Commit Graph

524 Commits

Author SHA1 Message Date
Doina Chiroiu
4cc2d40642 Simple version of sandbox 2020-08-13 10:22:33 +00:00
Andrei Medar
4451d3229d readme update 2020-08-13 09:14:03 +00:00
Andrei Medar
cc0c998f3f moving .gitmodules doesn't seem to work as intended. Moved it to root 2020-08-13 09:10:21 +00:00
Andrei Medar
53e4603b02 use AddDirectoryAt instead of AddDirectory in the security policy. Move the .gitmodules file to the lodepng folder (works this time) 2020-08-13 09:07:36 +00:00
Andrei Medar
27fcf0eb02 added same examples to normal main.cc. Modified code to use assert 2020-08-13 08:34:43 +00:00
Bohdan Tyshchenko
47fd491e20 Codestyle update 2020-08-12 14:09:40 -07:00
Andrei Medar
c13895e5a8 added the same functionality in the sandboxed file as in the unit tests 2020-08-12 16:08:53 +00:00
Andrei Medar
fd73a06c30 moved .gitmodules to lodepng project folder 2020-08-12 14:09:26 +00:00
Andrei Medar
4cf4f6d093 added submodules, modified the tests to use the current path 2020-08-12 13:59:17 +00:00
Andrei Medar
0707d8d9e2 removed CMakeLists.txt from lodepng folder. Now the library is built from the parent folder 2020-08-12 12:10:05 +00:00
Katarzyna Miernikiewicz
73e6a27b14 fixed typo 2020-08-12 11:59:31 +00:00
Katarzyna Miernikiewicz
785de90c80 Openjpeg sandboxed 2020-08-12 11:50:11 +00:00
Katarzyna Miernikiewicz
57fa728e4b fixed typos 2020-08-12 11:48:40 +00:00
Katarzyna Miernikiewicz
89ef35d4c3 Openjpeg decompress sandboxed 2020-08-12 11:37:59 +00:00
Katarzyna Miernikiewicz
d0f638de4c fixed typo 2020-08-12 11:26:55 +00:00
Katarzyna Miernikiewicz
48144bb100 initial openjpeg commit 2020-08-12 11:24:30 +00:00
Andrei Medar
3d015be05c added some comments in main_unit_test.cc and .gitignore 2020-08-12 11:20:02 +00:00
Bohdan Tyshchenko
6f7110dd4f Added tests for sandboxed library and transaction 2020-08-12 03:45:08 -07:00
Bohdan Tyshchenko
06ae5e2427 First version of guetzli sandbox 2020-08-11 15:57:37 -07:00
Bohdan Tyshchenko
d41a3d6d16 First version of guetzli sandbox 2020-08-11 15:48:48 -07:00
Bohdan Tyshchenko
258dbcd622 Init guetzli sandbox 2020-08-11 15:44:13 -07:00
Andrei Medar
b979486ff1 added some unit tests. main_sandboxed.cc and main.cc have to be changed as well 2020-08-11 14:53:24 +00:00
Andrei Medar
f1361d5d0e added encoding basic example (not working currently) 2020-08-11 07:15:53 +00:00
Bohdan Tyshchenko
dc8cf90cb3 Init guetzli sandbox 2020-08-10 06:29:59 -07:00
Andrei Medar
100d7125aa WIP added an encoding use case where the image is generated 2020-08-10 11:05:52 +00:00
Andrei Medar
044814f4ed added gflags for main_sandboxed 2020-08-07 13:50:16 +00:00
Andrei Medar
6ef819133e changed style and added status checks for sapi calls 2020-08-07 12:25:15 +00:00
Andrei Medar
d63ada79cf basic example using sapi 2020-08-07 11:01:41 +00:00
Christian Blichmann
b76cb15f26 Rename accessors, move away from time_t API
- `GetPid()` -> `pid()`
- `GetRpcChannel()` -> `rpc_channel()`
- `IsActive()` -> `is_active()`
- Suggest `SetWallTimeLimit(time_t)` -> `SetWallTimeLimit(absl::Duration)`

In addition, remove the protected zero-argument contructor.

