Commit Graph

193 Commits

Author SHA1 Message Date
Christian Blichmann
7c30aebe2d Use Abseil hash maps instead of std::map<T>
PiperOrigin-RevId: 340807499
Change-Id: I2689bd1d32be45e3085dcc7a0ba4b8fedd7d53b0
2020-11-05 01:49:14 -08:00
Christian Blichmann
2acec65a58 Add an AllowAccess() convenience function to PolicyBuilder
Drive-by: Apply convenience functions in policies.
PiperOrigin-RevId: 340404977
Change-Id: I906106b61c1837d23ddaff15d8792ec79d3d3189
2020-11-03 02:21:21 -08:00
Sandboxed API Team
834d356bce Cleans up statusor.h includes.
PiperOrigin-RevId: 337370254
Change-Id: Ibcbc2921f96d32675720ddc7adb621dd53894dfa
2020-10-15 13:25:30 -07:00
Christian Blichmann
b74cf8839b Minor ForkClient improvements
- Use a `constexpr inline` string constant for the forkserver env var
- Add annotation for the comms channel mutex

PiperOrigin-RevId: 335395005
Change-Id: Ic058c19c3704f182aa7ed7b8e8964b2fc5082800
2020-10-05 05:10:16 -07:00
Wiktor Garbacz
83a08daff7 Change int64 to size_t in Buffer
PiperOrigin-RevId: 334802978
Change-Id: I7e421b1a6a98138139003cc4dc2a548ebe366e3e
2020-10-01 06:45:38 -07:00
Christian Blichmann
575f24f5df Internal change
PiperOrigin-RevId: 334569306
Change-Id: Ibf1b3a24b57b02ce1c5e6106e5331520dfdf7112
2020-10-01 06:45:25 -07:00
Wiktor Garbacz
f91f843f50 Use size_t/uintptr_t instead of uintptr_t or uint64_t where appropriate
PiperOrigin-RevId: 332449107
Change-Id: I623c320c7f31bb73b92799dfbeb9a1e8ce0cdb3b
2020-09-18 07:45:03 -07:00
Wiktor Garbacz
08a956a415 Use opaque void* instead of uint8_t* in Comms
PiperOrigin-RevId: 332441641
Change-Id: I09902e98726a0bd57b47d3454ddcb6ef05021d56
2020-09-18 06:48:57 -07:00
Wiktor Garbacz
9ffa5afba6 Remove unnecessary TLV struct
Drive-by: Zero-copy RecvString
PiperOrigin-RevId: 332412385
Change-Id: I169ffa78f016ec2d55c1a3677ea97beed095123c
2020-09-18 02:23:22 -07:00
Christian Blichmann
ed0086eb66 Fix dynamic binary startup on PPC and newer glibc (> 2.19)
This allows the `_llseek` syscall when it is defined.

PiperOrigin-RevId: 331498182
Change-Id: I2760b264e3a82000b38d278a9c280501a3dbc724
2020-09-14 01:18:33 -07:00
Christian Blichmann
21f7373e76 Initial changes to support AArch64
This is a work in progress:
- Syscall tables need work
- Only tested on real hardware using one of our test hosts

As a drive-by, this change also enables the open source version to function on
POWER.

Another side-effect of this change is that the default policies no longer
check for different host architectures at runtime. On x86_64, we do not need
to check for PPC or AArch64 specifice and vice versa.

PiperOrigin-RevId: 331137472
Change-Id: Ic6d6be5cbe61d83dbe13d5a0be036871754b2eb8
2020-09-11 06:34:27 -07:00
Christian Blichmann
c19949eb7b Use inclusive language
PiperOrigin-RevId: 331116936
Change-Id: I7084b24440a1c78c0d70030da900330f0b8d954f
2020-09-11 03:14:12 -07:00
Christian Blichmann
6a1e4b881c Introduce config header to centralize CPU architecture checks
This allows us to remove some uses of macros.

Related changes:
- Make it clear that we support hosting sandboxed binaries from 64-bit
  processes only. CPU architectures are x86-64 and POWER64 (little endian).
- Introduced CPU architecture macros, abstracting away compiler specifics

PiperOrigin-RevId: 330918134
Change-Id: Ife7ad5f14723eec9f68055127b0583b8aecd38dd
2020-09-10 05:48:00 -07:00
Kevin Hamacher
1f8e88586b Log details when executor fails to open the sandboxee binary
PiperOrigin-RevId: 330680717
Change-Id: I4ec855861196177321783dc94f2e05a28e84d512
2020-09-09 02:12:29 -07:00
Christian Blichmann
fdf0483ca0 Migrate to open-source absl::StatusOr<>
This removes our own fork of `absl::StatusOr<>`. Sandboxed API still includes
a custom matcher for Googletest, as that is not open source yet. For
compatibility, the `statusor.h` header is still retained and now aliases
`sapi::StatusOr<>` to `absl::StatusOr<>`.

