StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
992 Commits 1 Branch 3 Tags 144 MiB
e8fe398340
Commit Graph

568 Commits

Author SHA1 Message Date
Sandboxed API Team
9ee3a26e8b Delete deprecated ::sandbox2::Sandbox2::GetPid and its remaining call sites. 
PiperOrigin-RevId: 425910086
Change-Id: I2938ce589e83b5441c084994edde6a22c2007642
 2022-02-02 09:57:11 -08:00
Christian Blichmann
d451478e26 Change license link to HTTPS URL 
PiperOrigin-RevId: 424811734
Change-Id: If5ea692edc56ddc9c99fd478673df41c0246e9cc
 2022-01-28 01:39:09 -08:00
Christian Blichmann
8e5771b007 Fix Fedora build, update to latest Abseil 
This partially reverts the zlib change in 41e0ca0. Turns out the
`CMakeLists.txt` that ships with zlib leaves much to be desired.

PiperOrigin-RevId: 424800727
Change-Id: I356e3bb8d18461a52f845baa4913adff6549ef00
 2022-01-28 00:19:04 -08:00
Rebecca Chen
34551d2cec Add whitespace around keywords to satisfy the LibCST parser. 
PiperOrigin-RevId: 424307703
Change-Id: I12949320efe57667624126d64cf99ec0d50edfa5
 2022-01-26 03:47:51 -08:00
Copybara-Service
cc6a1114d5 Merge pull request #84 from Vincenzo-Petrolo:main 
PiperOrigin-RevId: 424301145
Change-Id: I0336c5ffc2eeefe0ccecb7595b0881df23390bf6
 2022-01-26 03:00:06 -08:00
Wiktor Garbacz
67a03326cd Simplify sapi::file::CleanPath 
PiperOrigin-RevId: 423792568
Change-Id: Ib213e619d3c3c26fa3e34b506781821f9a9b5292
 2022-01-24 05:49:40 -08:00
Wiktor Garbacz
e4436c87e8 Replace deprecate sapi:✌️:Proto ctor calls 
PiperOrigin-RevId: 423760615
Change-Id: Id05341221fb6413d8f89d38470a9bc02f9d09b77
 2022-01-24 02:10:05 -08:00
Wiktor Garbacz
3c16be8347 Replace deprecated readdir64_r 
Plain `readdir` is preferred and while not (yet) specified in POSIX it is thread-safe for different directory streams in popular implementations.

PiperOrigin-RevId: 423321528
Change-Id: I4e1e842f338ff7d690c36e7f699b2f3637609524
 2022-01-21 07:48:44 -08:00
Christian Blichmann
6fd650b736 Fix description for OsErrorMessage() 
PiperOrigin-RevId: 423075550
Change-Id: I14a36e3cb0cf7647d5845a0a834948f0c51f1d58
 2022-01-20 08:36:11 -08:00
Wiktor Garbacz
ae9432bc03 Internal change 
PiperOrigin-RevId: 423070471
Change-Id: I876ef8f1d2464383ac319e196c1ba64c46ea4201
 2022-01-20 08:09:53 -08:00
Wiktor Garbacz
5c9f01fe3c Move using declarations into unnamed namespace 
Also fully qualify

PiperOrigin-RevId: 423066722
Change-Id: Id4dffa21a790ce884db750b1965203f9b056b39f
 2022-01-20 07:51:29 -08:00
Wiktor Garbacz
4041fe824b Use the using declarations from ::testing 
PiperOrigin-RevId: 423042437
Change-Id: I9ddfacd597c65d3dc6e490201cce4b00678f18cf
 2022-01-20 05:16:01 -08:00
Wiktor Garbacz
4a945a1748 Replace deprecated calls 
PiperOrigin-RevId: 423037776
Change-Id: Id568d54854dde3778686b778648555e0b48204bc
 2022-01-20 04:40:23 -08:00
Wiktor Garbacz
38a1cb707f Switch unnecessary templated functions to regular 
PiperOrigin-RevId: 422764920
Change-Id: I44f487b2e114eb9e5ca68d29a7b21fa72917d6f1
 2022-01-19 02:37:53 -08:00
Wiktor Garbacz
a339850dbf Fix ::sapi:✌️:Char::ToString() 
Also make it correct with scoped enums.

