Christian Blichmann
00a7cc5a33
Use sapi::file::GetContents()
and light Mini-ELF refactoring
...
Plus some style fixes.
PiperOrigin-RevId: 370901533
Change-Id: If4f9d7c3157fdfc2ca4302b06cd95e96e7a8ebdd
2021-04-28 07:49:17 -07:00
Christian Blichmann
08e1e733a0
Update third-party dependencies
...
Also include-what-you-use the `signal.h` header.
PiperOrigin-RevId: 370433834
Change-Id: I934fe6fbf65091e365127db0fc4544499720841c
2021-04-26 05:00:30 -07:00
Christian Blichmann
ab7943abdc
Simplify ptrace emulation and code style fixes
...
PiperOrigin-RevId: 369862187
Change-Id: Ia0759c320cde1c9e3798f0df5c2a0d50ca20fd71
2021-04-22 06:56:45 -07:00
Wiktor Garbacz
d9824dff16
Use absl::Span in BPF disassembler
...
PiperOrigin-RevId: 369636095
Change-Id: I13a8ae08ba354e54c502e0f6cdd35287fdfbb723
2021-04-21 05:33:12 -07:00
Catalin Patulea
4344bbceba
Add optional VLOG(1) for additional process info on Syscall Violation.
...
PiperOrigin-RevId: 368900451
Change-Id: I331d0e239e2f3176c435bd42012d155d60d0b1ac
2021-04-16 12:43:08 -07:00
Christian Blichmann
be6c878b01
Internal change touching the generator rules
...
PiperOrigin-RevId: 368802693
Change-Id: Ia0102d1a92a49b807d4432ee3d0a6a02f528ef00
2021-04-16 01:38:08 -07:00
Catalin Patulea
d5bd1cb38f
Pretty-print ptrace event name on WIFSTOPPED.
...
PiperOrigin-RevId: 368688417
Change-Id: I4368268f1b05148213010768a6d4eaa87211ea45
2021-04-15 12:02:11 -07:00
Wiktor Garbacz
c15b5cb123
Log more info for seccomp setup failure
...
PiperOrigin-RevId: 368618345
Change-Id: Ia1559ece8f83cf27623adab4baa141cd8cfdf143
2021-04-15 05:09:38 -07:00
Wiktor Garbacz
6a679a407d
Automated rollback of commit 54ac8f86fc
.
...
PiperOrigin-RevId: 368616441
Change-Id: I6ff53b730b44b5f08986be62b32fda13932ec19a
2021-04-15 04:54:14 -07:00
Wiktor Garbacz
54ac8f86fc
Automated rollback of commit 2ff96ba0e7
.
...
PiperOrigin-RevId: 368597960
Change-Id: Ifa6c8a57fbd7761fb5e121b589a49ad67333e7cd
2021-04-15 02:17:50 -07:00
Wiktor Garbacz
2ff96ba0e7
Add missing TSAN syscalls
...
PiperOrigin-RevId: 368427218
Change-Id: I73cd330028b805d8a86712936fb0c5103ce9914a
2021-04-14 07:39:13 -07:00
Wiktor Garbacz
bc6bb0c7e5
Fix Mounts::ResolvePath
for dir nodes.
...
PiperOrigin-RevId: 368390904
Change-Id: I4f59e8d74b0d81497255cb0838d6d3132cae160b
2021-04-14 02:45:41 -07:00
Martijn Vels
2efaa463c9
Implement enabling RSEQ inside AllowTcMalloc in terms of AllowRestartableSequences()
...
PiperOrigin-RevId: 368208391
Change-Id: Ie1204cb3a0824ebe54b770e2669ae31f7932ed51
2021-04-13 07:14:55 -07:00
Christian Blichmann
5eb412ac32
Internal change
...
PiperOrigin-RevId: 368172152
Change-Id: Ie1479862473bfef7f08d555109a577d47bfbabc7
2021-04-13 01:58:11 -07:00
Wiktor Garbacz
00649577d9
Fix Reg<long double>
for MSAN
...
On x86 `long double` has 10 bytes of meaningful data, but `sizeof(long double)` is 16 - the remaining bytes are random garbage.
Roll forward after fixing a bug in the original commit.
PiperOrigin-RevId: 368170639
Change-Id: I4a1d2d95b92eed6b71c37145726f7320cfc00ba0
2021-04-13 01:44:01 -07:00
Sandboxed API Team
141fe911f5
Automated rollback of commit 16880d4e3c
.
...
PiperOrigin-RevId: 367459654
Change-Id: I93e13da18cb322c13f7c3e3a3ca4e301ccc49fdd
2021-04-08 10:38:01 -07:00
Wiktor Garbacz
16880d4e3c
Fix Reg<long double>
for MSAN
...
On x86 `long double` has 10 bytes of meaningful data, but `sizeof(long double)` is 16 - the remaining bytes are random garbage.
PiperOrigin-RevId: 367423349
Change-Id: I769b3444ce4fa60f941ccd2115b0b09ccc809f13
2021-04-08 07:10:37 -07:00
Christian Blichmann
17f561f221
Use explicit conversion to std::string
for look up in Protobuf maps
...
