Wiktor Garbacz
632fdc639d
Add missing includes
...
PiperOrigin-RevId: 559052007
Change-Id: I3bc95cbc204c207d60c5aabb414840fdaba8c0c6
2023-08-22 02:56:16 -07:00
Wiktor Garbacz
1e26cd50dc
Always override forkservers comms_fd in sandboxee
...
PiperOrigin-RevId: 558721787
Change-Id: I331efd38b0571877b53cdc14190bae0ed639ce3f
2023-08-21 02:15:52 -07:00
Wiktor Garbacz
56d11ae733
Client::PrepareEnvironment simplify by supporting just a single preserved fd
...
PiperOrigin-RevId: 558133382
Change-Id: I043985fcf331761b424ce720791711e5ea1f4fb9
2023-08-18 06:52:45 -07:00
Wiktor Garbacz
1e9b686c4f
Make Comms
movable
...
PiperOrigin-RevId: 558110484
Change-Id: I87fec43c0157e16ba683c498d8b50b3655efac17
2023-08-18 04:41:30 -07:00
Wiktor Garbacz
08b81b52e0
Internal change
...
PiperOrigin-RevId: 558105430
Change-Id: I6b0c1c3a389b8b22c50fe3b2e753aba9a3e804ab
2023-08-18 04:10:42 -07:00
Wiktor Garbacz
bf9fe79dbe
Introduce a SAPI_RAW_VLOG_IS_ON just for raw_logging
...
PiperOrigin-RevId: 558094899
Change-Id: I9da55eb55af22eafc74a81999dc920dbab98a1a3
2023-08-18 03:12:36 -07:00
Wiktor Garbacz
ff23e878d3
Prefer regular logging to raw_logging
...
PiperOrigin-RevId: 558089528
Change-Id: Id3fb3ec16d25c5df859c305e1b0db00b54212958
2023-08-18 02:43:27 -07:00
Wiktor Garbacz
b258535161
Treat libunwind sandbox as a ~regular sandboxee
...
This removes dependency on unwind from forkserver,
which should reduce binary size for all the custom forkservers (also the SAPI generated ones).
Unwind was only ever used by the global forkserver anyhow
PiperOrigin-RevId: 557921074
Change-Id: Iea4904da0506fee5a00f970538f512cba7b02326
2023-08-17 13:32:44 -07:00
Wiktor Garbacz
6a64659fac
Use default SAPI policy in the examples
...
PiperOrigin-RevId: 557903883
Change-Id: Ieb65c5cf109037073449f16a466e33937deeb553
2023-08-17 12:34:47 -07:00
Wiktor Garbacz
77fbfa7f5f
forkserver: use eventfd instead pipe for initial namespace creation
...
PiperOrigin-RevId: 557764601
Change-Id: I146c67bc6d4ba68f17c2117b1ca4d6bc71d30ffa
2023-08-17 03:02:19 -07:00
Wiktor Garbacz
5d13550877
Allow set_robust_list for TSAN
...
It might spawn a thread which will likely invoke that syscall.
PiperOrigin-RevId: 557762639
Change-Id: I26a7a79253338bbe83d22d1680256e5cdb914762
2023-08-17 02:52:53 -07:00
Wiktor Garbacz
18c64ae10f
Adjust sandboxed_api default policy
...
PiperOrigin-RevId: 557762512
Change-Id: I600c8126ee09b8bab927013de25fcb836c78ac9a
2023-08-17 02:51:59 -07:00
Christian Blichmann
f378d22405
Clang tool: Skip protobuf namespaces when emitting headers
...
The protobuf internals are not needed in the API header and will be made
available as soon as user code includes any generated proto header.
PiperOrigin-RevId: 557749772
Change-Id: Idc48a652ab1892dae559192afbde20ae34e4c7ce
2023-08-17 01:58:33 -07:00
Wiktor Garbacz
0a0bf05dc3
Readd VLOGs removed by mistake
...
PiperOrigin-RevId: 557739843
Change-Id: I21497028fc26388fec8a45ee1bfa2f11cf9022d2
2023-08-17 01:13:21 -07:00
Sandboxed API Team
7d78b89777
Fix typo.
...
PiperOrigin-RevId: 557598808
Change-Id: I02ac71ca025be9a5e45011b1bbeb07a144b2e632
2023-08-16 14:13:42 -07:00
Sandboxed API Team
034f24001e
In Sandbox2 IPC class, add a MapDupedFd() function to allow application to retain ownership of the local_fd.
...
PiperOrigin-RevId: 557539211
Change-Id: Ib74a305333bc51a261c766052284e9fa68115e9d
2023-08-16 10:58:55 -07:00
Wiktor Garbacz
abd3faf51b
monitor_unotify: Use eventfd instead of pipe for notifications
...
PiperOrigin-RevId: 557479262
Change-Id: Ie03e4e8915950999ff0b47e8b08c50241e53a600
2023-08-16 07:29:11 -07:00
Wiktor Garbacz
7a57d32711
forkserver: Remove waitpid flag
...
It was superseded by sandboxee rusage when using unotify monitor
PiperOrigin-RevId: 557396642
Change-Id: I41f84149227f62d4b7727030f9359834a9b61dbc
2023-08-16 01:33:12 -07:00
Christian Blichmann
c501379056
Clang tool: Prevent extra nesting of namespaces
...
When specifying the `namespace` argument in Bazel (`NAMESPACE` in CMake), the
Clang tool used to put _all_ dependent types in that namespace.
For a declaration of `namespace a::b { struct S {...};` and a `namespace`
argument of `a::b`, this means that the header output was similar to
```
namespace a::b {
namespace a::b {
struct S { ...
```
This was never intended and also does not match the Python based header
generator. The Clang tool now "merges" those same namespaces. This is
correct, as it processes `namespace`d spellings with their full namespace
path.
