StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
849 Commits 1 Branch 3 Tags 144 MiB
baa1e570b4
Commit Graph

503 Commits

Author SHA1 Message Date
Wiktor Garbacz
a339850dbf Fix ::sapi:✌️:Char::ToString() 
Also make it correct with scoped enums.

PiperOrigin-RevId: 422310326
Change-Id: Ie2db81ec7c8d8ecd8d5fb79573bc9f5040fd8c3b
 2022-01-17 02:04:50 -08:00
Christian Blichmann
9229b3fa82 Fix -Wc++11-narrowing error with Clang introduced in 2546d9e 
PiperOrigin-RevId: 421784429
Change-Id: Ia5d09a980db39bc8d88373dc769cb5889417502d
 2022-01-14 03:40:01 -08:00
Sandboxed API Team
2546d9e85b Ability to inspect a syscall's return value. 
PiperOrigin-RevId: 421552017
Change-Id: I7103720723b5e5828f80731a724c5672895dfa54
 2022-01-13 06:49:19 -08:00
Sandboxed API Team
ebe4475348 Fix typo in log line that displayed decimals with 0x prefix 
PiperOrigin-RevId: 421547286
Change-Id: Ie088bb7871629db919f34f365eb9b6ab7fe65917
 2022-01-13 06:20:47 -08:00
Wiktor Garbacz
99b56fee19 Remove redundant glog dependency for sandbox2::sanitizer 
PiperOrigin-RevId: 421500119
Change-Id: I720a3efef52868099d388685abee45be887ba430
 2022-01-13 01:15:50 -08:00
Sandboxed API Team
85c8ae5125 Automated rollback of commit fac8713fbe. 
PiperOrigin-RevId: 421356226
Change-Id: I4a179aeed226e005449c980e11b049759dad3878
 2022-01-12 11:47:06 -08:00
Sandboxed API Team
fac8713fbe Ability to inspect a syscall's return value. 
PiperOrigin-RevId: 421300791
Change-Id: I93b7e97a532f82c2b077766e22fb2fe9effe6ba2
 2022-01-12 08:09:09 -08:00
Wiktor Garbacz
b0bc17e456 Fix Regs::SkipSyscallReturnValue for Aarch64 
Add a test.

PiperOrigin-RevId: 420271649
Change-Id: Ifc857ec5351a0fc70547c98f57c22cf792d5d9f9
 2022-01-07 05:26:26 -08:00
Christian Blichmann
d54338db3e Upgrade to libunwind 1.6.2 
PiperOrigin-RevId: 420066991
Change-Id: I71295329bc3648827f085c771a1164d1aaf02cab
 2022-01-06 08:26:05 -08:00
Christian Blichmann
21847a1ef1 Emulate PTRACE_GETREGSET in ptrace wrapper 
Newer versions of libunwind use `PTRACE_GETREGSET` to obtain register data.
This change should make it easier to upgrade the libunwind dependency.

PiperOrigin-RevId: 420057842
Change-Id: Ib9abbeff574e457009709715f912ba5962033c5d
 2022-01-06 07:33:13 -08:00
Sandboxed API Team
8d7a442b94 Update test to use sapi:✌️:Proto<>::FromMessage factory method 
The bare constructor is deprecated.

PiperOrigin-RevId: 419583946
Change-Id: I7647b74e7f4be65e0bbeba1c1393601ffa87fd80
 2022-01-04 07:01:28 -08:00
Christian Blichmann
3745d58587
filewrapper: _Exit instead of CHECK failing 
Raw `SAPI_RAW_PCHECK` may dump core, depending on environment settings
(issue #89).
This is undesirable in the face of invalid command-line arguments.

Signed-off-by: Christian Blichmann <cblichmann@google.com>
 2022-01-03 15:00:35 +01:00
Christian Blichmann
aa3f60148c Do not run static test on AArch64 user mode emulation 
PiperOrigin-RevId: 417556328
Change-Id: Ib04b3c6bbe8e5fcece11652c7a751a319899b73c
 2021-12-21 00:17:22 -08:00
Wiktor Garbacz
3f5184770d Introduce util::CharPtrArray with proper ownership semantics 
Replace existing calls to VecStringToCharPtrArr

PiperOrigin-RevId: 417383812
Change-Id: Ibf9d878df5ada2cb3a0872f7ca7cab96c304a5c1
 2021-12-20 05:08:12 -08:00
Sandboxed API Team
a44e57e243 Update references to the new documentation 
PiperOrigin-RevId: 416317448
Change-Id: Ic148364e012405cc34840c12428cbd912ed377ae
 2021-12-14 09:03:29 -08:00
Christian Blichmann
11619a08f4 Remove SyscallInitializer 
PiperOrigin-RevId: 416231431
Change-Id: I83575ee3a51c348912f3d13db600d104ee927265
 2021-12-14 00:45:27 -08:00
Christian Blichmann
01ffc2a1c2 #Cleanup PolicyBuilder API using absl::Span 
PiperOrigin-RevId: 415979969
Change-Id: I23e00a48ce9ba14c480f8d137c6ae3981a238e13
 2021-12-13 01:31:59 -08:00
Christian Blichmann
354cbe89f9 Add more convenience functions to PolicyBuilder 
- Allow to specify multiple syscalls with `BlockSyscallsWithErrno()`
- Add functions to allow `unlink()` and `rename()` in all their spellings

