Commit Graph

978 Commits

Author SHA1 Message Date
Oliver Kunz
ee11d9fdb7 Migration of remaining protobufs from proto2 to proto3
PiperOrigin-RevId: 434973223
Change-Id: I5518aa3944cab94d33ce0538bed8ee82f90d4b3a
2022-03-16 00:43:46 -07:00
Mariusz Zaborski
6d5f257711 Copybara import of the project:
--
74c7f66dee by Mariusz Zaborski <oshogbo@invisiblethingslab.com>:

Sandbox uriparser

COPYBARA_INTEGRATE_REVIEW=https://github.com/google/sandboxed-api/pull/130 from oshogbo:uriparser 74c7f66dee
PiperOrigin-RevId: 434755972
Change-Id: I90f97229122acd47354327c0ae9e58a02cb7bd20
2022-03-15 08:21:12 -07:00
Copybara-Service
6d51497cbf Merge pull request #141 from DemiMarie:fix-pffft-build
PiperOrigin-RevId: 434707632
Change-Id: I384cd7275cfe8f80931a9ca3108ee6324a7df175
2022-03-15 03:43:24 -07:00
Oliver Kunz
206547591b Migrate forkserver.proto to proto3 syntax
PiperOrigin-RevId: 434458725
Change-Id: I277f76a1a5ebd3eed15c6b3f3e7f849bf6edacea
2022-03-14 07:28:23 -07:00
Oliver Kunz
68eaa815ce Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
PiperOrigin-RevId: 434435260
Change-Id: Ie4cfe04bf1a9357e63b6159c3d5a8b95388b5292
2022-03-14 05:15:15 -07:00
Wiktor Garbacz
50c55e8ac0 Provide clearer error message when global forkserver is chrooted
PiperOrigin-RevId: 433686276
Change-Id: Ieb01f9dcafdce7bcb548807169f429cc8a181e56
2022-03-10 01:32:55 -08:00
Demi Marie Obenour
b4d0dbcdcb Fix a syntax error
Introduced by the recent macro refactoring.
2022-03-09 21:21:04 -05:00
Wiktor Garbacz
52d1ea8984 Avoid hard failures in StartSubProcess
PiperOrigin-RevId: 433453289
Change-Id: Ib8b08ddd31c4daa9a377960d52f0a7eb7b17de19
2022-03-09 05:17:15 -08:00
Oliver Kunz
c5565241c1 Rewrite IsEquivalentNode without the use of MessageDifferencer
PiperOrigin-RevId: 433422767
Change-Id: I891a8f5f027115898590a43bed5d25c51c1db944
2022-03-09 01:56:50 -08:00
Wiktor Garbacz
612ff57913 Replace deprecated SetWalltimeLimit call
PiperOrigin-RevId: 433414976
Change-Id: I0597a2d8215d4b228794da409e3533651972a98c
2022-03-09 01:01:49 -08:00
Copybara-Service
622ca18cef Merge pull request #135 from DemiMarie:fix-semicolon
PiperOrigin-RevId: 433402251
Change-Id: I0ef844a2139a6a5938f8221114dad79963b6726c
2022-03-08 23:31:50 -08:00
Wiktor Garbacz
20edaae54f Add an option to allow mount propagation
PiperOrigin-RevId: 433211924
Change-Id: I653f000d44de10b668b375fd2dfff3c668cbf673
2022-03-08 08:01:19 -08:00
Copybara-Service
26651247f4 Merge pull request #133 from oshogbo:c-blosc-drop-patch
PiperOrigin-RevId: 433208092
Change-Id: Ifb304740fa002ba008291f19c978ea3f4e81f314
2022-03-08 07:40:52 -08:00
Christian Blichmann
fa9e6e8a5c clang_generator: Correctly emit typedefs with anonymous enums/structs
This change also adds some more basic testing and test utils.

PiperOrigin-RevId: 433203779
Change-Id: I57616af3719ccbc41201dc6d4b0b60ddaf70ebab
2022-03-08 07:16:54 -08:00
Copybara-Service
26a077bb3d Merge pull request #131 from DemiMarie:fix-fedora-cmake-build
PiperOrigin-RevId: 433174006
Change-Id: Icca1816a2513f4e4553ef1e671ca16bafb4fa40c
2022-03-08 04:10:29 -08:00
Oliver Kunz
2650834d7c Add unittest for IsEquivalentNode
PiperOrigin-RevId: 433172902
Change-Id: Ie6fb44e682be947fb9f8b856c5e804aa91647a6d
2022-03-08 04:04:57 -08:00
Wiktor Garbacz
8a5740fbb1 Better handle invalid read-write mounts
PiperOrigin-RevId: 433136095
Change-Id: I17eb347c0a5cfef5e05c3717dfdd83055d967e35
2022-03-07 23:57:57 -08:00
Sandboxed API Team
32d19f9e57 Disable compress_stack_depot in sandbox
The feature is pure optimization, but it requires
additional syscalls.