PiperOrigin-RevId: 557393076
Change-Id: I1474dd30b6c4150d0ae3c1c48579f88060974980
2023-08-16 01:17:54 -07:00
Wiktor Garbacz
1c2596785b
Clearer logs on execveat failures
...
Drive-by: remove redundant log prefix (PLOG prepends filename and line)
PiperOrigin-RevId: 557367980
Change-Id: Id7cc945969e0ae06a451ca3dd0f3e288402b9136
2023-08-15 23:30:44 -07:00
Christian Blichmann
ae3d334cc2
generator2: Skip anonymous structs/unions
...
The Python code has been relying on `spelling` to return `None` for skipping
anonymous structs/unions.
libclang has been returning a "spelling" for those for a while now (LLVM 16
introduced this in its branch in 2022), though, so this check no longer works.
Use the correct method `clang.CIndex.is_anonymous()` instead.
PiperOrigin-RevId: 557099905
Change-Id: I13707509dbae03481c5edce7fa92554cefdd57e7
2023-08-15 05:20:47 -07:00
Christian Blichmann
352d1f8fb2
Clang tool: Emit aggregates with default initialized members
...
PiperOrigin-RevId: 556765694
Change-Id: I2547919cdc1fcb048c99de325a8b2c24800b0e06
2023-08-14 06:14:43 -07:00
Wiktor Garbacz
8b70461db4
Automated rollback of commit a946cedc95
.
...
PiperOrigin-RevId: 555902433
Change-Id: I93efb401e64b90ba114911b87ed680456037d248
2023-08-11 04:54:59 -07:00
Wiktor Garbacz
a946cedc95
PtraceMonitor: Add a hard deadline for waiting for kill to take effect
...
PiperOrigin-RevId: 555854230
Change-Id: If323725e5112344105627844910356dd14c9ad31
2023-08-11 02:01:10 -07:00
Wiktor Garbacz
01e14e0bb7
Fix bypass for enabling ptrace
/bpf
...
PiperOrigin-RevId: 555847265
Change-Id: I671c0650caeefaac590d3d0030ff90e18fda6bbd
2023-08-11 01:34:27 -07:00
Wiktor Garbacz
3079d2b4e0
Make Policy a simple copyable type
...
PiperOrigin-RevId: 555146979
Change-Id: I83d7260d65d4291c418e6c8e80385cbdc8fbc758
2023-08-09 06:44:22 -07:00
Wiktor Garbacz
c14312c3a2
Kill on each iteration of graceful exit loop
...
I believe it's possible for the `main_pid` to disappear between `kill` and `sigtimedwait` by means of an `exec` from a multithreaded process (`PTRACE_EVENT_EXIT` happens after the `exec`ing thread changes its tid to main_pid)
PiperOrigin-RevId: 555137959
Change-Id: Id22908fb31497c0906e4f4fda66400fbf9ac9efb
2023-08-09 06:00:19 -07:00
Wiktor Garbacz
48bbb06fe7
Move log warning about non-namespaced stacktraces
...
PiperOrigin-RevId: 554493643
Change-Id: I27755322edcd7c0191cd125ec8ffdace18a6460c
2023-08-07 09:07:06 -07:00
Wiktor Garbacz
4890c86cec
Mark GetNamespaceDescription const
...
PiperOrigin-RevId: 554460753
Change-Id: I3304fb7d19f93750b1d74aeb1b8213af2f0fea85
2023-08-07 06:48:11 -07:00
Wiktor Garbacz
dd664400d7
More verbose logging on graceful exit timeout
...
PiperOrigin-RevId: 554382651
Change-Id: I7205fed9285b2aaff93860782d65d3dc829bb5f9
2023-08-07 00:28:10 -07:00
Sandboxed API Team
0a0ac6a66b
Automated rollback of commit 4d625e521b
.
...
PiperOrigin-RevId: 553536999
Change-Id: If6ae319e54a3ea5eb88e00888044ba1088bd62d2
2023-08-03 11:23:05 -07:00
Wiktor Garbacz
7722c07d0c
Mark Mounts::RecursivelyListMounts()
const
...
PiperOrigin-RevId: 553472906
Change-Id: Ia222751fd4b978dece6ef12c6677db8f3092ac1b
2023-08-03 07:40:16 -07:00
Wiktor Garbacz
4d625e521b
Move log warning about non-namespaced stacktraces
...
PiperOrigin-RevId: 553472372
Change-Id: Iba43cba78edd1826afb29f49a7e08e919554ed80
2023-08-03 07:37:54 -07:00
Wiktor Garbacz
3f9e9a2b25
Make Namespace copyable, movable and copy/move assignable
...
There is no strong reason why this shouln't be the case.
Some future refactorings will depend on this.
PiperOrigin-RevId: 553456024
Change-Id: I452a2804c59ed006326ab37cbe0dec80f53cd714
2023-08-03 06:21:13 -07:00
Wiktor Garbacz
29b7b49325
Use return value directly instead of SAPI_ASSIGN_OR_RETURN dance
...
PiperOrigin-RevId: 553449209
Change-Id: Id344bc84a42edfaf92b95dc8cf92582001183494
2023-08-03 05:45:58 -07:00
Wiktor Garbacz
fc8a2340c7
Rename GetCloneFlags
...
PiperOrigin-RevId: 553448623
Change-Id: Ia49b16dd4b8795ba95bab8a8ea0c7ffc50bba628
2023-08-03 05:42:29 -07:00
Wiktor Garbacz
8fbe21ce0e
Really give priority to main_pid
...
Do process all events as soon one for priority_pid arrives.
PiperOrigin-RevId: 553156575
Change-Id: I57a9b4ca54a0e0fe5f01245b130f53ef3f8678fc
2023-08-02 08:42:51 -07:00
Wiktor Garbacz
3bbb98c494
Better error when calling RunAsync on a Sandbox2 instance twice
...