PiperOrigin-RevId: 329916309
Change-Id: I0544b73a9e312dce499bc4128c28457e04ab9929
2020-09-03 07:40:48 -07:00
Sandboxed API Team
23da55c19a Internal BUILD refactoring
PiperOrigin-RevId: 329720214
Change-Id: I25fbb94dea17db3bdca6438d17508fa304d9706f
2020-09-03 07:40:33 -07:00
Sandboxed API Team
1c833d6f25 Internal cleanup migrating StatusOr.
PiperOrigin-RevId: 329304527
Change-Id: Id6c141272df54c4e165829d690f9f5b2e9ee90cc
2020-08-31 08:13:29 -07:00
Wiktor Garbacz
c53f2a900f Automated rollback of commit e7a195ce42.
PiperOrigin-RevId: 328918626
Change-Id: Iabe93ec7062ea6e750e4185e2b0b672a37111ee7
2020-08-28 04:49:41 -07:00
Sandboxed API Team
e7a195ce42 Automated rollback of commit 82c56775ef.
PiperOrigin-RevId: 328340042
Change-Id: Ib225f8012fb373c74e3f1b3e6201b2daca7da40b
2020-08-25 09:01:22 -07:00
Wiktor Garbacz
82c56775ef StatusOr cleanups
PiperOrigin-RevId: 328318284
Change-Id: I207570c0fee6797dbc8995d36ef2130b0bff28fa
2020-08-25 06:22:05 -07:00
Sandboxed API Team
8633f22185 Increase limit on symbol table size and section size.
PiperOrigin-RevId: 325215228
Change-Id: I2e6ca131d92d86e7aa0d5cc37a3507dce03db25f
2020-08-06 06:04:14 -07:00
Christian Blichmann
eb62bae167 Refactor stack trace handling
- Drop `delim` argument from the `GetStackTrace()` family of functions.
  We only ever used plain spaces.
- Use an `std::vector<std::string>` for the symbolized stack frames and
  adjust the unwind proto accordingly.

This change now prints each stack frame on its own line while skipping
duplicate ones:

```
I20200717 11:47:16.811381 3636246 monitor.cc:326] Stack trace: [
I20200717 11:47:16.811415 3636246 monitor.cc:337]   map:/lib/x86_64-linux-gnu/libc-2.30.so+0xceee7(0x7fb871602ee7)
I20200717 11:47:16.811420 3636246 monitor.cc:337]   Rot13File+0x130(0x55ed24615995)
I20200717 11:47:16.811424 3636246 monitor.cc:337]   ffi_call_unix64+0x55(0x55ed2461f2dd)
I20200717 11:47:16.811429 3636246 monitor.cc:337]   map:[stack]+0x1ec80(0x7ffee4257c80)
I20200717 11:47:16.811455 3636246 monitor.cc:339]   (last frame repeated 196 times)
I20200717 11:47:16.811460 3636246 monitor.cc:347] ]
```

PiperOrigin-RevId: 322089140
Change-Id: I05b0de2f4118fed90fe920c06bbd70ea0d1119e2
2020-07-20 00:24:40 -07:00
Wiktor Garbacz
f7d3f442df Extract ForkClient to a separate target
PiperOrigin-RevId: 321757582
Change-Id: I48b89ab4e4b1d87dd9444874de5bf5bd2526531a
2020-07-17 04:54:54 -07:00
Wiktor Garbacz
e9f7293e21 Fix ptrace_hook dependency graph
PiperOrigin-RevId: 321748143
Change-Id: Idb453054b78e932ce13c5f44f7d408cc0f9c31f2
2020-07-17 03:20:43 -07:00
Christian Blichmann
b7d137721a Do not keep a reference to a temporary
PiperOrigin-RevId: 321117444
Change-Id: If6951058fcd32fe638f9241bef79181d6785e9cf
2020-07-14 01:42:05 -07:00
Christian Blichmann
1f1de9e229 Fix logging/display of syscall tables
Initializing `absl::Span`s like by assigning them from a temporary
array leaves them pointing to invalid data. Due to the way the linker
initializes these constant tables, _most_ of them will still be valid
_most_ of the time, leading to crashes when running sandboxees with the
`--sandbox2_danger_danger_permit_all_and_log` option.