This is needed for some compiler versions where `absl::string_view` == `std::string_view`.
PiperOrigin-RevId: 367392064
Change-Id: Id91d23510501df4745f386475ef9049d94062e1b
2021-04-08 02:51:29 -07:00
Copybara-Service
6edd16f1b3
Merge pull request #85 from cblichmann:main
...
PiperOrigin-RevId: 367217172
Change-Id: I147ba51ac643d0f6d3a92c1147cef7f91d24271d
2021-04-07 07:40:51 -07:00
Christian Blichmann
55049983c4
Add more compiler variants to GitHub Actions
...
This changes the workflow definition so that we always try to install
compiler toolchains that we need.
See https://github.com/actions/virtual-environments/issues/2950 for more
context.
Drive-by:
- Mini fix to enable compilation under Clang 6.0
Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-04-07 15:23:23 +02:00
Wiktor Garbacz
bc9d7a8db6
Properly handle unsigned-by-default char types
...
PiperOrigin-RevId: 364774936
Change-Id: I2e411555d98cad128945949ea3eedb045af0421d
2021-03-24 04:48:16 -07:00
Wiktor Garbacz
1be4d04f4e
Avoid tail-call optimization in "violate" testcase
...
PiperOrigin-RevId: 364523883
Change-Id: I5e43534d7db37b4c16f18fc3326714664ab0ae00
2021-03-23 03:51:09 -07:00
Vincenzo Petrolo
34dcd72d7d
fix typo
...
Signed-off-by: Vincenzo Petrolo <vincenzo@kernel-space.org>
2021-03-22 13:08:58 +01:00
Wiktor Garbacz
df840ae38f
Fix order-dependent test.
...
PiperOrigin-RevId: 363639702
Change-Id: I39f7ca1b4a2c65fe027bcc6ed71b10c2dcf46ca0
2021-03-18 05:56:40 -07:00
Christian Blichmann
03bf9f72c0
Replace usage of deprecated functions within Sandboxed API
...
PiperOrigin-RevId: 363637782
Change-Id: I804d60fb3990f891416f06d36cb71b094daf3e37
2021-03-18 05:39:50 -07:00
Martijn Vels
753eacd314
Reduce requirements for restartable sequences
...
PiperOrigin-RevId: 361780465
Change-Id: I299bc55c94d60575e16f0ea6b5f82b8b793af1cb
2021-03-09 04:33:29 -08:00
Martijn Vels
b30d56e871
Add policy helper to allow restartable sequences
...
PiperOrigin-RevId: 360266444
Change-Id: I0a3d2d071972bf7d6e7114a428c6954ed4bcef5c
2021-03-01 13:39:42 -08:00
Wiktor Garbacz
9979faf752
Internal change
...
PiperOrigin-RevId: 359245243
Change-Id: I1acea38c070e4533a0860152c66f8dbcf8c6fb7a
2021-02-24 03:06:55 -08:00
Sandboxed API Team
508c7066a6
asan uses mmap() internally, so allow mmap() calls in asan builds
...
PiperOrigin-RevId: 358802336
Change-Id: I26fa891cc9fffcfd32f6b18a63b39d6f2282ff7d
2021-02-22 06:02:35 -08:00
Wiktor Garbacz
298271f0a7
Deprecate IPC::comms()
...
PiperOrigin-RevId: 358380648
Change-Id: Iaf8f7dc0890be0e7e910649c6f519504f6b0a1a5
2021-02-19 04:43:14 -08:00
Wiktor Garbacz
3d0fa1f891
Replace GetNode
with ResolvePath
in Mounts
...
Now unwinding will properly handle binaries inside bind-mounted directories.
Drive-by:
- Get rid of n^2 path handling
- Get rid of namespace alias
PiperOrigin-RevId: 358353666
Change-Id: Ieec7690ec6a1ae6d358de375220566b69e8cb094
2021-02-19 00:43:34 -08:00
Sandboxed API Team
ec64f47bba
Adds IsRetryable()
method to Result class, currently just returns false.
...
Also fixes signature of `stack_trace()` method.
PiperOrigin-RevId: 356992845
Change-Id: I627caa9861cf7c0eb3496154504f0d948c789fb9
2021-02-11 09:34:23 -08:00
Christian Blichmann
11bb2c7fe2
Update Copybara config to add files from #83
...
PiperOrigin-RevId: 355587833
Change-Id: I40579d1d5a16a32a7228f440e6cca8862e2ee504
2021-02-04 03:07:12 -08:00
Copybara-Service
492cd11273
Merge pull request #83 from cblichmann:cmake-deps-1
...
PiperOrigin-RevId: 355585389
Change-Id: Ie8d22fed3e2876b31b61972c5afb7238e71ae34e
2021-02-04 02:47:13 -08:00
Christian Blichmann
6a58a29039
Make CMake superbuild behave more similar to FetchContent
...
- Move CMake superbuild files
- Drop use of `CMakeLists.txt.in` configure files
- Allow overriding dependency directories. For now, this should only be
used by GitHub workflows. Will be expanded on later, possibly renaming
the variables.
