StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
1,250 Commits 1 Branch 3 Tags 144 MiB
f0e85cea13
Commit Graph

134 Commits

Author SHA1 Message Date
Sandboxed API Team
39026f7678 Internal Code Change 
PiperOrigin-RevId: 548043988
Change-Id: Iba4a828eeb53205f28dae85fc179cee21b104632
 2023-07-14 00:30:56 -07:00
Christian Blichmann
72452e1582 Mostly internal change: Optimize OSS transforms 
This should only affect the Bazel `BUILD.bazel` files and their formatting.

PiperOrigin-RevId: 538426054
Change-Id: I0162726d3fb4bcb4d7938cddc6f39e0d9f2b4a3d
 2023-06-07 02:23:18 -07:00
Kevin Hamacher
fb1571c801 Automated rollback of commit f6fd27618b. 
PiperOrigin-RevId: 529395980
Change-Id: I6a5d451ed84f8d4a522777815c6cc2d7d7a8923c
 2023-05-04 06:53:48 -07:00
Oliver Kunz
9ab20c5411 Implements the ability to control who is allowed to enable unrestricted networking. 
PiperOrigin-RevId: 529309275
Change-Id: Icd88a4469b0c36af96638d44f9e909085c7120d5
 2023-05-03 23:29:34 -07:00
Sandboxed API Team
f6fd27618b Automated rollback of commit 8c53262539. 
PiperOrigin-RevId: 529101664
Change-Id: Ica452c6ee8f54b78be09fa830a09d6a89800cf44
 2023-05-03 08:45:11 -07:00
Kevin Hamacher
8c53262539 Allow forkserver to use waitpid as alternative to sa_nochldwait 
PiperOrigin-RevId: 529074278
Change-Id: If63015586673610e111ee589995e5264523be7a7
 2023-05-03 06:41:07 -07:00
Wiktor Garbacz
0caa3e740c Do not expose forkserver.h 
PiperOrigin-RevId: 520562657
Change-Id: I89fbe3012a5e63a50c46fd4f1e4ade8d36616c0b
 2023-03-30 00:49:44 -07:00
Wiktor Garbacz
5efae5cdf5 Do not exit from within ForkServer to get more precise coverage data 
PiperOrigin-RevId: 520273079
Change-Id: I3f37d9eacc2c284c45f37842e1e63364cf64faf2
 2023-03-29 02:22:16 -07:00
Wiktor Garbacz
a4d602298b Dump coverage prior to execveat 
PiperOrigin-RevId: 520002416
Change-Id: Ic792b0b71b8e7b2f00b669db9b6831acd8341c5c
 2023-03-28 05:50:43 -07:00
Wiktor Garbacz
b50bc23138 Remove no longer needed friend declaration 
Drive-by dependencies cleanup

PiperOrigin-RevId: 518551045
Change-Id: I132dfc42945f500e8efec58a4d58d3bee4d1f191
 2023-03-22 06:27:21 -07:00
Wiktor Garbacz
99931c2ad6 Move abort into ExecuteProcess and mark it noreturn 
PiperOrigin-RevId: 518528953
Change-Id: Ieaa03af484188bb35f9734d69d987eabbdcc23ab
 2023-03-22 04:07:10 -07:00
Sandboxed API Team
b62d103426 Internal change 
PiperOrigin-RevId: 518204712
Change-Id: Idcb8cc7b20198dcc0f3692aa0c89e9c620b9d65d
 2023-03-21 01:49:22 -07:00
Wiktor Garbacz
cb63dfead5 Add tests for util.cc 
PiperOrigin-RevId: 516439597
Change-Id: I2ac88b6188738e47f0e0bdb04382a50aa5aa9366
 2023-03-14 00:04:14 -07:00
Wiktor Garbacz
0d3d5d4bcb Seccomp_unotify based monitor 
Unotify based monitor should bring big performance wins
if the sandboxee heavily uses threading or signals.
Some of the features are not supported in that mode:
- execveat is always allowed instead of just the initial one
- stack traces are not collected on normal exit or if the process is terminated by signal

PiperOrigin-RevId: 515040101
Change-Id: Ia5574d34b4ff7e91e3601edb8c9cb913e011fbf6
 2023-03-08 08:09:34 -08:00
Wiktor Garbacz
e3b2d232b4 Add test for bpf disassembler 
Also always handle the new return values.

PiperOrigin-RevId: 514698931
Change-Id: Ib4ce06e4f17c438271a0452053d3b0bc368e9970
 2023-03-07 05:04:09 -08:00
Wiktor Garbacz
526401166e Migrate namespaces related tests out of policybuilder_test 
PiperOrigin-RevId: 514325688
Change-Id: I9c581d14da3ac9fe5c3c0b43e156d8ad8d90c73f
 2023-03-06 07:08:49 -08:00
Wiktor Garbacz
e09c2bc215 Run more tests with coverage and sanitizers contd 
PiperOrigin-RevId: 513815467
Change-Id: I31d0df2c69b20eb126aaa8dde7f45fa7c0e1e6a8
 2023-03-03 06:51:06 -08:00
Wiktor Garbacz
cd945565f5 Run more tests with coverage and sanitizers 
Running with a permissive test policy should not interfere with sanitizers
or coverage.
Most tests should run with such a permissive policy.
The exception are tests which actually tests policy enforcement.