PiperOrigin-RevId: 422310326
Change-Id: Ie2db81ec7c8d8ecd8d5fb79573bc9f5040fd8c3b
 2022-01-17 02:04:50 -08:00
Christian Blichmann
9229b3fa82 Fix -Wc++11-narrowing error with Clang introduced in 2546d9e 
PiperOrigin-RevId: 421784429
Change-Id: Ia5d09a980db39bc8d88373dc769cb5889417502d
 2022-01-14 03:40:01 -08:00
Sandboxed API Team
2546d9e85b Ability to inspect a syscall's return value. 
PiperOrigin-RevId: 421552017
Change-Id: I7103720723b5e5828f80731a724c5672895dfa54
 2022-01-13 06:49:19 -08:00
Sandboxed API Team
ebe4475348 Fix typo in log line that displayed decimals with 0x prefix 
PiperOrigin-RevId: 421547286
Change-Id: Ie088bb7871629db919f34f365eb9b6ab7fe65917
 2022-01-13 06:20:47 -08:00
Wiktor Garbacz
99b56fee19 Remove redundant glog dependency for sandbox2::sanitizer 
PiperOrigin-RevId: 421500119
Change-Id: I720a3efef52868099d388685abee45be887ba430
 2022-01-13 01:15:50 -08:00
Sandboxed API Team
85c8ae5125 Automated rollback of commit fac8713fbe. 
PiperOrigin-RevId: 421356226
Change-Id: I4a179aeed226e005449c980e11b049759dad3878
 2022-01-12 11:47:06 -08:00
Sandboxed API Team
fac8713fbe Ability to inspect a syscall's return value. 
PiperOrigin-RevId: 421300791
Change-Id: I93b7e97a532f82c2b077766e22fb2fe9effe6ba2
 2022-01-12 08:09:09 -08:00
Wiktor Garbacz
b0bc17e456 Fix Regs::SkipSyscallReturnValue for Aarch64 
Add a test.

PiperOrigin-RevId: 420271649
Change-Id: Ifc857ec5351a0fc70547c98f57c22cf792d5d9f9
 2022-01-07 05:26:26 -08:00
Christian Blichmann
d54338db3e Upgrade to libunwind 1.6.2 
PiperOrigin-RevId: 420066991
Change-Id: I71295329bc3648827f085c771a1164d1aaf02cab
 2022-01-06 08:26:05 -08:00
Christian Blichmann
21847a1ef1 Emulate PTRACE_GETREGSET in ptrace wrapper 
Newer versions of libunwind use `PTRACE_GETREGSET` to obtain register data.
This change should make it easier to upgrade the libunwind dependency.

PiperOrigin-RevId: 420057842
Change-Id: Ib9abbeff574e457009709715f912ba5962033c5d
 2022-01-06 07:33:13 -08:00
Sandboxed API Team
8d7a442b94 Update test to use sapi:✌️:Proto<>::FromMessage factory method 
The bare constructor is deprecated.

PiperOrigin-RevId: 419583946
Change-Id: I7647b74e7f4be65e0bbeba1c1393601ffa87fd80
 2022-01-04 07:01:28 -08:00
Christian Blichmann
3745d58587
filewrapper: _Exit instead of CHECK failing 
Raw `SAPI_RAW_PCHECK` may dump core, depending on environment settings
(issue #89).
This is undesirable in the face of invalid command-line arguments.

Signed-off-by: Christian Blichmann <cblichmann@google.com>
 2022-01-03 15:00:35 +01:00
Christian Blichmann
aa3f60148c Do not run static test on AArch64 user mode emulation 
PiperOrigin-RevId: 417556328
Change-Id: Ib04b3c6bbe8e5fcece11652c7a751a319899b73c
 2021-12-21 00:17:22 -08:00
Wiktor Garbacz
3f5184770d Introduce util::CharPtrArray with proper ownership semantics 
Replace existing calls to VecStringToCharPtrArr

