Commit Graph

721 Commits

Author SHA1 Message Date
Andrei Medar
53e4603b02 use AddDirectoryAt instead of AddDirectory in the security policy. Move the .gitmodules file to the lodepng folder (works this time) 2020-08-13 09:07:36 +00:00
Andrei Medar
27fcf0eb02 added same examples to normal main.cc. Modified code to use assert 2020-08-13 08:34:43 +00:00
Bohdan Tyshchenko
47fd491e20 Codestyle update 2020-08-12 14:09:40 -07:00
Andrei Medar
c13895e5a8 added the same functionality in the sandboxed file as in the unit tests 2020-08-12 16:08:53 +00:00
Andrei Medar
fd73a06c30 moved .gitmodules to lodepng project folder 2020-08-12 14:09:26 +00:00
Andrei Medar
4cf4f6d093 added submodules, modified the tests to use the current path 2020-08-12 13:59:17 +00:00
Andrei Medar
0707d8d9e2 removed CMakeLists.txt from lodepng folder. Now the library is built from the parent folder 2020-08-12 12:10:05 +00:00
Katarzyna Miernikiewicz
73e6a27b14 fixed typo 2020-08-12 11:59:31 +00:00
Katarzyna Miernikiewicz
785de90c80 Openjpeg sandboxed 2020-08-12 11:50:11 +00:00
Katarzyna Miernikiewicz
57fa728e4b fixed typos 2020-08-12 11:48:40 +00:00
Katarzyna Miernikiewicz
89ef35d4c3 Openjpeg decompress sandboxed 2020-08-12 11:37:59 +00:00
Katarzyna Miernikiewicz
d0f638de4c fixed typo 2020-08-12 11:26:55 +00:00
Katarzyna Miernikiewicz
48144bb100 initial openjpeg commit 2020-08-12 11:24:30 +00:00
Andrei Medar
3d015be05c added some comments in main_unit_test.cc and .gitignore 2020-08-12 11:20:02 +00:00
Bohdan Tyshchenko
6f7110dd4f Added tests for sandboxed library and transaction 2020-08-12 03:45:08 -07:00
Bohdan Tyshchenko
06ae5e2427 First version of guetzli sandbox 2020-08-11 15:57:37 -07:00
Bohdan Tyshchenko
d41a3d6d16 First version of guetzli sandbox 2020-08-11 15:48:48 -07:00
Bohdan Tyshchenko
258dbcd622 Init guetzli sandbox 2020-08-11 15:44:13 -07:00
Andrei Medar
b979486ff1 added some unit tests. main_sandboxed.cc and main.cc have to be changed as well 2020-08-11 14:53:24 +00:00
Andrei Medar
f1361d5d0e added encoding basic example (not working currently) 2020-08-11 07:15:53 +00:00
Bohdan Tyshchenko
dc8cf90cb3 Init guetzli sandbox 2020-08-10 06:29:59 -07:00
Andrei Medar
100d7125aa WIP added an encoding use case where the image is generated 2020-08-10 11:05:52 +00:00
Andrei Medar
044814f4ed added gflags for main_sandboxed 2020-08-07 13:50:16 +00:00
Andrei Medar
6ef819133e changed style and added status checks for sapi calls 2020-08-07 12:25:15 +00:00
Andrei Medar
d63ada79cf basic example using sapi 2020-08-07 11:01:41 +00:00
Christian Blichmann
b76cb15f26 Rename accessors, move away from time_t API
- `GetPid()` -> `pid()`
- `GetRpcChannel()` -> `rpc_channel()`
- `IsActive()` -> `is_active()`
- Suggest `SetWallTimeLimit(time_t)` -> `SetWallTimeLimit(absl::Duration)`

In addition, remove the protected zero-argument contructor.