PiperOrigin-RevId: 553129224
Change-Id: I92ff15d111ccd5e7d4310a2e1559811dd1cc7027
2023-08-02 06:44:21 -07:00
Wiktor Garbacz
1c960e8389
EmbedFile: Reopen memfds as readonly to workaround problems with CRIU
...
CRIU while restoring memfd sometimes reopens them, which might result in ETXTBUSY on execveat.
PiperOrigin-RevId: 553114741
Change-Id: I11ee7aabe48a2853a8921a270c6cdcc70b50a518
2023-08-02 05:28:04 -07:00
Oliver Kunz
eaa175c8d2
Sandbox2: Remove file sealing for in-memory files.
...
The `CreateMemFd` function sets the `MFD_ALLOW_SEALING` flag which enables seals to be set and creating an empty file seal.
PiperOrigin-RevId: 550850108
Change-Id: I1a84b7b14cc9396144048bbeb8995f2f7eca9fb7
2023-07-25 05:04:52 -07:00
Oliver Kunz
04ed89906b
Adding AllowOpen to AllowLlvmSanitizers to avoid having to add AllowOpen in addition when it's only needed for running under the sanitizers.
...
In cases where SAPI users overwrite the default policy instead of extending it, the sandbox will fail with an `openat` violation. This is automatically inherited in the default policy.
The advantage with this implementation is that we don't expose the open* syscalls when not running under the sanitizers.
PiperOrigin-RevId: 550845188
Change-Id: I151d467848983b00b71ec8447d662394fa7176db
2023-07-25 04:38:43 -07:00
Wiktor Garbacz
9d1d4b7fd3
Disallow AddPolicyForSyscalls with an empty list
...
PiperOrigin-RevId: 549887306
Change-Id: I05a97b39a2c92ad5ab2002c7af7e83a8184392cf
2023-07-21 02:24:44 -07:00
Wiktor Garbacz
e86462db77
Remove redundant buffer test
...
It tested Comms rather than different Buffer functionality.
PiperOrigin-RevId: 549880115
Change-Id: I095464540fa21cc4b3bee1d87e1e046807b6f18c
2023-07-21 01:53:54 -07:00
Wiktor Garbacz
7683f6995b
Do not use GIT in FetchContent_Declare
...
This causes whole repo (with history) to be fetched.
Protobuf repo is especially big (>200MiB).
PiperOrigin-RevId: 549285765
Change-Id: Ifb5e3a549a014adb51e6e5eef41e72abf0149558
2023-07-19 05:20:28 -07:00
Wiktor Garbacz
25f27ef935
Allow replacing a read-only node with writable for same target
...
PiperOrigin-RevId: 548942347
Change-Id: I4b22740ca27772831afcddb69d515c84aca04c51
2023-07-18 02:45:13 -07:00
Chris Kennelly
4ba75ea0a2
Allow TCMalloc users access to the possible cpus list.
...
This is to facilitate online/offline core counting for an accurate count of the
maximum CPU ID that may be seen.
PiperOrigin-RevId: 548715133
Change-Id: I159c0d51b9800fa633172986ba4f8eca352ae336
2023-07-17 09:31:22 -07:00
Wiktor Garbacz
f0e85cea13
Introduce AddFile(At)IfNamespaced/AddDirectory(At)IfNamespaced
...
Use the new interface in AllowRestartableSequences.
PiperOrigin-RevId: 548619728
Change-Id: I1f8aeb9a1cb412c50391d65a3cd148f77b46bd6f
2023-07-17 01:58:46 -07:00
Sandboxed API Team
39026f7678
Internal Code Change
...
PiperOrigin-RevId: 548043988
Change-Id: Iba4a828eeb53205f28dae85fc179cee21b104632
2023-07-14 00:30:56 -07:00
Sandboxed API Team
a3fa7d27d5
Internal Code Change
...
PiperOrigin-RevId: 547689091
Change-Id: I76ddcaefcc50f8ce706d59dae99877ca6f28544d
2023-07-12 22:13:27 -07:00
Sandboxed API Team
619030326c
Internal Code Change
...
PiperOrigin-RevId: 547420866
Change-Id: I7b80e96531a234281a323c03903b922704019135
2023-07-12 01:09:40 -07:00
Oliver Kunz
5dd7584e55
Propagate compatible_with through sapi_library.
...
If a sandboxing target sets a `compatible_with` constraint, the current sapi.bzl doesn't propagate this to the subsequent target generations.
We implement the forwarding similarly to the `visibility` attribute.
PiperOrigin-RevId: 546838438
Change-Id: I8a0b2623ee3aa91ffe7e6f4b001177c03806f532
2023-07-10 05:07:23 -07:00
Sandboxed API Team
a94b17d821
Use Protobuf's AbslStringify to stringify protos.
...
Protobuf DebugString APIs will be deprecated.
PiperOrigin-RevId: 543355252
Change-Id: Ieea97e87fc592c023cb2f965be3926f52192ffe4
2023-06-26 00:33:33 -07:00
Christian Blichmann
64ac98bf4d
Sandbox2: Remove commented out include
...
PiperOrigin-RevId: 542784635
Change-Id: Ie763ff5606e2241b2a5e3f89d57ed8d3e1c1ee63
2023-06-23 00:46:59 -07:00
Oliver Kunz
0463298780
Sandbox2: Improve logging of syscall information.
...
- If --sandbox2_danger_danger_permit_all_and_log is set, we write to a logfile (passed via the flag).
- If --sandbox2_danger_danger_permit_all is set, we do not write any log information.
This change introduces a means to also see the syscall information on stderr by passing --v=1 and --alsologtostderr.
PiperOrigin-RevId: 542232271
Change-Id: Ie4d30f0d8e25bb1de7c60bb37736b27b89406336
2023-06-21 06:11:57 -07:00
Sandboxed API Team
cf43c0f02c
Allow prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, ...) with tcmalloc
...