PiperOrigin-RevId: 414987303
Change-Id: Ic0e680b785e8e3a3498f20e6a7403737e63fe876
 2021-12-08 06:41:21 -08:00
Sandboxed API Team
46c09e0024 Implement WaitForTsan on other sanitizers 
__sanitizer_sandbox_on_notify is not tsan specific.
It's empty for other sanitizers now, but we are going to need it soon.

PiperOrigin-RevId: 414873197
Change-Id: I251ac38e5c886980b4baa7f05306643599a25090
 2021-12-07 17:59:05 -08:00
Wiktor Garbacz
8979b47d7f Remove arg filter on rt_sigprocmask in AllowStaticStartup 
PiperOrigin-RevId: 414692179
Change-Id: If2a5f741ad38f626287988911b85bef7a711f80a
 2021-12-07 05:04:01 -08:00
Sandboxed API Team
8e8ce0955f Fix unwind module for Android-ARM64 
PiperOrigin-RevId: 414673588
Change-Id: Ib40e4f6b53692440591a1a1e9e069f974832f733
 2021-12-07 03:33:56 -08:00
Wiktor Garbacz
8562306c97 Add CloseAllFDsExcept test. 
Move VecStringToCharPtrArr before fork, so that it cannot deadlock when other thread holds allocation lock.

PiperOrigin-RevId: 414661912
Change-Id: Ie8aa5c36693e6f86c69d67a1da51b7e7ff1ec30b
 2021-12-07 02:23:23 -08:00
Wiktor Garbacz
4061666f44 Fix dependencies for sanitizer target 
PiperOrigin-RevId: 414659990
Change-Id: I25215d0f03cf998fee068ae7db91b7e438fcc4f5
 2021-12-07 02:13:15 -08:00
Sandboxed API Team
84c29dd3bb Relax the policy to allow stat (and possibly stat64). 
PiperOrigin-RevId: 414480521
Change-Id: If0ffca2141589ea3cf0dec4b0524c50ca37489b4
 2021-12-06 10:23:31 -08:00
Christian Blichmann
60eb52c17f Explicitly narrow size argument for BPF 
This fixes a build error introduced in 26da6e6b0a.

PiperOrigin-RevId: 414408033
Change-Id: Ic34d5eeba3bb34f9a5ce46a05547129fbab8bce0
 2021-12-06 04:51:28 -08:00
Wiktor Garbacz
4e6cafa934 Readd function comment removed by mistake 
PiperOrigin-RevId: 414406963
Change-Id: Id8155b67ce063a9171b70e24b58d407415b30e78
 2021-12-06 04:43:32 -08:00
Wiktor Garbacz
245a8c7650 Remove deprecated AddTmpfs 
PiperOrigin-RevId: 414387983
Change-Id: I872c2f3bc1ccaf7a20d7ab97a5cb104d4f096a3f
 2021-12-06 02:36:02 -08:00
Wiktor Garbacz
2a67805a13 Add prlimit64 to AllowLogForwarding 
PiperOrigin-RevId: 414385430
Change-Id: I4e70d25f886f1ef65fab1b62c67e80eb45407bc7
 2021-12-06 02:19:03 -08:00
Chris Kennelly
e61a84979a Internal change 
PiperOrigin-RevId: 413954176
Change-Id: Ie07c1c8d96019e1605ea3b9ed58030754954ee97
 2021-12-03 09:34:32 -08:00
Wiktor Garbacz
e4ef46631d Replace raw_logging with regular logging in Monitor 
PiperOrigin-RevId: 413928700
Change-Id: I0bc4dd86b45c0ddd679a435003fbad2aea27fbf2
 2021-12-03 07:17:36 -08:00
Wiktor Garbacz
2fa92bf47c Internal change 
PiperOrigin-RevId: 413911008
Change-Id: I59cdac60c092f31fb487f032b3489341c0ba626a
 2021-12-03 05:21:01 -08:00
Wiktor Garbacz
c3308b56fc Replace deprecated AddTmpfs call 
PiperOrigin-RevId: 413907279
Change-Id: I3a32be4b19acab8b2b2092961df3dd9f3699261b
 2021-12-03 04:56:40 -08:00
Christian Blichmann
4a6e005155 Make PtrXXX() family of functions public 
PiperOrigin-RevId: 413616359
Change-Id: I553c17f0668708b00fdb12a21109ed45aeba6c66
 2021-12-02 01:41:59 -08:00
Sandboxed API Team
a096056263 Automated rollback of commit b72078f692. 
PiperOrigin-RevId: 413442229
Change-Id: I48d03ce200160da1c86faec29b2ca51fb1ead834
 2021-12-01 09:54:44 -08:00
Sandboxed API Team
b72078f692 Automated rollback of commit 6a6c931317. 
PiperOrigin-RevId: 413362657
Change-Id: Ie75672101b2aba4183f9aa3e39679a99f309e155
 2021-12-01 02:56:59 -08:00
Wiktor Garbacz
f5fbe8cce5 Internal change 
PiperOrigin-RevId: 413351344
Change-Id: I93962c43649fab1f73b3960044563e54449af271
 2021-12-01 01:48:41 -08:00
Christian Blichmann
6a6c931317 Move away from multiple inheritance 
This change is a first step to make the SAPI variable hierarchy more sensible.
It turns the `Reg<T>` class into a descendant of `Pointable`, but without
making its `PtrXXX()` methods public (hence the `using` statements). Further
changes are needed to restructure this.