PiperOrigin-RevId: 432954277
Change-Id: I1f345f8a26c86e09611fd575cb6ee080f24cc717
2022-03-07 08:43:42 -08:00
Wiktor Garbacz
d1995bdca5 Add a helper for allowing epoll
PiperOrigin-RevId: 432879710
Change-Id: I7cc991358ce25729b002210a04bacb3ae91d8a1f
2022-03-07 00:54:21 -08:00
Demi Marie Obenour
eacd8c8097 Remove trailing semicolons from macros
The semicolons should be in the code that uses the macros.
2022-03-05 11:42:04 -05:00
Sandboxed API Team
8e82b900f4 Automated rollback of commit 5f34d11e77.
PiperOrigin-RevId: 432491462
Change-Id: Id92eabbb140df85b7b48f6f107ef9f44c3c6dff5
2022-03-04 11:19:19 -08:00
Wiktor Garbacz
5f34d11e77 Add a helper for allowing epoll
PiperOrigin-RevId: 432387441
Change-Id: I52865ab4abd4ebaf9842859b5f2718b204f4c6ea
2022-03-04 01:24:55 -08:00
Mariusz Zaborski
c3a0921435 c-blosc: Enforce option to make symbols visible 2022-03-03 19:07:45 -05:00
Christian Blichmann
eec22e8aaf Partially revert 692f026: Emit related types within wrapper namespace
There are a lot of internal users depending on the old behavior of the
libclang-based generator.

PiperOrigin-RevId: 432281224
Change-Id: If82333fc3001f52de59e57a874f28bf8815d0877
2022-03-03 14:14:52 -08:00
Mariusz Zaborski
48ca0916a8 c-blosc: drop cmake patches and bump the c-blosc version
The PR (https://github.com/Blosc/c-blosc/pull/329) was merged into
c-blosc, so we can use newer version of it.
2022-03-03 16:50:52 -05:00
Wiktor Garbacz
1cf2d840dd Add PolicyBuilder::OverridableBlockSyscallWithErrno
PiperOrigin-RevId: 432201719
Change-Id: I5cac1a03a7ec95598bae87ff13d38e4bedf62beb
2022-03-03 08:37:04 -08:00
Christian Blichmann
725a5c11a8 Extend config.h to support HWSan and LSan
The constexpr functions can be used to ensure that all branches actually compile
(unlike plain preprocessor `#ifdef`s).

PiperOrigin-RevId: 432186834
Change-Id: I1a8d97dac8480fe9d4543b0e9e39540ca1efc8fa
2022-03-03 07:12:50 -08:00
Oliver Kunz
077203fcf2 Change to proto2::MessageLite and resolve reflextion for mobile builds
PiperOrigin-RevId: 432164927
Change-Id: I0821cf443393b0bb16a68fc5750a9633a3f27725
2022-03-03 04:48:30 -08:00
Demi Marie Obenour
a132d309a5 Fix the Fedora build using CMake
The build previously failed with confusing CMake errors.
2022-03-02 16:22:29 -05:00
Sandboxed API Team
e1a9513783 Move few policies from tsan to All section.
munmap is widely used by sanitizer, but it
probably works for Asan/Msan because it's enabled
by unrelated Allow* call.

Move mprotect to shared part as well. It will be
needed for compress_stack_depot.

PiperOrigin-RevId: 431989551
Change-Id: I7695a2de81d8d0b2112d3308778b2e9a9c7cb596
2022-03-02 11:38:35 -08:00
Sandboxed API Team
546365655d Introduce commandline flag to pass forkserver_bin path for Android builds.
PiperOrigin-RevId: 431942480
Change-Id: I5382b4fc8e8a66bb823dda597e1b812421364212
2022-03-02 08:12:21 -08:00
Sandboxed API Team
3f042fa54f Fix monitor for Android-ARM64
PiperOrigin-RevId: 431926820
Change-Id: Ie5adc1ec6accc7e68782c26b65fac0c32cded498
2022-03-02 06:42:42 -08:00
Christian Blichmann
692f0260b3 clang_generator: Emit types outside of namespace, skip Abseil enums
PiperOrigin-RevId: 431913470
Change-Id: Ia44f6642a37501ba1630321ba1430d1bf10cf377
2022-03-02 05:17:32 -08:00
Christian Blichmann
60fcc5b63e Limit the number of includes fed into the header generator
Use [`direct_headers`](https://bazel.build/rules/lib/CompilationContext#direct_headers)
from the Bazel/Blaze compilation context instead of _all_ transitive headers.

For the clang based generator, this means we don't try to parse
`textual_headers`, which will fail (they are by definition not
stand-alone, after all).

PiperOrigin-RevId: 431899423
Change-Id: I7a9dfa0dd93eba14b506b0e7ca6db3ed59b55dd6
2022-03-02 03:41:41 -08:00
Christian Blichmann
6de30ea27f CI: Cache dependencies
This will speed up our builds a bit and prevent unnecessary network traffic.

