StarMirror
/
sandboxed-api
mirror of https://github.com/google/sandboxed-api
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
911 Commits
1 Branch
3 Tags
144 MiB
Commit Graph

911 Commits (7004d59150c9fbfaa3e5fd1872affffd1ab14fe8)

Author SHA1 Message Date
Wiktor Garbacz e4ef46631d Replace raw_logging with regular logging in Monitor 
PiperOrigin-RevId: 413928700
Change-Id: I0bc4dd86b45c0ddd679a435003fbad2aea27fbf2
 2021-12-03 07:17:36 -08:00
Wiktor Garbacz 2fa92bf47c Internal change 
PiperOrigin-RevId: 413911008
Change-Id: I59cdac60c092f31fb487f032b3489341c0ba626a
 2021-12-03 05:21:01 -08:00
Wiktor Garbacz c3308b56fc Replace deprecated AddTmpfs call 
PiperOrigin-RevId: 413907279
Change-Id: I3a32be4b19acab8b2b2092961df3dd9f3699261b
 2021-12-03 04:56:40 -08:00
Christian Blichmann 4a6e005155 Make `PtrXXX()` family of functions public 
PiperOrigin-RevId: 413616359
Change-Id: I553c17f0668708b00fdb12a21109ed45aeba6c66
 2021-12-02 01:41:59 -08:00
Sandboxed API Team a096056263 Automated rollback of commit b72078f692. 
PiperOrigin-RevId: 413442229
Change-Id: I48d03ce200160da1c86faec29b2ca51fb1ead834
 2021-12-01 09:54:44 -08:00
Sandboxed API Team b72078f692 Automated rollback of commit 6a6c931317. 
PiperOrigin-RevId: 413362657
Change-Id: Ie75672101b2aba4183f9aa3e39679a99f309e155
 2021-12-01 02:56:59 -08:00
Wiktor Garbacz f5fbe8cce5 Internal change 
PiperOrigin-RevId: 413351344
Change-Id: I93962c43649fab1f73b3960044563e54449af271
 2021-12-01 01:48:41 -08:00
Christian Blichmann 6a6c931317 Move away from multiple inheritance 
This change is a first step to make the SAPI variable hierarchy more sensible.
It turns the `Reg<T>` class into a descendant of `Pointable`, but without
making its `PtrXXX()` methods public (hence the `using` statements). Further
changes are needed to restructure this.

There are no functional changes and the class sizes, including vtables, should
not change.

PiperOrigin-RevId: 413333120
Change-Id: I90ceeaeb7aea482016f8f4bee81489d5a9db9ade
 2021-11-30 23:46:59 -08:00
Christian Blichmann 85a463372f Sandbox2: Mark tests that won't run under QEMU user emulation 
PiperOrigin-RevId: 412861975
Change-Id: I0f168bc71b5738ed55b836f148ded94bf397d27d
 2021-11-29 05:20:48 -08:00
Christian Blichmann c2b7cffe78 Minielf: Use a template to load integers 
Different versions of the `elf.h` header define their own integer types. For
example, even on LP64 systems, a 64-bit ELF integer types may decay into
`unsigned long long` instead of `unsigned long`.

This change replaces the various overloads with a single function template
that is well-defined for all integral types.

PiperOrigin-RevId: 410746713
Change-Id: I4b560f7541802372f01ae3d6f4a56554e51d70c8
 2021-11-18 02:16:26 -08:00
Sandboxed API Team dcfd85d74e Extend existing CPU architecture spellings in config header and define platform spellings. 
PiperOrigin-RevId: 410474889
Change-Id: I41f870ad49e2203a6bdf833102c0d0a9cafa7af4
 2021-11-17 02:41:07 -08:00
Wiktor Garbacz e86322db84 Fix a race between NotifyMonitor/AwaitResult 
PiperOrigin-RevId: 410463096
Change-Id: I370705131ac78f26736646596189d8cad2bb70c2
 2021-11-17 01:40:42 -08:00
Sandboxed API Team 04503f9bbe Replace <bits/local_lim.h> with <climits> 
PiperOrigin-RevId: 409932987
Change-Id: I388aca627d6d0f3c9d5721e66574fb8af85cc8f4
 2021-11-15 03:16:28 -08:00
Sandboxed API Team 9541b657ad Use alias s6_addr instead of direct field access. 
PiperOrigin-RevId: 409908616
Change-Id: I18f87b41eae3f96fd60b8cd14073bd8df66fae98
 2021-11-15 01:01:20 -08:00
Sandboxed API Team 2727714012 Expose unwind symbol helpers. 
PiperOrigin-RevId: 409391470
Change-Id: Iad14caabbada1278216e5e28ba55bae8dc8b9b2b
 2021-11-12 05:59:51 -08:00
Wiktor Garbacz 26da6e6b0a Safer and more efficient custom syscall policies 
Generate syscall jump table without using bpf_helper.
Check that any jump in the user provided policy is within the provided policy.