PiperOrigin-RevId: 513548936
Change-Id: I9a4c2cc8074997cff08cc22d15f4736219ce4d63
 2023-03-02 08:46:07 -08:00
Wiktor Garbacz
d74dac096a Rework stack_trace_test 
PiperOrigin-RevId: 513467290
Change-Id: Iab630412052fa5e7333514f3864ebdfb7f10e1ef
 2023-03-02 01:25:38 -08:00
Wiktor Garbacz
5a8a25e9ac Change the default action instead of appending ALLOW 
Also create a visibility restricted version of the function.

PiperOrigin-RevId: 513209752
Change-Id: I031fe62d5ccd81995536479b9af890ad111e336c
 2023-03-01 05:36:24 -08:00
Juan Vazquez
e11109c9ee Internal change 
PiperOrigin-RevId: 512922245
Change-Id: Ibc6d769f2f6b15971b95878c8fdb8d4664fbf2df
 2023-02-28 07:01:07 -08:00
Wiktor Garbacz
e1246332d1 Rename and move CreateDirRecursive 
PiperOrigin-RevId: 510186053
Change-Id: I0e68cc8fff44780ab98f1d57f829ff900790eed5
 2023-02-16 10:44:01 -08:00
Wiktor Garbacz
6db17e7ab3 Use namespaced policy in most tests 
Drive-by some test cleanups.

PiperOrigin-RevId: 510134967
Change-Id: I40328a644690865c5cc0a0eb265222ebf7ff83e0
 2023-02-16 07:12:46 -08:00
Wiktor Garbacz
71692bb50b Decouple sandboxed stack tracing 
This allows to split monitor & stack_trace related targets.
Also move stack traces related functionality into MonitorBase.

PiperOrigin-RevId: 510112916
Change-Id: I60eabf9c9b3204dc369713edd8ae05fded306875
 2023-02-16 06:07:15 -08:00
Wiktor Garbacz
d2dbbbae76 Remove redundant tests 
UID/GID is checked in namespace test and open fds in santizier test

PiperOrigin-RevId: 510084559
Change-Id: I1aac4d30d44aa2390447f24d228afbb1c3b04e2b
 2023-02-16 02:28:52 -08:00
Wiktor Garbacz
3f53e81d0b Remove unused dependency 
PiperOrigin-RevId: 509890467
Change-Id: I0189fca5efa93a9e67f6f07eac44793cd17dcfc3
 2023-02-15 11:35:14 -08:00
Wiktor Garbacz
a5d12903dd Extract SandboxeeProcess and move it down the call chain 
PiperOrigin-RevId: 507718207
Change-Id: Ia1f6fc2f09abbde5311f8dc0f596aa605989140d
 2023-02-07 02:22:45 -08:00
Wiktor Garbacz
8f24f2a4f0 Split PtraceMonitor into separate file 
PiperOrigin-RevId: 505660957
Change-Id: I6b8fcbb86c9fef294b6d19e2d1ec7120415f843b
 2023-01-30 05:09:20 -08:00
Wiktor Garbacz
97d67019d2 Split out policybuilder target 
PiperOrigin-RevId: 505053801
Change-Id: Ic0ea4aa2334394e310af6d3a11f961bd4866f9dc
 2023-01-27 01:24:51 -08:00
Wiktor Garbacz
4450c5513f Bazel: Do not expose regs.h 
PiperOrigin-RevId: 505047592
Change-Id: I207cf46c3f75d0a24cf753888e0cdba53d4193b0
 2023-01-27 00:43:38 -08:00
Sandboxed API Team
8c107936da Internal BUILD changes 
PiperOrigin-RevId: 503417314
Change-Id: Ib368f5600ef39d2ee37fc8c71108d6d11f109328
 2023-01-20 05:14:47 -08:00
Sandboxed API Team
adb90a14a0 Internal BUILD changes 
PiperOrigin-RevId: 503412719
Change-Id: Idecf094c8c7c8956a9f000204c90ed83d6df599d
 2023-01-20 04:43:10 -08:00
Wiktor Garbacz
f87b6feb18 stack_trace: do not add common libraries when not a custom fork-server 
Avoids duplicate entries warnings and tightens the namespace.
Drive-by: modernize the policy.
PiperOrigin-RevId: 503108939
Change-Id: If34d23dd83ca39682799dfb36bd0b9b9ceb19fdc
 2023-01-19 02:47:49 -08:00
Wiktor Garbacz
00d42577d5 Use CLONE_VM for starting the global forkserver 
PiperOrigin-RevId: 499192311
Change-Id: I054385e9cab5e4987b0f34ab3b763244356405c2
 2023-01-03 05:36:40 -08:00
Sandboxed API Team
11b89c0317 Internal compatible_with change 
PiperOrigin-RevId: 491371995
Change-Id: I3f0430d6678992642557320a8fa3cf738a7c5fab
 2022-11-28 09:55:57 -08:00
Christian Blichmann
6fbfb8f9bd Remove Tag constructor, add standard comment for absl::WrapUnique(new T) 
PiperOrigin-RevId: 483654433
Change-Id: I16b058a6b186f764f45bc5540f3f49d5a294ddeb
 2022-10-25 06:20:51 -07:00
Christian Blichmann
8d04efa62d contrib: Replace uses of CHECK_NOTNULL 
Abseil's standard name for this is `ABSL_DIE_IF_NULL`.