Setup according to the documentation for the `actions/cache@v2` action:
https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows

Currently caching the `${{github.workspace}}/_deps` directory, as used by CMake.

Cache keys look like this: `ubuntu-20.04-clang11` (`${{matrix.os}-${{matrix.compiler}}${matrix.compiler-version}}`)

PiperOrigin-RevId: 431895214
Change-Id: I4ecac7c00eec8516f85f45aa2220303b811b2389
2022-03-02 03:07:21 -08:00
Copybara-Service
2d324bd50d Merge pull request #121 from oshogbo:doc2
PiperOrigin-RevId: 431618531
Change-Id: Ieabcfa982770831acd565cd17fcf121570850ab9
2022-03-01 00:15:58 -08:00
Sandboxed API Team
9a7ba28ea7 Allow sanitizer to print reports
PiperOrigin-RevId: 430271415
Change-Id: Ieb23663aa6ff5997ce0a6b1e81dcb2385ac4b509
2022-02-22 12:33:55 -08:00
Copybara-Service
4024694eb6 Merge pull request #112 from oshogbo:zstd_opt
PiperOrigin-RevId: 430179725
Change-Id: Ic3c93a51a199eaf087cea2e58c819eb07bf52a1a
2022-02-22 04:21:24 -08:00
Copybara-Service
a805034070 Merge pull request #125 from oshogbo:cmake_c_blosc
PiperOrigin-RevId: 430174230
Change-Id: I6e4f53f3cae4e2e3487419903f7f8c6f98ac828e
2022-02-22 03:44:16 -08:00
Copybara-Service
176a19989b Merge pull request #114 from oshogbo:cmake_quote
PiperOrigin-RevId: 430174200
Change-Id: I95831e97b75c0f3df552e13ae00665b5c9c91333
2022-02-22 03:43:27 -08:00
Christian Blichmann
99f1ce93ba
Merge branch 'main' into cmake_quote 2022-02-22 11:57:33 +01:00
Wiktor Garbacz
a2daa0a275 Fix BlockSyscallsWithErrno
PiperOrigin-RevId: 429982218
Change-Id: I42b187e678542b295542ca44882945c7695178e1
2022-02-21 00:46:50 -08:00
Sandboxed API Team
e9c041f0c2 [Cleanup] Fix apache license url
PiperOrigin-RevId: 429974822
Change-Id: Id07aa9baf374458b9ff789fc93eff2b51d77917c
2022-02-20 23:50:29 -08:00
Mariusz Zaborski
3680d50565 contrib: Sort the order of projects 2022-02-18 08:00:21 -05:00
Mariusz Zaborski
b9ec42d220 c-blosc: to default build 2022-02-18 07:57:03 -05:00
Copybara-Service
2fb08b99da Merge pull request #113 from oshogbo:c-blosc
PiperOrigin-RevId: 429535319
Change-Id: Ide9e81a76d28e1f2e4eefbd499ef8bcd22e1a1b0
2022-02-18 04:47:09 -08:00
Christian Blichmann
10c04ed42f CMake: Reorder PIE checks, fix bracket limit for Clang
The default limit for recent versions of Clang is 256 which is less than the
number of syscalls in our syscall tables (around 340). This change increases
this limit to an arbitrary 768.

PiperOrigin-RevId: 429258387
Change-Id: I4927eee78edc8aaa2a758b29811d02326e5aa953
2022-02-17 02:31:24 -08:00
Christian Blichmann
befdb09597 Link more complex test cases dynamically
Linking glibc in fully static mode is mostly unsupported. While such binaries
can easily be produced, conflicting symbols will often make them crash at
runtime. This happens because glibc will always (try to) load some dynamically
linked libraries, even when statically linked. This includes things like the
resolver, unicode/locale handling and others.

Internally at Google, this is not a concern due to the way glibc is being built
there. But in order to make all of our tests run in the open-source version of
this code, we need to change strategy a bit.

As a rule of thumb, glibc can safely be linked statically if a program is
resonably simple and does not use any networking of locale dependent
facilities. Calling syscalls directly instead of the corresponding libc
wrappers works as well, of course.

This change adjusts linker flags and sandbox policies to be more compatible
with regular Linux distributions.

Tested:
- `ctest -R '[A-Z].*'` (all SAPI/Sandbox2 tests)
PiperOrigin-RevId: 429025901
Change-Id: I46b677d9eb61080a8fe868002a34a77de287bf2d
2022-02-16 05:59:13 -08:00
Wiktor Garbacz
d2dfcf0800 Per-C++ specs main shouldn't be declared with C language linkage
PiperOrigin-RevId: 429025497
Change-Id: I7f732f4e42b64463847e192c6ca5cff820ab19ba
2022-02-16 05:56:25 -08:00
Copybara-Service
1dedbb9650 Merge pull request #110 from oshogbo:zopfli_fd
PiperOrigin-RevId: 429016804
Change-Id: Ib1d9b616325c2b6443149bed25859247f2fb68e7
2022-02-16 04:56:18 -08:00