely used by sanitizer, but it
probably works for Asan/Msan because it's enabled
by unrelated Allow* call.

Move mprotect to shared part as well. It will be
needed for compress_stack_depot.

PiperOrigin-RevId: 431989551
Change-Id: I7695a2de81d8d0b2112d3308778b2e9a9c7cb596
2022-03-02 11:38:35 -08:00
Sandboxed API Team
546365655d Introduce commandline flag to pass forkserver_bin path for Android builds.
PiperOrigin-RevId: 431942480
Change-Id: I5382b4fc8e8a66bb823dda597e1b812421364212
2022-03-02 08:12:21 -08:00
Sandboxed API Team
3f042fa54f Fix monitor for Android-ARM64
PiperOrigin-RevId: 431926820
Change-Id: Ie5adc1ec6accc7e68782c26b65fac0c32cded498
2022-03-02 06:42:42 -08:00
Sandboxed API Team
9a7ba28ea7 Allow sanitizer to print reports
PiperOrigin-RevId: 430271415
Change-Id: Ieb23663aa6ff5997ce0a6b1e81dcb2385ac4b509
2022-02-22 12:33:55 -08:00
Wiktor Garbacz
a2daa0a275 Fix BlockSyscallsWithErrno
PiperOrigin-RevId: 429982218
Change-Id: I42b187e678542b295542ca44882945c7695178e1
2022-02-21 00:46:50 -08:00