There are no functional changes and the class sizes, including vtables, should
not change.

PiperOrigin-RevId: 413333120
Change-Id: I90ceeaeb7aea482016f8f4bee81489d5a9db9ade
 2021-11-30 23:46:59 -08:00
Christian Blichmann
85a463372f Sandbox2: Mark tests that won't run under QEMU user emulation 
PiperOrigin-RevId: 412861975
Change-Id: I0f168bc71b5738ed55b836f148ded94bf397d27d
 2021-11-29 05:20:48 -08:00
Christian Blichmann
c2b7cffe78 Minielf: Use a template to load integers 
Different versions of the `elf.h` header define their own integer types. For
example, even on LP64 systems, a 64-bit ELF integer types may decay into
`unsigned long long` instead of `unsigned long`.

This change replaces the various overloads with a single function template
that is well-defined for all integral types.

PiperOrigin-RevId: 410746713
Change-Id: I4b560f7541802372f01ae3d6f4a56554e51d70c8
 2021-11-18 02:16:26 -08:00
Sandboxed API Team
dcfd85d74e Extend existing CPU architecture spellings in config header and define platform spellings. 
PiperOrigin-RevId: 410474889
Change-Id: I41f870ad49e2203a6bdf833102c0d0a9cafa7af4
 2021-11-17 02:41:07 -08:00
Wiktor Garbacz
e86322db84 Fix a race between NotifyMonitor/AwaitResult 
PiperOrigin-RevId: 410463096
Change-Id: I370705131ac78f26736646596189d8cad2bb70c2
 2021-11-17 01:40:42 -08:00
Sandboxed API Team
04503f9bbe Replace <bits/local_lim.h> with <climits> 
PiperOrigin-RevId: 409932987
Change-Id: I388aca627d6d0f3c9d5721e66574fb8af85cc8f4
 2021-11-15 03:16:28 -08:00
Sandboxed API Team
9541b657ad Use alias s6_addr instead of direct field access. 
PiperOrigin-RevId: 409908616
Change-Id: I18f87b41eae3f96fd60b8cd14073bd8df66fae98
 2021-11-15 01:01:20 -08:00
Sandboxed API Team
2727714012 Expose unwind symbol helpers. 
PiperOrigin-RevId: 409391470
Change-Id: Iad14caabbada1278216e5e28ba55bae8dc8b9b2b
 2021-11-12 05:59:51 -08:00
Wiktor Garbacz
26da6e6b0a Safer and more efficient custom syscall policies 
Generate syscall jump table without using bpf_helper.
Check that any jump in the user provided policy is within the provided policy.

PiperOrigin-RevId: 409362089
Change-Id: I31493e52cf868e4b184ff79fcb26beeb75f49773
 2021-11-12 02:44:41 -08:00
Wiktor Garbacz
c95837a6c1 Check and limit seccomp policy length. 
PiperOrigin-RevId: 409129756
Change-Id: Ib9937495966f545fb980eba04393db640af2325f
 2021-11-11 06:10:40 -08:00
Sandboxed API Team
00747d5241 Allow getpid call for log forwarding. 
PiperOrigin-RevId: 407865992
Change-Id: Ia14dc5cc1628337292586955f1c17a8d8f2995de
 2021-11-05 11:16:45 -07:00
Tony Li
cfb9e031dd
fix typo, master branch -> main 2021-10-17 22:52:57 -07:00
Christian Blichmann
d85f40b8b0 Modernize namespace_test a little 
PiperOrigin-RevId: 402795383
Change-Id: Ia576259078f40a3ca6b96094bd15c3ea7b0b79d9
 2021-10-13 04:17:46 -07:00
Christian Blichmann
1260b5f38b Move example sandboxes out of lib directories 
This is mainly so that the structure of the examples follows what we do
internally (not having separate directories).

PiperOrigin-RevId: 402298115
Change-Id: I0f542607b88597572de39532364816f80a076697
 2021-10-11 07:59:25 -07:00