This change is one in a series to make it easier to consume/customize
Sandboxed API in downstream projects.
Drive-by:
- Update `.gitignore` to ignore clangd's `.cache` directory
Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-02-03 18:15:15 +01:00
Christian Blichmann
42f540bc7e
Be more strict about target_link_libraries()
...
Bazel readily enforces header visiblity for each target, CMake is more lenient.
PiperOrigin-RevId: 355407845
Change-Id: Ic59fa2162db8456d4c5cf4205c0fe42cc79874a9
2021-02-03 09:01:31 -08:00
Sandboxed API Team
637dc471ac
Avoid buffer overflows when the sandboxee shrinks a shared buffer.
...
PiperOrigin-RevId: 355336078
Change-Id: I36aa106b3044cbc20b30718a12bd35d147c339c6
2021-02-02 23:59:12 -08:00
Wiktor Garbacz
0bbcb495ee
Remove unneeded Executor ctors
...
absl::Span<const T> has an implicit ctor from container types.
PiperOrigin-RevId: 355155858
Change-Id: I70aea6b276b5e51f7682cba45bb2d4514cb1bc90
2021-02-02 06:55:30 -08:00
Christian Blichmann
e77099876a
Update/rephrase README
...
PiperOrigin-RevId: 355129169
Change-Id: Ie2670f15d65c0075db7a639f61402278dde7b49c
2021-02-02 03:08:31 -08:00
Wiktor Garbacz
8cc018a242
Internal change
...
PiperOrigin-RevId: 355126142
Change-Id: Iba8e54095e94f55811a92243d8af85d893418909
2021-02-02 02:41:13 -08:00
Christian Blichmann
1840083919
Avoid complex designated initializer, initialize internal struct padding
...
The former is to fix compilation on GCC 7, the latter to satisfy MSAN.
PiperOrigin-RevId: 355114355
Change-Id: I5c89a65df16fe9338bcfa24b2e48c246d240ce62
2021-02-02 00:56:58 -08:00
Christian Blichmann
55a8373ec3
Avoid sanitizer macros use Abseil's where necessary
...
Using C++17 means we can get rid of many `#ifdef`s by using `if constexpr`.
This way, we ensure that both branches compile and still retain zero runtime
overhead.
Note that open source builds of Sandboxed API do not ship with sanitizer
configurations yet. This will be added in follow-up changes.
PiperOrigin-RevId: 354932160
Change-Id: I3678dffc47ea873919f0a8c01f3a7d999fc29a5b
2021-02-01 07:11:15 -08:00
Sandboxed API Team
6dcef3d5c9
Integrate LLVM at llvm/llvm-project@1c762a81d2
...
Updates LLVM usage to match
[1c762a81d20f](https://github.com/llvm/llvm-project/commit/1c762a81d20f )
PiperOrigin-RevId: 354567452
Change-Id: I29758805e7e2030d014bbc0007f5c548f119246f
2021-01-29 11:02:56 -08:00
Wiktor Garbacz
552a510777
Fix overload for Executor ctor calls with brace-initializers
...
PiperOrigin-RevId: 354319778
Change-Id: I7b47ef2de734683f9168ef80f8b29357532d51ff
2021-01-28 08:43:22 -08:00
Wiktor Garbacz
ec870c3d15
Simplify Executor ctor hierarchy
...
Also accept `absl::string_view` and `absl::Span<const std::string>` arguments.
Drive-by:
- Move using declaration into namespace
PiperOrigin-RevId: 354271016
Change-Id: Iadd873377e51cac7fa3800aab1f9e85ff94bd4e9
2021-01-28 02:20:37 -08:00
Christian Blichmann
a617f4e8f0
Improvements to limits.h
header
...
- Directly initialize member fields
- Reword comments
PiperOrigin-RevId: 354093192
Change-Id: I19852c3f2bd1b05ed280102b0bed1ea62d8c4adc
2021-01-27 08:05:25 -08:00
Copybara-Service
fb1822b579
Merge pull request #82 from cblichmann:main
...
PiperOrigin-RevId: 353870558
Change-Id: If51eb17a94ad0f42876e5fa980918532153c42e9
2021-01-26 08:18:57 -08:00
Christian Blichmann
d1e8ad94a8
Improve curl example
...
- Update sandbox policy (bring back inclusion of `/lib` to enable glibc
resolver
- Better error handling using new `curl_util` library
Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-01-26 17:01:02 +01:00
Christian Blichmann
6f33cef716
Allow FUTEX_WAKE
for recent libc allocators
...
PiperOrigin-RevId: 353827808
Change-Id: I6d1509016297fd16bec0ae6ea263896a1af9dc37
2021-01-26 02:32:26 -08:00
Christian Blichmann
1459cc612e
Cleanup, fix OSS Bazel build
...
Bazel 4.0.0 is less lenient in handling escape sequences.
PiperOrigin-RevId: 353827443
Change-Id: I972841464449ed2262a0ef486343ae1ed444ad3c
2021-01-26 02:29:08 -08:00