PiperOrigin-RevId: 417383812
Change-Id: Ibf9d878df5ada2cb3a0872f7ca7cab96c304a5c1
 2021-12-20 05:08:12 -08:00
Sandboxed API Team
a44e57e243 Update references to the new documentation 
PiperOrigin-RevId: 416317448
Change-Id: Ic148364e012405cc34840c12428cbd912ed377ae
 2021-12-14 09:03:29 -08:00
Christian Blichmann
11619a08f4 Remove SyscallInitializer 
PiperOrigin-RevId: 416231431
Change-Id: I83575ee3a51c348912f3d13db600d104ee927265
 2021-12-14 00:45:27 -08:00
Christian Blichmann
01ffc2a1c2 #Cleanup PolicyBuilder API using absl::Span 
PiperOrigin-RevId: 415979969
Change-Id: I23e00a48ce9ba14c480f8d137c6ae3981a238e13
 2021-12-13 01:31:59 -08:00
Christian Blichmann
354cbe89f9 Add more convenience functions to PolicyBuilder 
- Allow to specify multiple syscalls with `BlockSyscallsWithErrno()`
- Add functions to allow `unlink()` and `rename()` in all their spellings

PiperOrigin-RevId: 414987303
Change-Id: Ic0e680b785e8e3a3498f20e6a7403737e63fe876
 2021-12-08 06:41:21 -08:00
Sandboxed API Team
46c09e0024 Implement WaitForTsan on other sanitizers 
__sanitizer_sandbox_on_notify is not tsan specific.
It's empty for other sanitizers now, but we are going to need it soon.

PiperOrigin-RevId: 414873197
Change-Id: I251ac38e5c886980b4baa7f05306643599a25090
 2021-12-07 17:59:05 -08:00
Wiktor Garbacz
8979b47d7f Remove arg filter on rt_sigprocmask in AllowStaticStartup 
PiperOrigin-RevId: 414692179
Change-Id: If2a5f741ad38f626287988911b85bef7a711f80a
 2021-12-07 05:04:01 -08:00
Sandboxed API Team
8e8ce0955f Fix unwind module for Android-ARM64 
PiperOrigin-RevId: 414673588
Change-Id: Ib40e4f6b53692440591a1a1e9e069f974832f733
 2021-12-07 03:33:56 -08:00
Wiktor Garbacz
8562306c97 Add CloseAllFDsExcept test. 
Move VecStringToCharPtrArr before fork, so that it cannot deadlock when other thread holds allocation lock.

PiperOrigin-RevId: 414661912
Change-Id: Ie8aa5c36693e6f86c69d67a1da51b7e7ff1ec30b
 2021-12-07 02:23:23 -08:00
Wiktor Garbacz
4061666f44 Fix dependencies for sanitizer target 
PiperOrigin-RevId: 414659990
Change-Id: I25215d0f03cf998fee068ae7db91b7e438fcc4f5
 2021-12-07 02:13:15 -08:00
Sandboxed API Team
84c29dd3bb Relax the policy to allow stat (and possibly stat64). 
PiperOrigin-RevId: 414480521
Change-Id: If0ffca2141589ea3cf0dec4b0524c50ca37489b4
 2021-12-06 10:23:31 -08:00
Christian Blichmann
60eb52c17f Explicitly narrow size argument for BPF 
This fixes a build error introduced in 26da6e6b0a.

