Commit Graph

29 Commits

Author SHA1 Message Date
Martijn Vels
2efaa463c9 Implement enabling RSEQ inside AllowTcMalloc in terms of AllowRestartableSequences()
PiperOrigin-RevId: 368208391
Change-Id: Ie1204cb3a0824ebe54b770e2669ae31f7932ed51
2021-04-13 07:14:55 -07:00
Martijn Vels
753eacd314 Reduce requirements for restartable sequences
PiperOrigin-RevId: 361780465
Change-Id: I299bc55c94d60575e16f0ea6b5f82b8b793af1cb
2021-03-09 04:33:29 -08:00
Martijn Vels
b30d56e871 Add policy helper to allow restartable sequences
PiperOrigin-RevId: 360266444
Change-Id: I0a3d2d071972bf7d6e7114a428c6954ed4bcef5c
2021-03-01 13:39:42 -08:00
Sandboxed API Team
3323ddc129 Permit sandboxee's bpf() to fail
The default policy causes immediate termination of a sandboxee that
calls `bpf`(2).

This does not allow for try-call use of `bpf()` to test for optional
features.

To support such try-call use cases, sandboxes would like to say:

```
  sandbox2::PolicyBuilder builder;
  builder.BlockSyscallWithErrno(__NR_bpf, EPERM);
```

but this doesn't work because the default policy unconditionally treats
`bpf()` as a sandbox violation.

Remove the bpf violation check from the policy if `bpf()` is explicitly
blocked with an errno.

PiperOrigin-RevId: 345239389
Change-Id: I7fcfd3a938c610c8679edf8e1fa0238b32cc9db4
2020-12-02 08:38:32 -08:00
Wiktor Garbacz
5fb18d3c9d Add policy on both mmap & mmap2
PiperOrigin-RevId: 341007959
Change-Id: I3c2e74cc973d2603cf7b3a858fa8aabd05c41137
2020-11-06 01:30:18 -08:00
Christian Blichmann
2acec65a58 Add an AllowAccess() convenience function to PolicyBuilder
Drive-by: Apply convenience functions in policies.
PiperOrigin-RevId: 340404977
Change-Id: I906106b61c1837d23ddaff15d8792ec79d3d3189
2020-11-03 02:21:21 -08:00
Christian Blichmann
6a1e4b881c Introduce config header to centralize CPU architecture checks
This allows us to remove some uses of macros.

Related changes:
- Make it clear that we support hosting sandboxed binaries from 64-bit
  processes only. CPU architectures are x86-64 and POWER64 (little endian).
- Introduced CPU architecture macros, abstracting away compiler specifics

PiperOrigin-RevId: 330918134
Change-Id: Ife7ad5f14723eec9f68055127b0583b8aecd38dd
2020-09-10 05:48:00 -07:00
Sandboxed API Team
23da55c19a Internal BUILD refactoring
PiperOrigin-RevId: 329720214
Change-Id: I25fbb94dea17db3bdca6438d17508fa304d9706f
2020-09-03 07:40:33 -07:00
Wiktor Garbacz
c53f2a900f Automated rollback of commit e7a195ce42.
PiperOrigin-RevId: 328918626
Change-Id: Iabe93ec7062ea6e750e4185e2b0b672a37111ee7
2020-08-28 04:49:41 -07:00
Sandboxed API Team
e7a195ce42 Automated rollback of commit 82c56775ef.
PiperOrigin-RevId: 328340042
Change-Id: Ib225f8012fb373c74e3f1b3e6201b2daca7da40b
2020-08-25 09:01:22 -07:00
Wiktor Garbacz
82c56775ef StatusOr cleanups
PiperOrigin-RevId: 328318284
Change-Id: I207570c0fee6797dbc8995d36ef2130b0bff28fa
2020-08-25 06:22:05 -07:00
Sandboxed API Team
79049b09c0 Add helper function for MADV_WIPEONFORK.
BoringSSL (which is the crypto library used by most Google products) is starting to use madvise(_, _, MADV_WIPEONFORK) to protect random-number state from being duplicated by fork(). This causes extra madvise calls that sandboxes need to permit in order to continue functioning.