PiperOrigin-RevId: 325390292
Change-Id: Iba044ad5ce44e78c4064c0a09faaa4227c4d19a5
2020-08-07 00:30:28 -07:00
Christian Blichmann
11fd8ba330 Collect Bazel files into bzl_library targets
PiperOrigin-RevId: 325221214
Change-Id: Iab03b900e143b9b95bed151097abb59ac1e0f996
2020-08-06 06:53:44 -07:00
Sandboxed API Team
8633f22185 Increase limit on symbol table size and section size.
PiperOrigin-RevId: 325215228
Change-Id: I2e6ca131d92d86e7aa0d5cc37a3507dce03db25f
2020-08-06 06:04:14 -07:00
Christian Blichmann
db0dfbb21f Add directories/README for contributions
PiperOrigin-RevId: 323566271
Change-Id: I4ccddea09f5d2ecc2a2e17841693350eec9f7d3a
2020-07-29 11:32:41 +02:00
Christian Blichmann
833c9740aa Use absl::StrFormat() in Reg<T>::ToString()
PiperOrigin-RevId: 322528126
Change-Id: Ia5344e53366a8b3c11ec0dbba7cff8e4192a7605
2020-07-22 01:21:02 -07:00
Christian Blichmann
aaa3eded8f Rename SYNC_* constants to conform to style guide
PiperOrigin-RevId: 322137271
Change-Id: I03d7f2e4841f42e439359727a686d55f1b4ab081
2020-07-20 07:05:44 -07:00
Christian Blichmann
c7a27dd4b1 Modernize a few files
- Use default initialization
- Rely on `static_assert()` and use `if constexpr` when checking SAPI
  variable type
- Small style fixes

PiperOrigin-RevId: 322107281
Change-Id: I48cf43f354b60e31e6207552dbbfa16e3acd5615
2020-07-20 03:07:54 -07:00
Christian Blichmann
eb62bae167 Refactor stack trace handling
- Drop `delim` argument from the `GetStackTrace()` family of functions.
  We only ever used plain spaces.
- Use an `std::vector<std::string>` for the symbolized stack frames and
  adjust the unwind proto accordingly.

This change now prints each stack frame on its own line while skipping
duplicate ones:

```
I20200717 11:47:16.811381 3636246 monitor.cc:326] Stack trace: [
I20200717 11:47:16.811415 3636246 monitor.cc:337]   map:/lib/x86_64-linux-gnu/libc-2.30.so+0xceee7(0x7fb871602ee7)
I20200717 11:47:16.811420 3636246 monitor.cc:337]   Rot13File+0x130(0x55ed24615995)
I20200717 11:47:16.811424 3636246 monitor.cc:337]   ffi_call_unix64+0x55(0x55ed2461f2dd)
I20200717 11:47:16.811429 3636246 monitor.cc:337]   map:[stack]+0x1ec80(0x7ffee4257c80)
I20200717 11:47:16.811455 3636246 monitor.cc:339]   (last frame repeated 196 times)
I20200717 11:47:16.811460 3636246 monitor.cc:347] ]
```

PiperOrigin-RevId: 322089140
Change-Id: I05b0de2f4118fed90fe920c06bbd70ea0d1119e2
2020-07-20 00:24:40 -07:00
Wiktor Garbacz
f7d3f442df Extract ForkClient to a separate target
PiperOrigin-RevId: 321757582
Change-Id: I48b89ab4e4b1d87dd9444874de5bf5bd2526531a
2020-07-17 04:54:54 -07:00
Wiktor Garbacz
e9f7293e21 Fix ptrace_hook dependency graph
PiperOrigin-RevId: 321748143
Change-Id: Idb453054b78e932ce13c5f44f7d408cc0f9c31f2
2020-07-17 03:20:43 -07:00
Christian Blichmann
a574b66e99 Do not add third_party test targets in CMake build
This way, one can just run `ctest .` in the build directory and it will only
run Sandboxed API and Sandbox2 tests.