PiperOrigin-RevId: 540905937
Change-Id: I9275b193ff42b4741925c3cf825841ca9a4071db
2023-06-16 09:34:07 -07:00
Kevin Hamacher
93c1423b15
sandbox2: Provide sandboxee rusage when using unotify monitor
...
PiperOrigin-RevId: 540841898
Change-Id: Icc635e107c138ac67e2b948eadbbcb4234f6c7f8
2023-06-16 04:37:18 -07:00
Kevin Hamacher
66aeb6e59d
Error out if invalid custom forkserver path is specified
...
PiperOrigin-RevId: 540526350
Change-Id: Id7f4ea9290074c15c700c27c2d252b9f54a282bd
2023-06-15 03:17:02 -07:00
Christian Blichmann
04cb14791e
Clang tool: Enable incremental pre-processing
...
This avoids doing extra work when processing multiple input files.
PiperOrigin-RevId: 539884025
Change-Id: I8e48495f33c09bc53e70f4d5c1d730fe7c1202b2
2023-06-13 01:04:38 -07:00
Christian Blichmann
f2048d028f
Clang tool: Force-undefine feature preprocessor defines
...
To avoid code that is being parsed to include the intrinsics headers, undefine
a few key preprocessor defines.
PiperOrigin-RevId: 539878995
Change-Id: I8afb7cbdadcab3214c943c0acb9006e8bcc30611
2023-06-13 00:38:05 -07:00
Wiktor Garbacz
654668fc4e
stack_trace: avoid copying /proc/{pid}/exe if possible
...
The executable might not be inside the mount tree.
PiperOrigin-RevId: 539564862
Change-Id: I94e748608a36c8e9203ffe4b6de443e026e4546a
2023-06-12 00:14:40 -07:00
Christian Blichmann
045ace8dcb
Update Google dependencies
...
- Abseil
- Protobuf
- Benchmark
- Googletest
In turn, some code changes were necessary:
- Use absolute imports in `sapi_generator.py` when invoked by Bazel
- Add Abseil's source dir as include dir in generated proto `.cc` files
- Bazel: Use `@rules_proto` for `proto_library` and use native `cc_proto_library`
Drive-by:
- Update year in `README.md`
- Look for clang versions 16, 15, 14, and 13 as well in `code.py`
PiperOrigin-RevId: 539032012
Change-Id: Ib9cd1d7fb38409d884eb45e1fa08927f6af83a21
2023-06-09 03:22:00 -07:00
Christian Blichmann
72452e1582
Mostly internal change: Optimize OSS transforms
...
This should only affect the Bazel `BUILD.bazel` files and their formatting.
PiperOrigin-RevId: 538426054
Change-Id: I0162726d3fb4bcb4d7938cddc6f39e0d9f2b4a3d
2023-06-07 02:23:18 -07:00
Wiktor Garbacz
6cd83d68de
Fix deadlock in forkserver if setting ns fails
...
Also make sure we don't kill everything (with a `kill(-1, SIGKILL)`) if reading the pid fails.
PiperOrigin-RevId: 536371566
Change-Id: I17f6ae36b73ec43735709ff16d276abaebb00d44
2023-05-30 05:49:40 -07:00
Christian Blichmann
1c7dfdac12
Bazel: Remove obsolete WORKSPACE
dependencies
...
PiperOrigin-RevId: 536368855
Change-Id: Ied2eb8bdaebb9d780691563198799ae240146d73
2023-05-30 05:34:47 -07:00
Wiktor Garbacz
7ba0a794d1
Fix check for init process
...
PiperOrigin-RevId: 532473530
Change-Id: Ia5f84073e372a63f70425d0fa68ac178019e80be
2023-05-16 08:51:15 -07:00
Christian Blichmann
1bf9437f95
Add GitHub workflow to build Clang tool based header generator
...
Drive-by:
- Add flags to link libgcc and libstdc++ statically into the binary, making it
"mostly static"
PiperOrigin-RevId: 532349354
Change-Id: I0a86eb29b6a40aec4cec3cffeaf9511726ee4dc8
2023-05-15 23:45:57 -07:00
Sandboxed API Team
70e3d9f560
...remove deprecated SetWallTimeLimit variant.
...
PiperOrigin-RevId: 531477563
Change-Id: I84ca9823ae5f7a0002049ac69b42527872a7ce66
2023-05-12 05:22:52 -07:00
Christian Blichmann
b6cc0ce80d
CMake: Make the path to the Clang tool configurable
...
Set `SAPI_CLANG_TOOL_EXECUTABLE` to specify the location of a pre-built Clang
tool based header generator.
PiperOrigin-RevId: 531425738
Change-Id: I723d19122cc738d9906c8c568d156d44c58d9746
2023-05-12 00:29:55 -07:00
Christian Blichmann
4925df5419
CMake: Add option to link the Clang libraries statically into the header generator
...
Tested on Debian 10.13 with `LLVM-{11,12,13,14,15,16,17}` packages from https://apt.llvm.org/ .
PiperOrigin-RevId: 531211601
Change-Id: I91babb5d85be2a22a4b17d757a5f626de6c03881
2023-05-11 08:36:11 -07:00
Christian Blichmann
a078043f8e
CMake: Increase minimum required LLVM version to 11
...
LLVM 11 is now preseent in all major stable Linux distributions.
PiperOrigin-RevId: 531204137
Change-Id: I6f20aea425915023ea6113c17ff5a038a74aa919
2023-05-11 08:04:59 -07:00
Christian Blichmann
bfa0186f72
CMake: Rename option to enable the Clang tool based header generator
...
`SAPI_ENABLE_GENERATOR` => `SAPI_ENABLE_CLANG_TOOL`
This prepares further changes in this area.