PiperOrigin-RevId: 409362089
Change-Id: I31493e52cf868e4b184ff79fcb26beeb75f49773
 2021-11-12 02:44:41 -08:00
Wiktor Garbacz c95837a6c1 Check and limit seccomp policy length. 
PiperOrigin-RevId: 409129756
Change-Id: Ib9937495966f545fb980eba04393db640af2325f
 2021-11-11 06:10:40 -08:00
Sandboxed API Team 00747d5241 Allow `getpid` call for log forwarding. 
PiperOrigin-RevId: 407865992
Change-Id: Ia14dc5cc1628337292586955f1c17a8d8f2995de
 2021-11-05 11:16:45 -07:00
Copybara-Service b63fa3b981 Merge pull request #87 from mysterytony:patch-1 
PiperOrigin-RevId: 404246588
Change-Id: I1fdb33f76ae847cb6c4ff9916b64e8b37cfeadbe
 2021-10-19 06:49:10 -07:00
Tony Li cfb9e031dd
fix typo, master branch -> main 2021-10-17 22:52:57 -07:00
Christian Blichmann d85f40b8b0 Modernize `namespace_test` a little 
PiperOrigin-RevId: 402795383
Change-Id: Ia576259078f40a3ca6b96094bd15c3ea7b0b79d9
 2021-10-13 04:17:46 -07:00
Christian Blichmann 1260b5f38b Move example sandboxes out of `lib` directories 
This is mainly so that the structure of the examples follows what we do
internally (not having separate directories).

PiperOrigin-RevId: 402298115
Change-Id: I0f542607b88597572de39532364816f80a076697
 2021-10-11 07:59:25 -07:00
Christian Blichmann 2c42654333 Improve examples 
- CRC4: More readable policy, added explanatory comment
- Use `AllowLlvmSaniters()` in policies

PiperOrigin-RevId: 402296504
Change-Id: I6853199abedf2441eaffff9186d4d354c142e485
 2021-10-11 07:50:27 -07:00
Christian Blichmann d05dc7ba02 Reduce visibility of internal member function 
This is the first change in a series that will eventually remove Sandboxed
API's use of multiple inheritance.

Drive-by:
- Rename short member names to full words
- Some reformatting
PiperOrigin-RevId: 402270954
Change-Id: I8af46b887921265a371b85603fd158ef3a8fab50
 2021-10-11 05:38:01 -07:00
Christian Blichmann df1c31188d Fix sums test under MSAN by allowing Scudo to add `MAP_NORESERVE` in `mmap()` 
Note: This change allows `MAP_NORESERVE` generally, not just for MSAN. This follows
what we do for `AllowTcMalloc()/AllowSystemMalloc()`
PiperOrigin-RevId: 402231980
Change-Id: Ifa1c6b9f61f636dd6db231dde3765c3b4a40911b
 2021-10-11 01:22:17 -07:00
Christian Blichmann 221e929018 Include shell-based tests in OSS builds 
These were previously dependent on an internal-only testing target.

For now, this only works with Bazel, but should enable us to have better test coverage in GitHub actions.
Eventually, all of these shell-based tests should be converted to `cc_test`s.