PiperOrigin-RevId: 414408033
Change-Id: Ic34d5eeba3bb34f9a5ce46a05547129fbab8bce0
 2021-12-06 04:51:28 -08:00
Wiktor Garbacz
4e6cafa934 Readd function comment removed by mistake 
PiperOrigin-RevId: 414406963
Change-Id: Id8155b67ce063a9171b70e24b58d407415b30e78
 2021-12-06 04:43:32 -08:00
Wiktor Garbacz
245a8c7650 Remove deprecated AddTmpfs 
PiperOrigin-RevId: 414387983
Change-Id: I872c2f3bc1ccaf7a20d7ab97a5cb104d4f096a3f
 2021-12-06 02:36:02 -08:00
Wiktor Garbacz
2a67805a13 Add prlimit64 to AllowLogForwarding 
PiperOrigin-RevId: 414385430
Change-Id: I4e70d25f886f1ef65fab1b62c67e80eb45407bc7
 2021-12-06 02:19:03 -08:00
Chris Kennelly
e61a84979a Internal change 
PiperOrigin-RevId: 413954176
Change-Id: Ie07c1c8d96019e1605ea3b9ed58030754954ee97
 2021-12-03 09:34:32 -08:00
Wiktor Garbacz
e4ef46631d Replace raw_logging with regular logging in Monitor 
PiperOrigin-RevId: 413928700
Change-Id: I0bc4dd86b45c0ddd679a435003fbad2aea27fbf2
 2021-12-03 07:17:36 -08:00
Wiktor Garbacz
2fa92bf47c Internal change 
PiperOrigin-RevId: 413911008
Change-Id: I59cdac60c092f31fb487f032b3489341c0ba626a
 2021-12-03 05:21:01 -08:00
Wiktor Garbacz
c3308b56fc Replace deprecated AddTmpfs call 
PiperOrigin-RevId: 413907279
Change-Id: I3a32be4b19acab8b2b2092961df3dd9f3699261b
 2021-12-03 04:56:40 -08:00
Christian Blichmann
4a6e005155 Make PtrXXX() family of functions public 
PiperOrigin-RevId: 413616359
Change-Id: I553c17f0668708b00fdb12a21109ed45aeba6c66
 2021-12-02 01:41:59 -08:00
Sandboxed API Team
a096056263 Automated rollback of commit b72078f692. 
PiperOrigin-RevId: 413442229
Change-Id: I48d03ce200160da1c86faec29b2ca51fb1ead834
 2021-12-01 09:54:44 -08:00
Sandboxed API Team
b72078f692 Automated rollback of commit 6a6c931317. 
PiperOrigin-RevId: 413362657
Change-Id: Ie75672101b2aba4183f9aa3e39679a99f309e155
 2021-12-01 02:56:59 -08:00
Wiktor Garbacz
f5fbe8cce5 Internal change 
PiperOrigin-RevId: 413351344
Change-Id: I93962c43649fab1f73b3960044563e54449af271
 2021-12-01 01:48:41 -08:00
Christian Blichmann
6a6c931317 Move away from multiple inheritance 
This change is a first step to make the SAPI variable hierarchy more sensible.
It turns the `Reg<T>` class into a descendant of `Pointable`, but without
making its `PtrXXX()` methods public (hence the `using` statements). Further
changes are needed to restructure this.

There are no functional changes and the class sizes, including vtables, should
not change.

PiperOrigin-RevId: 413333120
Change-Id: I90ceeaeb7aea482016f8f4bee81489d5a9db9ade
 2021-11-30 23:46:59 -08:00
Christian Blichmann
85a463372f Sandbox2: Mark tests that won't run under QEMU user emulation 
PiperOrigin-RevId: 412861975
Change-Id: I0f168bc71b5738ed55b836f148ded94bf397d27d
 2021-11-29 05:20:48 -08:00
Christian Blichmann
c2b7cffe78 Minielf: Use a template to load integers 
Different versions of the `elf.h` header define their own integer types. For
example, even on LP64 systems, a 64-bit ELF integer types may decay into
`unsigned long long` instead of `unsigned long`.

This change replaces the various overloads with a single function template
that is well-defined for all integral types.

PiperOrigin-RevId: 410746713
Change-Id: I4b560f7541802372f01ae3d6f4a56554e51d70c8
 2021-11-18 02:16:26 -08:00
Sandboxed API Team
dcfd85d74e Extend existing CPU architecture spellings in config header and define platform spellings. 
PiperOrigin-RevId: 410474889
Change-Id: I41f870ad49e2203a6bdf833102c0d0a9cafa7af4
 2021-11-17 02:41:07 -08:00
Wiktor Garbacz
e86322db84 Fix a race between NotifyMonitor/AwaitResult 
PiperOrigin-RevId: 410463096
Change-Id: I370705131ac78f26736646596189d8cad2bb70c2
 2021-11-17 01:40:42 -08:00
Sandboxed API Team
04503f9bbe Replace <bits/local_lim.h> with <climits> 
PiperOrigin-RevId: 409932987
Change-Id: I388aca627d6d0f3c9d5721e66574fb8af85cc8f4
 2021-11-15 03:16:28 -08:00
Sandboxed API Team
9541b657ad Use alias s6_addr instead of direct field access. 
PiperOrigin-RevId: 409908616
Change-Id: I18f87b41eae3f96fd60b8cd14073bd8df66fae98
 2021-11-15 01:01:20 -08:00
Sandboxed API Team
2727714012 Expose unwind symbol helpers. 
PiperOrigin-RevId: 409391470
Change-Id: Iad14caabbada1278216e5e28ba55bae8dc8b9b2b
 2021-11-12 05:59:51 -08:00
Wiktor Garbacz
26da6e6b0a Safer and more efficient custom syscall policies 
Generate syscall jump table without using bpf_helper.
Check that any jump in the user provided policy is within the provided policy.