PiperOrigin-RevId: 321112099
Change-Id: I891118da08cbb6000b3e2e275618bc4edaa1d020
2020-07-14 00:47:54 -07:00
Chris Kennelly
63a8b3ff15 Refactoring for internal change
PiperOrigin-RevId: 320612442
Change-Id: I65729ac5d83c76dac047a47f866b7ad4af3c56c1
2020-07-10 09:01:49 -07:00
Sandboxed API Team
a602177943 Fix AllowLlvmSanitizers for Msan.
PiperOrigin-RevId: 319947612
Change-Id: I6485d8282381c4cb2be05e138e007ccbb3e5d956
2020-07-07 02:40:24 -07:00
Sandboxed API Team
228f3e7ed1 Migrate usage of StatusOr::operator bool to StautsOr::ok.
PiperOrigin-RevId: 319931897
Change-Id: I31b4bb71c7eeaf6687a499248bbfbb26c78b94ff
2020-07-07 00:14:07 -07:00
Sandboxed API Team
88e9dbf8d4 Allow Asan to get sigaltstack
Include sigaltstack into AllowHandleSignals

PiperOrigin-RevId: 319293484
Change-Id: I4d60715893bd07eff047d2bced1450a3cd29bcec
2020-07-01 14:09:03 -07:00
Wiktor Garbacz
6008dc6db4 Reduce dependencies on libcap
PiperOrigin-RevId: 319228803
Change-Id: I1a9497f9e33bbe1e84749505305cd9c148b6d700
2020-07-01 08:23:46 -07:00
Wiktor Garbacz
0d375e69e1 Remove abort from ExecuteProcess
Otherwise ExecuteProcess is implicitly `[[noreturn]]` and this
might cause policy violations in `__asan_handle_no_return`
for ASAN builds.

PiperOrigin-RevId: 319203128
Change-Id: I5c8ba71ce88261f803aa3f16730eccea0d803dd1
2020-07-01 04:54:29 -07:00
Christian Blichmann
2ffea13759 Mark zlib as found when using SAPI CMake build
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-06-30 08:59:50 +02:00
Sandboxed API Team
5de6b84111 Internal change
PiperOrigin-RevId: 317068509
Change-Id: I268381ca50eabed88b189bf79ccc9313e5b7d9ae
2020-06-18 03:19:01 -07:00
Christian Blichmann
5aff251a92 Move filewrapper to tools directory
This decouples it from the underlying build system

PiperOrigin-RevId: 313764652
Change-Id: I64de2f8533d307567de297942a3d02d26b0839f4
2020-05-29 05:40:52 -07:00
Christian Blichmann
143e539d79 First MVP of a LibTooling based SAPI header generator
- Extract dependent types directly from the Clang AST and re-serialize
  back into compilable code
- Collect types and emit diagnostics
- Format generated code

Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-05-15 15:35:42 +02:00
Christian Blichmann
aafc597630 Add zlib as dependency for examples
Similar to what the Bazel build does, this change adds zlib as an additional
dependency when `SAPI_ENABLE_EXAMPLES` is set to `ON`.

PiperOrigin-RevId: 309203959
Change-Id: I201a9e6415789afb1e058bc48cebbc0fc0004fe9
2020-04-30 04:57:33 -07:00
Sandboxed API Team
79049b09c0 Add helper function for MADV_WIPEONFORK.
BoringSSL (which is the crypto library used by most Google products) is starting to use madvise(_, _, MADV_WIPEONFORK) to protect random-number state from being duplicated by fork(). This causes extra madvise calls that sandboxes need to permit in order to continue functioning.