PiperOrigin-RevId: 531201213
Change-Id: I56bd450e6ed2dd1dbbf45db2825a75c56d277037
2023-05-11 07:52:50 -07:00
Wiktor Garbacz
9b307fc204
Remove leftover stack_trace sources from sandbox2 target
...
PiperOrigin-RevId: 531168602
Change-Id: Ib9c0942e5ba9cf0d577f88a6091245ca02d5674e
2023-05-11 04:59:29 -07:00
Wiktor Garbacz
5b12071ba0
Remove WaitForSanitizers from ptrace monitor & add to global forkserver
...
This makes should ensure global forkserver will be single threaded before forking the sandboxees as it does not go through WaitAndFork.
Waiting for sanitizers is not needed in the monitor and should reduce latency
by 1 second for all sanitizer builds. Currently it'll always wait up to 1 seconds for the process to become single-threaded, which will never happen as monitor itself is running in a separate thread.
PiperOrigin-RevId: 530878018
Change-Id: Ie9f663848502f2738721861b0ba2dc6f3cc9f1c9
2023-05-10 05:06:18 -07:00
Kevin Hamacher
fb1571c801
Automated rollback of commit f6fd27618b
.
...
PiperOrigin-RevId: 529395980
Change-Id: I6a5d451ed84f8d4a522777815c6cc2d7d7a8923c
2023-05-04 06:53:48 -07:00
Christian Blichmann
7e9f6c3df3
Fix typo
...
PiperOrigin-RevId: 529325261
Change-Id: Ia663900a55d51805e330d989ed0965dc4e8f9b17
2023-05-04 00:46:53 -07:00
Oliver Kunz
9ab20c5411
Implements the ability to control who is allowed to enable unrestricted networking.
...
PiperOrigin-RevId: 529309275
Change-Id: Icd88a4469b0c36af96638d44f9e909085c7120d5
2023-05-03 23:29:34 -07:00
Sandboxed API Team
f6fd27618b
Automated rollback of commit 8c53262539
.
...
PiperOrigin-RevId: 529101664
Change-Id: Ica452c6ee8f54b78be09fa830a09d6a89800cf44
2023-05-03 08:45:11 -07:00
Kevin Hamacher
8c53262539
Allow forkserver to use waitpid as alternative to sa_nochldwait
...
PiperOrigin-RevId: 529074278
Change-Id: If63015586673610e111ee589995e5264523be7a7
2023-05-03 06:41:07 -07:00
Wiktor Garbacz
a5bad44fac
Fix wrong pytype annotation
...
PiperOrigin-RevId: 520972266
Change-Id: Ib5775e01bf3389e7d123480b3bb3b7a4f33a07b0
2023-03-31 11:30:33 -07:00
Wiktor Garbacz
0caa3e740c
Do not expose forkserver.h
...
PiperOrigin-RevId: 520562657
Change-Id: I89fbe3012a5e63a50c46fd4f1e4ade8d36616c0b
2023-03-30 00:49:44 -07:00
Wiktor Garbacz
5efae5cdf5
Do not exit from within ForkServer to get more precise coverage data
...
PiperOrigin-RevId: 520273079
Change-Id: I3f37d9eacc2c284c45f37842e1e63364cf64faf2
2023-03-29 02:22:16 -07:00
Wiktor Garbacz
a4d602298b
Dump coverage prior to execveat
...
PiperOrigin-RevId: 520002416
Change-Id: Ic792b0b71b8e7b2f00b669db9b6831acd8341c5c
2023-03-28 05:50:43 -07:00
Wiktor Garbacz
1755ba08e1
Internal Code Change
...
PiperOrigin-RevId: 519725866
Change-Id: Ibac005b875127ae68e28346fb78e74e789cff01e
2023-03-27 08:14:10 -07:00
Sandboxed API Team
9f2ba9d6a1
Comms constructor for non abstract sockets
...
Allows to create a Comms with unix domain sockets that are not abstract. This allows to use Comms to talk across network namespaces
PiperOrigin-RevId: 518854724
Change-Id: I4fd65466bba9512f448b73bde367f38a0fbb584d
2023-03-23 07:34:32 -07:00
Sandboxed API Team
18894d57f9
Add a helper method to allow the eventfd* family of syscalls.
...
PiperOrigin-RevId: 518565738
Change-Id: I2a3efe069ab1da65dd5f7cdcd3762637b7274b49
2023-03-22 07:46:56 -07:00
Wiktor Garbacz
b50bc23138
Remove no longer needed friend declaration
...
Drive-by dependencies cleanup
PiperOrigin-RevId: 518551045
Change-Id: I132dfc42945f500e8efec58a4d58d3bee4d1f191
2023-03-22 06:27:21 -07:00
Wiktor Garbacz
8a38e4de47
Copy environ in sandbox2_test to get better coverage data
...
PiperOrigin-RevId: 518544187
Change-Id: Id13a5503060817e1dead7ee4a5e310d322de3a5e
2023-03-22 05:47:00 -07:00
Wiktor Garbacz
99931c2ad6
Move abort into ExecuteProcess and mark it noreturn
...
PiperOrigin-RevId: 518528953
Change-Id: Ieaa03af484188bb35f9734d69d987eabbdcc23ab
2023-03-22 04:07:10 -07:00
Sandboxed API Team
b62d103426
Internal change
...
PiperOrigin-RevId: 518204712
Change-Id: Idcb8cc7b20198dcc0f3692aa0c89e9c620b9d65d
2023-03-21 01:49:22 -07:00
Wiktor Garbacz
9867ce3beb
Make SAPI_RAW_LOG(FATAL, ...)
noreturn
...
PiperOrigin-RevId: 517941912
Change-Id: I655aaf7101c566f8f01c1a5296539186701a10de
2023-03-20 05:43:28 -07:00
Wiktor Garbacz
10b89d4d33
Add missing LOAD_SYSCALL_NR
...