PiperOrigin-RevId: 309173849
Change-Id: I007dacc1ff1fd0ccc138caaa08735cfe5bc78234
2020-04-30 00:08:55 -07:00
Christian Blichmann
496672c333 Cleanup calls to sapi::StatusOr<>::ValueOrDie()
PiperOrigin-RevId: 304398197
Change-Id: I85d09457a5e27f65c0792fe93aebbd8219801ef6
2020-04-02 07:42:45 -07:00
Kevin Hamacher
dadf55f647 Show a warning when tmpfs size is not specified
PiperOrigin-RevId: 302441519
Change-Id: Ia4130c9067f00ed48065ea3b4854c844e7b88f85
2020-03-23 08:44:28 -07:00
Christian Blichmann
f6c3db4c6e Replace sapi::Status with absl::Status
PiperOrigin-RevId: 297614681
Change-Id: I89fe1357a172ed4d28df6dd84b80fee364ce1c14
2020-02-27 09:24:12 -08:00
bielec
5a4e3f3d29 Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
PiperOrigin-RevId: 296206385
Change-Id: I53b23122abece1fe318ed4c6a7e37bf3228c8f5f
2020-02-20 07:45:44 -08:00
Sandboxed API Team
05280287e0 Automated rollback of commit 800339d672.
PiperOrigin-RevId: 294644781
Change-Id: I88ad35abd96468476294039a41b6f2a8234db6ca
2020-02-17 10:39:08 +01:00
bielec
800339d672 Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
PiperOrigin-RevId: 294640297
Change-Id: I4c6520685a658f8b7762af238588830f71b3f54a
2020-02-17 10:38:44 +01:00
Christian Blichmann
441201884a Update license header with recommended best practices
PiperOrigin-RevId: 290250533
Change-Id: Ic34b253446463cf971a055b70a242df93a598ee3
2020-01-17 05:05:29 -08:00
Wiktor Garbacz
1673ade4e4 Remount chroot as read-only
PiperOrigin-RevId: 280394655
Change-Id: I1490b7dfbbca3d91f5efb4dd5800397c9da57da8
2019-11-14 03:51:26 -08:00
Kristj?n J?nsson
78824353d1 Make PolicyBuilder a value class.
This makes the class more ergonomic because
* You don't have to heap allocate the builder.
* You can create a policy builder "template" and re-use it across sandboxes to avoid repetitive work.

PiperOrigin-RevId: 273555679
Change-Id: I4084ee9c74f95ebfde873eb0dc021b3b3cdc5ea2
2019-10-08 10:45:45 -07:00
Wiktor Garbacz
2e22b13b39 Enable namespaces by default
PiperOrigin-RevId: 268417712
Change-Id: I496d76e8a90665627b9be2bb5f9872a5df1c84e4
2019-09-11 02:39:49 -07:00
Christian Blichmann
276b7efc92 Internal change.
PiperOrigin-RevId: 265057217
Change-Id: Id00c867b373dbe8c9112c23ef4b0300ed3ca9e5b
2019-08-23 08:08:51 -07:00
bielec
ef7592cfdd Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
PiperOrigin-RevId: 259512665
Change-Id: I2747c7548ab24c7d2c90abb303fd783c11fed6f4
2019-07-23 04:41:08 -07:00
Christian Blichmann
747ccb57e8 Rename stack-trace{.h,.cc,._test.cc} to use underscores
PiperOrigin-RevId: 257144753
Change-Id: I4ce0dffad552c25b61102adfb1c03b8aea427dd9
2019-07-09 01:32:25 -07:00
Sandboxed API Team
970257d87b Allow two madvise calls for asan & tsan builds.
bbfa21f177/lib/sanitizer_common/sanitizer_posix_libcdep.cc (L71)

PiperOrigin-RevId: 252048323
Change-Id: I457e708f0b024fd9db4ad39265cb904777ca52b5
2019-06-07 07:53:10 -07:00
Wiktor Garbacz
85059ef40d Add DisableNamespaces to PolicyBuilder
Currently mostly no-op, but this is the first step to turn namespaces on
by default.

PiperOrigin-RevId: 249439158
Change-Id: I5eeb1216dc868c660f62ad50c34f626afbf7db61
2019-05-22 06:54:12 -07:00
Christian Blichmann
f04be9276f Formatting fixes and include file hygiene.
PiperOrigin-RevId: 240346890
Change-Id: I1a9617f10a62a848b6314a6196512e016ae02643
2019-03-26 07:54:21 -07:00
Christian Blichmann
177b969e8c
Sandboxed API OSS release.
PiperOrigin-RevId: 238996664
Change-Id: I9646527e2be68ee0b6b371572b7aafe967102e57

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2019-03-18 19:00:48 +01:00