PiperOrigin-RevId: 409362089
Change-Id: I31493e52cf868e4b184ff79fcb26beeb75f49773
 2021-11-12 02:44:41 -08:00
Wiktor Garbacz
c95837a6c1 Check and limit seccomp policy length. 
PiperOrigin-RevId: 409129756
Change-Id: Ib9937495966f545fb980eba04393db640af2325f
 2021-11-11 06:10:40 -08:00
Sandboxed API Team
00747d5241 Allow getpid call for log forwarding. 
PiperOrigin-RevId: 407865992
Change-Id: Ia14dc5cc1628337292586955f1c17a8d8f2995de
 2021-11-05 11:16:45 -07:00
Tony Li
cfb9e031dd
fix typo, master branch -> main 2021-10-17 22:52:57 -07:00
Christian Blichmann
d85f40b8b0 Modernize namespace_test a little 
PiperOrigin-RevId: 402795383
Change-Id: Ia576259078f40a3ca6b96094bd15c3ea7b0b79d9
 2021-10-13 04:17:46 -07:00
Christian Blichmann
1260b5f38b Move example sandboxes out of lib directories 
This is mainly so that the structure of the examples follows what we do
internally (not having separate directories).

PiperOrigin-RevId: 402298115
Change-Id: I0f542607b88597572de39532364816f80a076697
 2021-10-11 07:59:25 -07:00
Christian Blichmann
2c42654333 Improve examples 
- CRC4: More readable policy, added explanatory comment
- Use `AllowLlvmSaniters()` in policies

PiperOrigin-RevId: 402296504
Change-Id: I6853199abedf2441eaffff9186d4d354c142e485
 2021-10-11 07:50:27 -07:00
Christian Blichmann
d05dc7ba02 Reduce visibility of internal member function 
This is the first change in a series that will eventually remove Sandboxed
API's use of multiple inheritance.

Drive-by:
- Rename short member names to full words
- Some reformatting
PiperOrigin-RevId: 402270954
Change-Id: I8af46b887921265a371b85603fd158ef3a8fab50
 2021-10-11 05:38:01 -07:00
Christian Blichmann
df1c31188d Fix sums test under MSAN by allowing Scudo to add MAP_NORESERVE in mmap() 
Note: This change allows `MAP_NORESERVE` generally, not just for MSAN. This follows
what we do for `AllowTcMalloc()/AllowSystemMalloc()`
PiperOrigin-RevId: 402231980
Change-Id: Ifa1c6b9f61f636dd6db231dde3765c3b4a40911b
 2021-10-11 01:22:17 -07:00
Christian Blichmann
221e929018 Include shell-based tests in OSS builds 
These were previously dependent on an internal-only testing target.

For now, this only works with Bazel, but should enable us to have better test coverage in GitHub actions.
Eventually, all of these shell-based tests should be converted to `cc_test`s.