PiperOrigin-RevId: 400713615
Change-Id: I1cabb5b72977987ef4a1803480f699b58c4d56e9
 2021-10-04 07:18:36 -07:00
Christian Blichmann 98e590463b Internal change 
PiperOrigin-RevId: 400144449
Change-Id: Ic0cbd6a3b27012cfb406694bdf2944a5b9905580
 2021-10-04 07:18:06 -07:00
Sandboxed API Team 4050f34efc Internal Change 
PiperOrigin-RevId: 399850339
Change-Id: I1cbb4d7510bff3ab4a4559cb3252dcf79d2a06b8
 2021-09-29 22:12:26 -07:00
Christian Blichmann 90d1867026 Remove deprecated `sapi::StatusOr<>` forward declaration 
PiperOrigin-RevId: 399663835
Change-Id: I92255a68e50a3b9130d3e222a2e353ee2e599c18
 2021-09-29 05:39:10 -07:00
Christian Blichmann f6d9e7fd7c Fix warning about multi-line comment 
PiperOrigin-RevId: 399648071
Change-Id: I793a640310d772804726527761ad911772ff19c6
 2021-09-29 03:44:32 -07:00
Wiktor Garbacz d9d2f0e5de Use regular logging in fork client 
PiperOrigin-RevId: 399623764
Change-Id: I5eaf0ff7f24e7b61c84ff9dacf8cd53889cc83d0
 2021-09-29 00:46:12 -07:00
Sandboxed API Team fb81c00fd1 Replace auto with explicit type declarations 
PiperOrigin-RevId: 399419917
Change-Id: I4b7acd8ab6e2542e2971b29bed0745378b2b6743
 2021-09-28 05:50:57 -07:00
Sandboxed API Team 448f393c29 Enable mmap for msan (it's already enabled for asan and tsan) 
PiperOrigin-RevId: 399163710
Change-Id: I2cebb6136adb00a53e4baf18d343cf80191efcb0
 2021-09-27 05:08:45 -07:00
Wiktor Garbacz c29c510e30 Log when global forkserver is started and its exit status 
PiperOrigin-RevId: 398232735
Change-Id: Ia0628cf2dee51a94938dae82bcb392384feeb74c
 2021-09-22 07:16:43 -07:00
Wiktor Garbacz b470a6ece5 Make the fd cleanup test less brittle 
PiperOrigin-RevId: 398229418
Change-Id: If8af43f33b07839ea8d46b85ff77efa8557a31a8
 2021-09-22 06:57:55 -07:00
Catalin Patulea b5fb483b11 Fix formatting of pgoff. 
PiperOrigin-RevId: 397763298
Change-Id: I027ef4cd381247521ee2bcce57a17c9d480efb22
 2021-09-20 09:02:14 -07:00
Christian Blichmann c400f92eaa (Mostly) internal change. Add `pid()` accessor. 
PiperOrigin-RevId: 397070773
Change-Id: I9ebac9078f3866ef3e0061ec79da5c9f71e5f480
 2021-09-16 06:57:44 -07:00
Kevin Hamacher aea8bb2ed0 Automated rollback of commit 2036f5b2f0. 
PiperOrigin-RevId: 395893427
Change-Id: Iabd32de9cd83de5cc8567834e1f91e48c521ac60
 2021-09-10 03:34:44 -07:00
Sandboxed API Team 2036f5b2f0 Automated rollback of commit 4b018757c3. 
PiperOrigin-RevId: 395067992
Change-Id: I5db335ed881aa81748a0fc8082091b160fe83e86
 2021-09-06 04:07:11 -07:00
Kevin Hamacher 4b018757c3 Use `absl::flat_hash_set` + Status in favor of `std::set` in the sanitizer API 
PiperOrigin-RevId: 395061068
Change-Id: I31548eb6fc9f27f55acf25bd6d3d0b941a529e63
 2021-09-06 03:15:39 -07:00
Kevin Hamacher eb2c5a66f4 Rework `GetListOfFDs` API 
PiperOrigin-RevId: 395043959
Change-Id: I77ce13f0c786d3644971ed239f3106319667e979
 2021-09-06 01:01:19 -07:00
Christian Blichmann 289adcff06 Internal change. 
For OSS, this change should be mostly a no-op. Visible edits are due to
changed order of code and/or includes.

PiperOrigin-RevId: 394177395
Change-Id: I1d32f9fd175579e8f05c051b1307953b249d139d
 2021-09-01 01:28:19 -07:00
Catalin Patulea 9ab330dc7a 'Map' symbols: add pgoff to disambiguate multiple mappings on same object. 
PiperOrigin-RevId: 391520785
Change-Id: Icb05e60f778acfb9fe6f519911ce54bec65fc4ff
 2021-08-18 07:14:31 -07:00
Wiktor Garbacz 59f5fa8042 Allow collecting stacktraces on normal process exit 
This mainly a debugging facility.
It makes diagnosing problems where sandboxed process just randomly exits whereas unsandboxed one runs to completion due to differences in the setup/environment much easier.

PiperOrigin-RevId: 391005548
Change-Id: Ia19fe6632748da93c1f4291bb55e895f50a4e2b0
 2021-08-16 03:13:15 -07:00
Sandboxed API Team 7b31deaed8 Delete deprecated `sapi::Sandbox::IsActive` and its remaining call sites. 
PiperOrigin-RevId: 390412024
Change-Id: Iab3853b3c40dd4e9b0ff31532e8c41c2583ebc4e
 2021-08-12 11:00:51 -07:00
Sandboxed API Team dae91ff082 Fix Symbolize* tests. 
PiperOrigin-RevId: 390372065
Change-Id: I1ddc9dd9238795eb0674e04c20a5c91a68582027
 2021-08-12 08:03:52 -07:00
Sandboxed API Team d631154ce5 Delete deprecated `sapi::Sandbox::GetRpcChannel` and its remaining call sites. 
PiperOrigin-RevId: 389968873
Change-Id: Ia72e0064fa57679180f9c406f96266473f8461c2
 2021-08-10 13:50:15 -07:00
Wiktor Garbacz 773dc6b18b Do not fail-hard in global forkserver startup 
PiperOrigin-RevId: 389816114
Change-Id: Icd672028ff224cf01095d6590fe1cc2adb312316
 2021-08-10 00:33:29 -07:00
Sandboxed API Team 165c155a08 Delete deprecated `sapi::Sandbox::GetComms` and its remaining call sites. 
PiperOrigin-RevId: 389716023
Change-Id: I092bc37f3f3bb40554b627f9dd528525b60d67a1
 2021-08-09 13:49:45 -07:00
Sandboxed API Team 3f0875798d Delete deprecated `sapi::Sandbox::GetPid` and its remaining call sites. 
PiperOrigin-RevId: 389713115
Change-Id: I1832e759016a581e10bf5bd8b5b70244b40ecd69
 2021-08-09 13:36:15 -07:00