PiperOrigin-RevId: 516777043
Change-Id: Icccb8260c7e54299c5aa2ddfee4086232e2b8ffb
2023-03-15 03:29:56 -07:00
Wiktor Garbacz
690b31a038
Fix the poll in wait_for_sandboxee branch
...
PiperOrigin-RevId: 516544270
Change-Id: Ibb10611b9b7713ac6513199b6213c15d22772ea5
2023-03-14 09:19:30 -07:00
Wiktor Garbacz
5a2bdd436d
Fix poll in unotify monitor
...
Fixes incorrect timeout calculation and increases the wakeup interval.
Also makes poll behave correctly in presence of signals.
PiperOrigin-RevId: 516514260
Change-Id: I035701e1bb351f9ad26157b59b13b4f300cc229a
2023-03-14 07:04:18 -07:00
Wiktor Garbacz
cb63dfead5
Add tests for util.cc
...
PiperOrigin-RevId: 516439597
Change-Id: I2ac88b6188738e47f0e0bdb04382a50aa5aa9366
2023-03-14 00:04:14 -07:00
Wiktor Garbacz
10d44614fd
Partial support for sandbox2::Notify in UnotifyMonitor
...
PiperOrigin-RevId: 515562555
Change-Id: Ie73c34bc7e35942b307c458cfef80510e0b734c3
2023-03-10 00:59:37 -08:00
Wiktor Garbacz
a31584ff49
Add explicit cast to fix build error
...
PiperOrigin-RevId: 515263097
Change-Id: Ib5b6c28587be889b5e2ef8d013fa57cbb0d8ffd3
2023-03-09 01:03:36 -08:00
Wiktor Garbacz
e031c11bdc
Update naming and lambda capture for stack size
...
PiperOrigin-RevId: 515254988
Change-Id: I394dc039bcfcbd2ccd7c705a91974f4183b28c39
2023-03-09 00:14:39 -08:00
Wiktor Garbacz
0d3d5d4bcb
Seccomp_unotify based monitor
...
Unotify based monitor should bring big performance wins
if the sandboxee heavily uses threading or signals.
Some of the features are not supported in that mode:
- execveat is always allowed instead of just the initial one
- stack traces are not collected on normal exit or if the process is terminated by signal
PiperOrigin-RevId: 515040101
Change-Id: Ia5574d34b4ff7e91e3601edb8c9cb913e011fbf6
2023-03-08 08:09:34 -08:00
Sandboxed API Team
80cc894c39
Allow sched_getaffinity with sanitizers
...
PiperOrigin-RevId: 515024410
Change-Id: I7c48d701b0c3ecab41c3363f8cb46a1c8fa6d97e
2023-03-08 06:51:19 -08:00
Wiktor Garbacz
e3b2d232b4
Add test for bpf disassembler
...
Also always handle the new return values.
PiperOrigin-RevId: 514698931
Change-Id: Ib4ce06e4f17c438271a0452053d3b0bc368e9970
2023-03-07 05:04:09 -08:00
Wiktor Garbacz
e46a526865
Add explicit casts to avoid build failures
...
PiperOrigin-RevId: 514698583
Change-Id: I0ebf2c14a74330ead3a362a48d1776060ea70fbe
2023-03-07 05:02:45 -08:00
Wiktor Garbacz
a8db8bfcf7
PTHREAD_STACK_MIN is not always a constexpr
...
PiperOrigin-RevId: 514695823
Change-Id: Iecf16f0bd563d85f80b0697d14293ff2d3133aef
2023-03-07 04:47:53 -08:00
Wiktor Garbacz
9f657e6a62
Consistently exclude examples from coverage runs
...
PiperOrigin-RevId: 514443652
Change-Id: Ia020371928e94d8b9bd98a9318c5d884f96c9f86
2023-03-06 10:03:12 -08:00
Christian Blichmann
17553b2206
syscall_trap: Add missing includes use C++ ones
...
PiperOrigin-RevId: 514385399
Change-Id: Iceca365c862ce7ee03a61153eb1da2a9571a9719
2023-03-06 07:11:24 -08:00
Wiktor Garbacz
526401166e
Migrate namespaces related tests out of policybuilder_test
...
PiperOrigin-RevId: 514325688
Change-Id: I9c581d14da3ac9fe5c3c0b43e156d8ad8d90c73f
2023-03-06 07:08:49 -08:00
Wiktor Garbacz
64b52ff3b5
Fix stack_trace_test for ARM64
...
When symbolize.cc is built with unwind tables function from the lib calling into symbolize.cc might be duplicated in stack trace (libunwind fallback to LR)
PiperOrigin-RevId: 514324815
Change-Id: I76ee4ccf5aaf388924714284d9896fa367f5f752
2023-03-06 07:07:55 -08:00
Wiktor Garbacz
550b26587f
Implement DangerDefaultAllowAll using DefaultAction(AllowAllSyscalls())
...
PiperOrigin-RevId: 513861597
Change-Id: I6e4038648a005bbe57ca33a4c0466f5af2184da8
2023-03-03 10:26:32 -08:00
Wiktor Garbacz
e09c2bc215
Run more tests with coverage and sanitizers contd
...
PiperOrigin-RevId: 513815467
Change-Id: I31d0df2c69b20eb126aaa8dde7f45fa7c0e1e6a8
2023-03-03 06:51:06 -08:00
Wiktor Garbacz
6827dc0059
Remove superfluous set_rlimit_as(RLIM64_INFINITY)
...
Address space limit is set to infinite by default.
PiperOrigin-RevId: 513755637
Change-Id: I42e79b21bc9b0f4b52e461994fef2ed104752957
2023-03-03 01:14:31 -08:00
Wiktor Garbacz
cd945565f5
Run more tests with coverage and sanitizers
...
Running with a permissive test policy should not interfere with sanitizers
or coverage.
Most tests should run with such a permissive policy.
The exception are tests which actually tests policy enforcement.