PiperOrigin-RevId: 400713615
Change-Id: I1cabb5b72977987ef4a1803480f699b58c4d56e9
 2021-10-04 07:18:36 -07:00
Christian Blichmann
98e590463b Internal change 
PiperOrigin-RevId: 400144449
Change-Id: Ic0cbd6a3b27012cfb406694bdf2944a5b9905580
 2021-10-04 07:18:06 -07:00
Sandboxed API Team
4050f34efc Internal Change 
PiperOrigin-RevId: 399850339
Change-Id: I1cbb4d7510bff3ab4a4559cb3252dcf79d2a06b8
 2021-09-29 22:12:26 -07:00
Christian Blichmann
90d1867026 Remove deprecated sapi::StatusOr<> forward declaration 
PiperOrigin-RevId: 399663835
Change-Id: I92255a68e50a3b9130d3e222a2e353ee2e599c18
 2021-09-29 05:39:10 -07:00
Christian Blichmann
f6d9e7fd7c Fix warning about multi-line comment 
PiperOrigin-RevId: 399648071
Change-Id: I793a640310d772804726527761ad911772ff19c6
 2021-09-29 03:44:32 -07:00
Wiktor Garbacz
d9d2f0e5de Use regular logging in fork client 
PiperOrigin-RevId: 399623764
Change-Id: I5eaf0ff7f24e7b61c84ff9dacf8cd53889cc83d0
 2021-09-29 00:46:12 -07:00
Sandboxed API Team
fb81c00fd1 Replace auto with explicit type declarations 
PiperOrigin-RevId: 399419917
Change-Id: I4b7acd8ab6e2542e2971b29bed0745378b2b6743
 2021-09-28 05:50:57 -07:00
Sandboxed API Team
448f393c29 Enable mmap for msan (it's already enabled for asan and tsan) 
PiperOrigin-RevId: 399163710
Change-Id: I2cebb6136adb00a53e4baf18d343cf80191efcb0
 2021-09-27 05:08:45 -07:00
Wiktor Garbacz
c29c510e30 Log when global forkserver is started and its exit status 
PiperOrigin-RevId: 398232735
Change-Id: Ia0628cf2dee51a94938dae82bcb392384feeb74c
 2021-09-22 07:16:43 -07:00
Wiktor Garbacz
b470a6ece5 Make the fd cleanup test less brittle 
PiperOrigin-RevId: 398229418
Change-Id: If8af43f33b07839ea8d46b85ff77efa8557a31a8
 2021-09-22 06:57:55 -07:00
Catalin Patulea
b5fb483b11 Fix formatting of pgoff. 
PiperOrigin-RevId: 397763298
Change-Id: I027ef4cd381247521ee2bcce57a17c9d480efb22
 2021-09-20 09:02:14 -07:00
Christian Blichmann
c400f92eaa (Mostly) internal change. Add pid() accessor. 
PiperOrigin-RevId: 397070773
Change-Id: I9ebac9078f3866ef3e0061ec79da5c9f71e5f480
 2021-09-16 06:57:44 -07:00
Kevin Hamacher
aea8bb2ed0 Automated rollback of commit 2036f5b2f0. 
PiperOrigin-RevId: 395893427
Change-Id: Iabd32de9cd83de5cc8567834e1f91e48c521ac60
 2021-09-10 03:34:44 -07:00
Sandboxed API Team
2036f5b2f0 Automated rollback of commit 4b018757c3. 
PiperOrigin-RevId: 395067992
Change-Id: I5db335ed881aa81748a0fc8082091b160fe83e86
 2021-09-06 04:07:11 -07:00
Kevin Hamacher
4b018757c3 Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API 
PiperOrigin-RevId: 395061068
Change-Id: I31548eb6fc9f27f55acf25bd6d3d0b941a529e63
 2021-09-06 03:15:39 -07:00
Kevin Hamacher
eb2c5a66f4 Rework GetListOfFDs API 
PiperOrigin-RevId: 395043959
Change-Id: I77ce13f0c786d3644971ed239f3106319667e979
 2021-09-06 01:01:19 -07:00
Christian Blichmann
289adcff06 Internal change. 
For OSS, this change should be mostly a no-op. Visible edits are due to
changed order of code and/or includes.

PiperOrigin-RevId: 394177395
Change-Id: I1d32f9fd175579e8f05c051b1307953b249d139d
 2021-09-01 01:28:19 -07:00
Catalin Patulea
9ab330dc7a 'Map' symbols: add pgoff to disambiguate multiple mappings on same object. 
PiperOrigin-RevId: 391520785
Change-Id: Icb05e60f778acfb9fe6f519911ce54bec65fc4ff
 2021-08-18 07:14:31 -07:00
Wiktor Garbacz
59f5fa8042 Allow collecting stacktraces on normal process exit 
This mainly a debugging facility.
It makes diagnosing problems where sandboxed process just randomly exits whereas unsandboxed one runs to completion due to differences in the setup/environment much easier.