PiperOrigin-RevId: 483648443
Change-Id: I9d6826443be72b30f71c18972436fa5f9c05048a
 2022-10-25 05:50:59 -07:00
Christian Blichmann
4c87556901 Use Abseil's log/flags instead of glog/gflags 
Follow-up changes might be required to fully fix up the contrib sandboxes.

PiperOrigin-RevId: 482475998
Change-Id: Iff631eb838a024b2f047a1be61bb27e35a8ff2f4
 2022-10-20 06:48:51 -07:00
Christian Blichmann
79b6784b82 #Cleanup: Consistently use std::make_unique 
PiperOrigin-RevId: 480597371
Change-Id: I145586382ad7a7694384cc672986132376a47465
 2022-10-12 05:23:42 -07:00
Sandboxed API Team
e541f79abd forkserver_bin is usually embedded via cc_embed_data. So there is no real reason why it should be stamped. 
PiperOrigin-RevId: 470013947
Change-Id: I7ff11fafdebb49e14c2b5dcae48c31fda6da2833
 2022-08-25 09:54:24 -07:00
Christian Blichmann
a60ff1a95c Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus 
#Cleanup

PiperOrigin-RevId: 443359044
Change-Id: I2b3e385a1846feac79edd28fcbf6e85b1429a44a
 2022-04-21 06:15:38 -07:00
Oliver Kunz
68eaa815ce Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto 
PiperOrigin-RevId: 434435260
Change-Id: Ie4cfe04bf1a9357e63b6159c3d5a8b95388b5292
 2022-03-14 05:15:15 -07:00
Wiktor Garbacz
52d1ea8984 Avoid hard failures in StartSubProcess 
PiperOrigin-RevId: 433453289
Change-Id: Ib8b08ddd31c4daa9a377960d52f0a7eb7b17de19
 2022-03-09 05:17:15 -08:00
Oliver Kunz
2650834d7c Add unittest for IsEquivalentNode 
PiperOrigin-RevId: 433172902
Change-Id: Ie6fb44e682be947fb9f8b856c5e804aa91647a6d
 2022-03-08 04:04:57 -08:00
Sandboxed API Team
32d19f9e57 Disable compress_stack_depot in sandbox 
The feature is pure optimization, but it requires
additional syscalls.

PiperOrigin-RevId: 432954277
Change-Id: I1f345f8a26c86e09611fd575cb6ee080f24cc717
 2022-03-07 08:43:42 -08:00
Sandboxed API Team
546365655d Introduce commandline flag to pass forkserver_bin path for Android builds. 
PiperOrigin-RevId: 431942480
Change-Id: I5382b4fc8e8a66bb823dda597e1b812421364212
 2022-03-02 08:12:21 -08:00
Christian Blichmann
befdb09597 Link more complex test cases dynamically 
Linking glibc in fully static mode is mostly unsupported. While such binaries
can easily be produced, conflicting symbols will often make them crash at
runtime. This happens because glibc will always (try to) load some dynamically
linked libraries, even when statically linked. This includes things like the
resolver, unicode/locale handling and others.

Internally at Google, this is not a concern due to the way glibc is being built
there. But in order to make all of our tests run in the open-source version of
this code, we need to change strategy a bit.

As a rule of thumb, glibc can safely be linked statically if a program is
resonably simple and does not use any networking of locale dependent
facilities. Calling syscalls directly instead of the corresponding libc
wrappers works as well, of course.

This change adjusts linker flags and sandbox policies to be more compatible
with regular Linux distributions.

Tested:
- `ctest -R '[A-Z].*'` (all SAPI/Sandbox2 tests)
PiperOrigin-RevId: 429025901
Change-Id: I46b677d9eb61080a8fe868002a34a77de287bf2d
 2022-02-16 05:59:13 -08:00
Wiktor Garbacz
943c74827b Internal change 
PiperOrigin-RevId: 426180225
Change-Id: Id7ea6118a6403221451d6db22d30ae8b29ef42bf
 2022-02-03 10:26:45 -08:00
Sandboxed API Team
1e5e426e70 Remove comment on licenses() rule as per Google guidance. 
PiperOrigin-RevId: 426136170
Change-Id: I341a2d962637b53f9cfa475fbbfe3e6938ee3a95
 2022-02-03 07:10:12 -08:00
Christian Blichmann
d451478e26 Change license link to HTTPS URL 
PiperOrigin-RevId: 424811734
Change-Id: If5ea692edc56ddc9c99fd478673df41c0246e9cc
 2022-01-28 01:39:09 -08:00