PiperOrigin-RevId: 321342543
Change-Id: I42537e64bfb3127dca00bd92a3f7b35ca64004d9
2020-07-15 05:31:50 -07:00
Wiktor Garbacz
405cc00683 Workaround for issue#32
PiperOrigin-RevId: 321154163
Change-Id: Ida6defa3d5586b39e69e958524cee7579085826f
2020-07-14 07:28:16 -07:00
Christian Blichmann
b7d137721a Do not keep a reference to a temporary
PiperOrigin-RevId: 321117444
Change-Id: If6951058fcd32fe638f9241bef79181d6785e9cf
2020-07-14 01:42:05 -07:00
Christian Blichmann
1f1de9e229 Fix logging/display of syscall tables
Initializing `absl::Span`s like by assigning them from a temporary
array leaves them pointing to invalid data. Due to the way the linker
initializes these constant tables, _most_ of them will still be valid
_most_ of the time, leading to crashes when running sandboxees with the
`--sandbox2_danger_danger_permit_all_and_log` option.

PiperOrigin-RevId: 321112099
Change-Id: I891118da08cbb6000b3e2e275618bc4edaa1d020
2020-07-14 00:47:54 -07:00
Christian Blichmann
5f35b4fc8c Fix mix-up in main_zlib.cc
The example compresses from stdin to stdout, not vice versa.

PiperOrigin-RevId: 320941406
Change-Id: I41c7fed1b7f6306541567c0df46a8590844db69b
2020-07-13 06:12:35 -07:00
Chris Kennelly
63a8b3ff15 Refactoring for internal change
PiperOrigin-RevId: 320612442
Change-Id: I65729ac5d83c76dac047a47f866b7ad4af3c56c1
2020-07-10 09:01:49 -07:00
Christian Blichmann
c3861819bc Update Hello SAPI's WORKSPACE for newer Bazel versions
Bazel 3.x now requires specifying `commit`, `tag` or `branch` in its
`git_repository` rule.

PiperOrigin-RevId: 320572176
Change-Id: I81048d997f595202f4dfbd3c1e9c8321240a28a3
2020-07-10 02:50:00 -07:00
Sandboxed API Team
a602177943 Fix AllowLlvmSanitizers for Msan.
PiperOrigin-RevId: 319947612
Change-Id: I6485d8282381c4cb2be05e138e007ccbb3e5d956
2020-07-07 02:40:24 -07:00
Sandboxed API Team
228f3e7ed1 Migrate usage of StatusOr::operator bool to StautsOr::ok.
PiperOrigin-RevId: 319931897
Change-Id: I31b4bb71c7eeaf6687a499248bbfbb26c78b94ff
2020-07-07 00:14:07 -07:00
Sandboxed API Team
88e9dbf8d4 Allow Asan to get sigaltstack
Include sigaltstack into AllowHandleSignals

PiperOrigin-RevId: 319293484
Change-Id: I4d60715893bd07eff047d2bced1450a3cd29bcec
2020-07-01 14:09:03 -07:00
Wiktor Garbacz
6008dc6db4 Reduce dependencies on libcap
PiperOrigin-RevId: 319228803
Change-Id: I1a9497f9e33bbe1e84749505305cd9c148b6d700
2020-07-01 08:23:46 -07:00
Wiktor Garbacz
0d375e69e1 Remove abort from ExecuteProcess
Otherwise ExecuteProcess is implicitly `[[noreturn]]` and this
might cause policy violations in `__asan_handle_no_return`
for ASAN builds.

PiperOrigin-RevId: 319203128
Change-Id: I5c8ba71ce88261f803aa3f16730eccea0d803dd1
2020-07-01 04:54:29 -07:00