PiperOrigin-RevId: 513548936
Change-Id: I9a4c2cc8074997cff08cc22d15f4736219ce4d63
2023-03-02 08:46:07 -08:00
Wiktor Garbacz
a613dda7f2
Test stack unwinding more thoroughly
...
Check unwinding recursive calls.
Verify we can unwind in absence of unwind tables.
PiperOrigin-RevId: 513506498
Change-Id: Ib87240b7481dae3a4513c944e17a7924a54926e9
2023-03-02 05:09:49 -08:00
Wiktor Garbacz
0033c4563f
Remove unused UnwindResult.ip, reuse RunLibUnwindAndSymbolizer
...
PiperOrigin-RevId: 513482530
Change-Id: I50b24619af77a245088d489052f41f370a4d720b
2023-03-02 02:40:15 -08:00
Wiktor Garbacz
d74dac096a
Rework stack_trace_test
...
PiperOrigin-RevId: 513467290
Change-Id: Iab630412052fa5e7333514f3864ebdfb7f10e1ef
2023-03-02 01:25:38 -08:00
Wiktor Garbacz
5a8a25e9ac
Change the default action instead of appending ALLOW
...
Also create a visibility restricted version of the function.
PiperOrigin-RevId: 513209752
Change-Id: I031fe62d5ccd81995536479b9af890ad111e336c
2023-03-01 05:36:24 -08:00
Wiktor Garbacz
fbfbd13adf
Add frame pointer unwinding fallback
...
PiperOrigin-RevId: 513193320
Change-Id: I0ade55e0d1fae6d33794ccd064766a18f0c86cd6
2023-03-01 03:55:15 -08:00
Juan Vazquez
e11109c9ee
Internal change
...
PiperOrigin-RevId: 512922245
Change-Id: Ibc6d769f2f6b15971b95878c8fdb8d4664fbf2df
2023-02-28 07:01:07 -08:00
Juan Vazquez
6aa97f5394
Internal changes
...
PiperOrigin-RevId: 512905076
Change-Id: I780e8d6bfcfc94da5e8744146e6c1de153c329f9
2023-02-28 05:34:07 -08:00
Juan Vazquez
bd14f6818d
Add field to track policy source location
...
PiperOrigin-RevId: 512070278
Change-Id: I959a57e296d9b999c4ee3086bc814d7d55484722
2023-02-24 07:55:23 -08:00
Wiktor Garbacz
e1246332d1
Rename and move CreateDirRecursive
...
PiperOrigin-RevId: 510186053
Change-Id: I0e68cc8fff44780ab98f1d57f829ff900790eed5
2023-02-16 10:44:01 -08:00
Wiktor Garbacz
6db17e7ab3
Use namespaced policy in most tests
...
Drive-by some test cleanups.
PiperOrigin-RevId: 510134967
Change-Id: I40328a644690865c5cc0a0eb265222ebf7ff83e0
2023-02-16 07:12:46 -08:00
Wiktor Garbacz
71692bb50b
Decouple sandboxed stack tracing
...
This allows to split monitor & stack_trace related targets.
Also move stack traces related functionality into MonitorBase.
PiperOrigin-RevId: 510112916
Change-Id: I60eabf9c9b3204dc369713edd8ae05fded306875
2023-02-16 06:07:15 -08:00
Wiktor Garbacz
d2dbbbae76
Remove redundant tests
...
UID/GID is checked in namespace test and open fds in santizier test
PiperOrigin-RevId: 510084559
Change-Id: I1aac4d30d44aa2390447f24d228afbb1c3b04e2b
2023-02-16 02:28:52 -08:00
Wiktor Garbacz
3f53e81d0b
Remove unused dependency
...
PiperOrigin-RevId: 509890467
Change-Id: I0189fca5efa93a9e67f6f07eac44793cd17dcfc3
2023-02-15 11:35:14 -08:00
Wiktor Garbacz
e4c0d91e69
Remove leftover debug log
...
PiperOrigin-RevId: 509473001
Change-Id: I37e1ca609489ed9e2f3303efda3d955ad8408237
2023-02-14 02:51:21 -08:00
Wiktor Garbacz
a5d12903dd
Extract SandboxeeProcess and move it down the call chain
...
PiperOrigin-RevId: 507718207
Change-Id: Ia1f6fc2f09abbde5311f8dc0f596aa605989140d
2023-02-07 02:22:45 -08:00
Wiktor Garbacz
f289855867
Update IfThenChange after monitor split
...
PiperOrigin-RevId: 506591092
Change-Id: Idf3c0d00e88c622a565fe056b2b12fca27c4b819
2023-02-02 05:17:03 -08:00
Wiktor Garbacz
34b2f6bc90
Remove AllowUnsafeKeepCapabilities()
...
PiperOrigin-RevId: 506586347
Change-Id: I859a1f695ffbcf3b982a26df425c6b4e03c62da1
2023-02-02 04:47:02 -08:00
Wiktor Garbacz
8f24f2a4f0
Split PtraceMonitor into separate file
...
PiperOrigin-RevId: 505660957
Change-Id: I6b8fcbb86c9fef294b6d19e2d1ec7120415f843b
2023-01-30 05:09:20 -08:00
Wiktor Garbacz
97d67019d2
Split out policybuilder target
...
PiperOrigin-RevId: 505053801
Change-Id: Ic0ea4aa2334394e310af6d3a11f961bd4866f9dc
2023-01-27 01:24:51 -08:00
Wiktor Garbacz
4450c5513f
Bazel: Do not expose regs.h
...
PiperOrigin-RevId: 505047592
Change-Id: I207cf46c3f75d0a24cf753888e0cdba53d4193b0
2023-01-27 00:43:38 -08:00
Wiktor Garbacz
f636cd86d6
Split PtraceMonitor out of Monitor
...
This is a preparatory step to introduce a Sandbox2 mode that does not use ptrace.