PiperOrigin-RevId: 325390292
Change-Id: Iba044ad5ce44e78c4064c0a09faaa4227c4d19a5
2020-08-07 00:30:28 -07:00
Christian Blichmann
11fd8ba330 Collect Bazel files into bzl_library targets
PiperOrigin-RevId: 325221214
Change-Id: Iab03b900e143b9b95bed151097abb59ac1e0f996
2020-08-06 06:53:44 -07:00
Sandboxed API Team
8633f22185 Increase limit on symbol table size and section size.
PiperOrigin-RevId: 325215228
Change-Id: I2e6ca131d92d86e7aa0d5cc37a3507dce03db25f
2020-08-06 06:04:14 -07:00
Christian Blichmann
db0dfbb21f Add directories/README for contributions
PiperOrigin-RevId: 323566271
Change-Id: I4ccddea09f5d2ecc2a2e17841693350eec9f7d3a
2020-07-29 11:32:41 +02:00
Christian Blichmann
833c9740aa Use absl::StrFormat() in Reg<T>::ToString()
PiperOrigin-RevId: 322528126
Change-Id: Ia5344e53366a8b3c11ec0dbba7cff8e4192a7605
2020-07-22 01:21:02 -07:00
Christian Blichmann
aaa3eded8f Rename SYNC_* constants to conform to style guide
PiperOrigin-RevId: 322137271
Change-Id: I03d7f2e4841f42e439359727a686d55f1b4ab081
2020-07-20 07:05:44 -07:00
Christian Blichmann
c7a27dd4b1 Modernize a few files
- Use default initialization
- Rely on `static_assert()` and use `if constexpr` when checking SAPI
  variable type
- Small style fixes

PiperOrigin-RevId: 322107281
Change-Id: I48cf43f354b60e31e6207552dbbfa16e3acd5615
2020-07-20 03:07:54 -07:00
Christian Blichmann
eb62bae167 Refactor stack trace handling
- Drop `delim` argument from the `GetStackTrace()` family of functions.
  We only ever used plain spaces.
- Use an `std::vector<std::string>` for the symbolized stack frames and
  adjust the unwind proto accordingly.

This change now prints each stack frame on its own line while skipping
duplicate ones:

```
I20200717 11:47:16.811381 3636246 monitor.cc:326] Stack trace: [
I20200717 11:47:16.811415 3636246 monitor.cc:337]   map:/lib/x86_64-linux-gnu/libc-2.30.so+0xceee7(0x7fb871602ee7)
I20200717 11:47:16.811420 3636246 monitor.cc:337]   Rot13File+0x130(0x55ed24615995)
I20200717 11:47:16.811424 3636246 monitor.cc:337]   ffi_call_unix64+0x55(0x55ed2461f2dd)
I20200717 11:47:16.811429 3636246 monitor.cc:337]   map:[stack]+0x1ec80(0x7ffee4257c80)
I20200717 11:47:16.811455 3636246 monitor.cc:339]   (last frame repeated 196 times)
I20200717 11:47:16.811460 3636246 monitor.cc:347] ]
```

PiperOrigin-RevId: 322089140
Change-Id: I05b0de2f4118fed90fe920c06bbd70ea0d1119e2
2020-07-20 00:24:40 -07:00
Wiktor Garbacz
f7d3f442df Extract ForkClient to a separate target
PiperOrigin-RevId: 321757582
Change-Id: I48b89ab4e4b1d87dd9444874de5bf5bd2526531a
2020-07-17 04:54:54 -07:00
Wiktor Garbacz
e9f7293e21 Fix ptrace_hook dependency graph
PiperOrigin-RevId: 321748143
Change-Id: Idb453054b78e932ce13c5f44f7d408cc0f9c31f2
2020-07-17 03:20:43 -07:00
Christian Blichmann
a574b66e99 Do not add third_party test targets in CMake build
This way, one can just run `ctest .` in the build directory and it will only
run Sandboxed API and Sandbox2 tests.