PiperOrigin-RevId: 309173849
Change-Id: I007dacc1ff1fd0ccc138caaa08735cfe5bc78234
2020-04-30 00:08:55 -07:00
Christian Blichmann
7ec20bd5d5 Update dependencies to latest versions
- Abseil (HEAD)
- Benchmark (HEAD)
- Google Flags (HEAD)
- Google Logging (HEAD)
- Google Test/Mock (HEAD)
- Protocol Buffers (3.11.4)

PiperOrigin-RevId: 309012925
Change-Id: I826846afb3f2c4e92180915796890fce6b5a1d6c
2020-04-29 06:45:44 -07:00
Sandboxed API Team
9b85dc49c1 Split sanitizer.h into a separate library
PiperOrigin-RevId: 305327952
Change-Id: I6708729d379d019c3d299e9cb54b76338ced23bf
2020-04-07 13:26:51 -07:00
Christian Blichmann
496672c333 Cleanup calls to sapi::StatusOr<>::ValueOrDie()
PiperOrigin-RevId: 304398197
Change-Id: I85d09457a5e27f65c0792fe93aebbd8219801ef6
2020-04-02 07:42:45 -07:00
Sandboxed API Team
2fa0bf85f4 Fix an ODR violation
PiperOrigin-RevId: 303066199
Change-Id: I0cde5fce6f9538136b913edccc5a3195e0b4e503
2020-03-26 01:59:05 -07:00
Sandboxed API Team
22c6417307 Adding new build rule for sanitizer
PiperOrigin-RevId: 302687093
Change-Id: I090352c70df67e51eba79a618315b7ca9696bcfe
2020-03-24 09:54:49 -07:00
Kevin Hamacher
dadf55f647 Show a warning when tmpfs size is not specified
PiperOrigin-RevId: 302441519
Change-Id: Ia4130c9067f00ed48065ea3b4854c844e7b88f85
2020-03-23 08:44:28 -07:00
Anna Sapek
4665335604 Use file::IsAbsolutePath consistently
PiperOrigin-RevId: 302073992
Change-Id: Ib3b9fbedc6e85a1abd87cbc683d8a8c3dc3daf87
2020-03-20 12:08:25 -07:00
Christian Blichmann
f44cca6c98 Fix path to generated proto sources when embedding
When embedding SAPI in an external CMake project, the version of
`protobuf_generate_cpp` that we lifted from upstream protobuf produces
the wrong generated file paths.

For example, given this project structure:

```
/parent/
+-- myproject/
+-- myproject_build/  <- CMake build directory
+-- sandboxed-api/    <- Checkout from GitHub
```

And a CMake file in `myproject/CMakeLists.txt` that embeds SAPI like
this:

```
cmake_minimum_required(VERSION 3.12)
project(SandboxedTest LANGUAGES CXX)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)

add_subdirectory(
  ${PROJECT_SOURCE_DIR}/../sandboxed-api
  ${PROJECT_BINARY_DIR}/sandboxed-api
)
```

Then `protobuf_generate_cpp` correctly invokes the protoc compiler to
generate
`/parent/myproject_build/sandboxed-api/sandboxed_api/proto_arg.proto.pb.cc'.
However, the path of the generated source file that is passed to the C++
compiler will be
`/parent/myproject_build/sandboxed-api/sandboxed_api/../../myproject_build/sandboxed-api/sandboxed_api/proto_arg.pb.cc`.
Note the duplicated project build directory component in the
canonicalized version:
`/parent/myproject_build/myproject_build/sandboxed-api/sandboxed_api/proto_arg.pb.cc`.

This change simple omits the computation of any relative file paths and
simply uses `_pb_PROTOC_OUT_DIR` which defauls to
`CMAKE_CURRENT_BINARY_DIR`, which should always contain the correct
path.

Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-03-18 18:47:02 +01:00
bielec
d17482e2eb Split network_proxy example to 2 examples: with automatic handler, and without.
Created documentation for network proxy. fixed 2 things in documentation (namespaces are enabled by default for a while).

PiperOrigin-RevId: 300321016
Change-Id: Id9c54b29551e8d3b70e814e2fdbfee594126aa90
2020-03-11 07:32:50 -07:00
Christian Blichmann
f6c3db4c6e Replace sapi::Status with absl::Status
PiperOrigin-RevId: 297614681
Change-Id: I89fe1357a172ed4d28df6dd84b80fee364ce1c14
2020-02-27 09:24:12 -08:00
Sandboxed API Team
a5d931ec5f Qualify uses of std::string
PiperOrigin-RevId: 297528932
Change-Id: I750c43e356be55a5bd37a8bb59d998238bd8f1bb
2020-02-27 00:03:55 -08:00
bielec
5a4e3f3d29 Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
PiperOrigin-RevId: 296206385
Change-Id: I53b23122abece1fe318ed4c6a7e37bf3228c8f5f
2020-02-20 07:45:44 -08:00