PiperOrigin-RevId: 503919613
Change-Id: I446adecc66e697c592ad938627fbfdbea12516e1
2023-01-23 01:42:28 -08:00
Sandboxed API Team
93ef7eb380
Explicitly close the output stream.
...
PiperOrigin-RevId: 503904221
Change-Id: Iee1899d80190a314c9c83f0a69e5fac76494cd92
2023-01-23 00:06:57 -08:00
Sandboxed API Team
8c107936da
Internal BUILD changes
...
PiperOrigin-RevId: 503417314
Change-Id: Ib368f5600ef39d2ee37fc8c71108d6d11f109328
2023-01-20 05:14:47 -08:00
Sandboxed API Team
adb90a14a0
Internal BUILD changes
...
PiperOrigin-RevId: 503412719
Change-Id: Idecf094c8c7c8956a9f000204c90ed83d6df599d
2023-01-20 04:43:10 -08:00
Wiktor Garbacz
8bf9868ec3
Protobuf doesn't directly support heterogeneous lookup with absl::string_view
...
If the platform does not have `std::string_view` (i.e. `absl::string_view` is not an alias of `std::string_view`) the lookup will cause build failure.
PiperOrigin-RevId: 503159858
Change-Id: Ide8229ae0219d1cb6f3b36aba26da8d53183bc4b
2023-01-19 07:32:03 -08:00
Wiktor Garbacz
2f64d3d925
stack_trace: pass fd to sandboxee's memory instead of using process_vm_readv
...
Libunwind sandbox no longer needs to join sandboxee's userns.
This cleans up a lot of special handling for the libunwind sandbox.
PiperOrigin-RevId: 503140778
Change-Id: I020ea3adda05ae6ff74137b668a5fa7509c138f8
2023-01-19 05:44:50 -08:00
Wiktor Garbacz
f87b6feb18
stack_trace: do not add common libraries when not a custom fork-server
...
Avoids duplicate entries warnings and tightens the namespace.
Drive-by: modernize the policy.
PiperOrigin-RevId: 503108939
Change-Id: If34d23dd83ca39682799dfb36bd0b9b9ceb19fdc
2023-01-19 02:47:49 -08:00
Sandboxed API Team
bc6937ac82
Add logging of stack traces of all threads that were terminated by a signal or
...
when the sandboxee did not exit normally.
Disabled by default, enabled with a flag.
PiperOrigin-RevId: 502807175
Change-Id: Icb5236cbfac0168a2d855c68967f7a1e8bd13fe3
2023-01-18 01:45:01 -08:00
Wiktor Garbacz
58c3f80d57
Allow MADV_HUGEPAGE used by tcmalloc
...
PiperOrigin-RevId: 501815420
Change-Id: I22d6408e4e6ca375823b7b9448547cc082fe5421
2023-01-13 04:41:22 -08:00
Wiktor Garbacz
2ae5370cfb
Full syscall info in Result::ToString
...
PiperOrigin-RevId: 501522999
Change-Id: I90c63984c053a5e7deaf4b7619e70c360cc892bb
2023-01-12 03:57:44 -08:00
Dmitri Gribenko
858c407521
Replace llvm::makeArrayRef with ArrayRef constructors.
...
LLVM upstream is about to deprecate and remove llvm::makeArrayRef.
PiperOrigin-RevId: 501106516
Change-Id: Ice610c7e0190dc8608339de1b88b7a05e7771871
2023-01-10 15:14:03 -08:00
Sandboxed API Team
f086c39f42
Update clients of PolicyBuilder to support architectures other than x86_64.
...
PiperOrigin-RevId: 500181306
Change-Id: Ibf3e5e3ac6214394f2d9ab10cf30de6d8396988d
2023-01-06 14:31:59 -08:00
Sandboxed API Team
1871b173c4
Add __NR_faccessat2 to the list of syscalls allowed by AllowAccess().
...
PiperOrigin-RevId: 500105471
Change-Id: Ic43c608a511617ba9ca8c2cba440cd709ae80a19
2023-01-06 00:16:46 -08:00
Sandboxed API Team
756176f206
On new process, check for the clone3 syscall.
...
PiperOrigin-RevId: 499918752
Change-Id: I7279e76593976c224a15be901834bf6225aebe85
2023-01-05 10:02:09 -08:00
Sandboxed API Team
90ee0a7464
Update clients of PolicyBuilder to support architectures other than x86_64.
...
PiperOrigin-RevId: 499424110
Change-Id: I6e7ed7436db84a65b1920f78dfc00cb2f9894b3c
2023-01-04 01:44:20 -08:00
Wiktor Garbacz
00d42577d5
Use CLONE_VM for starting the global forkserver
...
PiperOrigin-RevId: 499192311
Change-Id: I054385e9cab5e4987b0f34ab3b763244356405c2
2023-01-03 05:36:40 -08:00
Wiktor Garbacz
2d52191c24
Define PR_SET_VMA* if undefined
...
PiperOrigin-RevId: 497161397
Change-Id: I65fc11a7ccf34ffe225a03a0444275145fa43b4f
2022-12-22 07:39:44 -08:00
Wiktor Garbacz
fc721da2b9
More precise sycall_defs
...
PiperOrigin-RevId: 497137823
Change-Id: I374054659ce94e6b53819b999d9ed25df18b4ebd
2022-12-22 05:00:48 -08:00
Wiktor Garbacz
89a8f35f0e
Use new helpers in policy_test
...
PiperOrigin-RevId: 496904765
Change-Id: Id2e4a901ed29c780542423608c55d01ef19eee9a
2022-12-21 06:17:07 -08:00
Wiktor Garbacz
7625c3dd24
Use AllowDup helper in AddNetworkProxyPolicy
...
PiperOrigin-RevId: 496898835
Change-Id: I76968c5c9b25a9e41865b3fad20463661195f581
2022-12-21 05:36:28 -08:00