PiperOrigin-RevId: 321342543
Change-Id: I42537e64bfb3127dca00bd92a3f7b35ca64004d9
2020-07-15 05:31:50 -07:00
Wiktor Garbacz
405cc00683 Workaround for issue#32
PiperOrigin-RevId: 321154163
Change-Id: Ida6defa3d5586b39e69e958524cee7579085826f
2020-07-14 07:28:16 -07:00
Christian Blichmann
b7d137721a Do not keep a reference to a temporary
PiperOrigin-RevId: 321117444
Change-Id: If6951058fcd32fe638f9241bef79181d6785e9cf
2020-07-14 01:42:05 -07:00
Christian Blichmann
1f1de9e229 Fix logging/display of syscall tables
Initializing `absl::Span`s like by assigning them from a temporary
array leaves them pointing to invalid data. Due to the way the linker
initializes these constant tables, _most_ of them will still be valid
_most_ of the time, leading to crashes when running sandboxees with the
`--sandbox2_danger_danger_permit_all_and_log` option.

PiperOrigin-RevId: 321112099
Change-Id: I891118da08cbb6000b3e2e275618bc4edaa1d020
2020-07-14 00:47:54 -07:00
Christian Blichmann
5f35b4fc8c Fix mix-up in main_zlib.cc
The example compresses from stdin to stdout, not vice versa.

PiperOrigin-RevId: 320941406
Change-Id: I41c7fed1b7f6306541567c0df46a8590844db69b
2020-07-13 06:12:35 -07:00
Chris Kennelly
63a8b3ff15 Refactoring for internal change
PiperOrigin-RevId: 320612442
Change-Id: I65729ac5d83c76dac047a47f866b7ad4af3c56c1
2020-07-10 09:01:49 -07:00
Christian Blichmann
c3861819bc Update Hello SAPI's WORKSPACE for newer Bazel versions
Bazel 3.x now requires specifying `commit`, `tag` or `branch` in its
`git_repository` rule.

PiperOrigin-RevId: 320572176
Change-Id: I81048d997f595202f4dfbd3c1e9c8321240a28a3
2020-07-10 02:50:00 -07:00
Sandboxed API Team
a602177943 Fix AllowLlvmSanitizers for Msan.
PiperOrigin-RevId: 319947612
Change-Id: I6485d8282381c4cb2be05e138e007ccbb3e5d956
2020-07-07 02:40:24 -07:00
Sandboxed API Team
228f3e7ed1 Migrate usage of StatusOr::operator bool to StautsOr::ok.
PiperOrigin-RevId: 319931897
Change-Id: I31b4bb71c7eeaf6687a499248bbfbb26c78b94ff
2020-07-07 00:14:07 -07:00
Sandboxed API Team
88e9dbf8d4 Allow Asan to get sigaltstack
Include sigaltstack into AllowHandleSignals

PiperOrigin-RevId: 319293484
Change-Id: I4d60715893bd07eff047d2bced1450a3cd29bcec
2020-07-01 14:09:03 -07:00
Wiktor Garbacz
6008dc6db4 Reduce dependencies on libcap
PiperOrigin-RevId: 319228803
Change-Id: I1a9497f9e33bbe1e84749505305cd9c148b6d700
2020-07-01 08:23:46 -07:00
Wiktor Garbacz
0d375e69e1 Remove abort from ExecuteProcess
Otherwise ExecuteProcess is implicitly `[[noreturn]]` and this
might cause policy violations in `__asan_handle_no_return`
for ASAN builds.

PiperOrigin-RevId: 319203128
Change-Id: I5c8ba71ce88261f803aa3f16730eccea0d803dd1
2020-07-01 04:54:29 -07:00
Copybara-Service
c3f58825f1 Merge pull request #46 from cblichmann:master
PiperOrigin-RevId: 319182630
Change-Id: I1d370e3f447d0624b61eff1f39faab879ee423be
2020-07-01 01:34:54 -07:00
Christian Blichmann
a51c275a3a Avoid arch names in libffi build directories
This is done by simply building libffi in-tree. Normally, this is not
desirable, but in our case is actually ok, as this is an external
dependency to be pulled in and cleaning the source tree is easy in this
case.

Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-06-30 08:59:50 +02:00
Christian Blichmann
2ffea13759 Mark zlib as found when using SAPI CMake build
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-06-30 08:59:50 +02:00