PiperOrigin-RevId: 391005548
Change-Id: Ia19fe6632748da93c1f4291bb55e895f50a4e2b0
 2021-08-16 03:13:15 -07:00
Sandboxed API Team
7b31deaed8 Delete deprecated sapi::Sandbox::IsActive and its remaining call sites. 
PiperOrigin-RevId: 390412024
Change-Id: Iab3853b3c40dd4e9b0ff31532e8c41c2583ebc4e
 2021-08-12 11:00:51 -07:00
Sandboxed API Team
dae91ff082 Fix Symbolize* tests. 
PiperOrigin-RevId: 390372065
Change-Id: I1ddc9dd9238795eb0674e04c20a5c91a68582027
 2021-08-12 08:03:52 -07:00
Sandboxed API Team
d631154ce5 Delete deprecated sapi::Sandbox::GetRpcChannel and its remaining call sites. 
PiperOrigin-RevId: 389968873
Change-Id: Ia72e0064fa57679180f9c406f96266473f8461c2
 2021-08-10 13:50:15 -07:00
Wiktor Garbacz
773dc6b18b Do not fail-hard in global forkserver startup 
PiperOrigin-RevId: 389816114
Change-Id: Icd672028ff224cf01095d6590fe1cc2adb312316
 2021-08-10 00:33:29 -07:00
Sandboxed API Team
165c155a08 Delete deprecated sapi::Sandbox::GetComms and its remaining call sites. 
PiperOrigin-RevId: 389716023
Change-Id: I092bc37f3f3bb40554b627f9dd528525b60d67a1
 2021-08-09 13:49:45 -07:00
Sandboxed API Team
3f0875798d Delete deprecated sapi::Sandbox::GetPid and its remaining call sites. 
PiperOrigin-RevId: 389713115
Change-Id: I1832e759016a581e10bf5bd8b5b70244b40ecd69
 2021-08-09 13:36:15 -07:00
Wiktor Garbacz
0621e06a9c Allow recovering from global forkserver failure 
PiperOrigin-RevId: 389164847
Change-Id: I40bc3b6d3bea28ee8954ea2a11a0427a6c05da35
 2021-08-06 06:54:05 -07:00
Wiktor Garbacz
fe709502f4 Wait for global forkserver when shutting it down 
Otherwise starting forkserver multiple times will result in zombie processes lingering around.

PiperOrigin-RevId: 388926497
Change-Id: Ia9947cce3d9e909edd709b0d3525e1ae8b8bbc51
 2021-08-05 07:07:35 -07:00
Wiktor Garbacz
e88755256d Use FDCloser in Executor extensively 
Also really own `exec_fd_` as previously if the executor is destructed without calling `StartSubProcess` the file descriptor would leak.

PiperOrigin-RevId: 388901766
Change-Id: I6bbb15ced37a0a832ec5a5228452a3d54ef46ee9
 2021-08-05 04:16:11 -07:00
Wiktor Garbacz
80ad7bb2b0 Replace a CHECK with a warning 
PiperOrigin-RevId: 388893117
Change-Id: I0b0ccf2045aea09d31ae1605b205aab456bd8550
 2021-08-05 03:03:24 -07:00
Christian Blichmann
8b1dfd7343 Fix factory method sapi:✌️:Proto<>::FromMessage 
This was missing a friend declaration in order to actually compile.
It's now being used in the "stringop" example, so we test it as well.

Drive-by:
- Do not copy the proto's bytes the constructor, but use `std::move`
PiperOrigin-RevId: 387774353
Change-Id: Ic8824af911ac744e2e68130e1f4673c4dddd4939
 2021-07-30 03:55:17 -07:00
Christian Blichmann
fd20eb0b4d Reorder error logging before Terminate() 
Calling `Terminate()` issues additional syscalls that may clobber the `errno`
value. Reordering the log statements ensures we actually log the initial error
in `read()`/`write()`.

PiperOrigin-RevId: 387576942
Change-Id: I0f9c8c6001e6dc4ca098abe02cd251029f92a737
 2021-07-29 07:12:02 -07:00
Christian Blichmann
f14aeee0ad Internal change. 
PiperOrigin-RevId: 387565158
Change-Id: I7b5293b614fae74abae1f9a347b0ef414028b8ea
 2021-07-29 05:52:19 -07:00
Christian Blichmann
85c58dc2d7 Reduce logspam: Log Tomoyo LSM check only with VLOG 
PiperOrigin-RevId: 387114844
Change-Id: Ib670799e3327fcc991ad012ccee20b96089c2f48
 2021-07-27 08:32:10 -07:00