// Copyright 2019 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package sandbox2; import "sandboxed_api/sandbox2/mounttree.proto"; enum PBViolationType { VIOLATION_TYPE_UNSPECIFIED = 0; DISALLOWED_SYSCALL = 1; RESOURCE_LIMIT_EXCEEDED = 2; SYSCALL_ARCHITECTURE_MISMATCH = 3; } // X86_64 not allowed (naming convention...) message RegisterX8664 { uint64 r15 = 1; uint64 r14 = 2; uint64 r13 = 3; uint64 r12 = 4; uint64 rbp = 5; uint64 rbx = 6; uint64 r11 = 7; uint64 r10 = 8; uint64 r9 = 9; uint64 r8 = 10; uint64 rax = 11; uint64 rcx = 12; uint64 rdx = 13; uint64 rsi = 14; uint64 rdi = 15; uint64 orig_rax = 16; uint64 rip = 17; uint64 cs = 18; uint64 eflags = 19; uint64 rsp = 20; uint64 ss = 21; uint64 fs_base = 22; uint64 gs_base = 23; uint64 ds = 24; uint64 es = 25; uint64 fs = 26; uint64 gs = 27; } message RegisterPowerpc64 { repeated uint64 gpr = 1; uint64 nip = 2; uint64 msr = 3; uint64 orig_gpr3 = 4; uint64 ctr = 5; uint64 link = 6; uint64 xer = 7; uint64 ccr = 8; uint64 softe = 9; uint64 trap = 10; uint64 dar = 11; uint64 dsisr = 12; uint64 result = 13; uint64 zero0 = 14; uint64 zero1 = 15; uint64 zero2 = 16; uint64 zero3 = 17; } // Deprecated. message RegisterAarch64 { repeated uint64 regs = 1; uint64 sp = 2; uint64 pc = 3; uint64 pstate = 4; } message RegisterValues { // Architecture architecture = 1; oneof register_values { RegisterX8664 register_x86_64 = 2; RegisterPowerpc64 register_powerpc64 = 3; RegisterAarch64 register_aarch64 = 4; // Deprecated. } } message SyscallDescription { int32 syscall = 1; // Should we have a second one with the raw value? // This would be redundant (We dump all registers) + should not be as useful // for debugging as the decoded values. repeated string argument = 2; // Store the architecture of the desired syscall in here as well? Might be // useful when the violation type was a change in syscall architecture. } message FsDescription { repeated string file_whitelist = 1; repeated string symlink_whitelist = 2; repeated string file_greylist = 3; repeated string file_blacklist = 4; } message PolicyBuilderDescription { repeated int32 handled_syscalls = 1; repeated string bind_mounts = 2; } message NamespaceDescription { int32 clone_flags = 1; // Do we want to have the mount tree in here? MountTree mount_tree_mounts = 2; } message PolicyDescription { bytes user_bpf_policy = 1; reserved 2 to 5; // This requires additional fields. (e.g. whitelisted syscall #s) PolicyBuilderDescription policy_builder_description = 6; // namespace NamespaceDescription namespace_description = 7; repeated int32 capabilities = 8; } message Violation { string legacy_fatal_message = 1; PBViolationType violation_type = 2; int32 pid = 3; string prog_name = 4; PolicyDescription policy = 5; string stack_trace = 6; SyscallDescription syscall_information = 7; RegisterValues register_values = 8; FsDescription fs = 9; string proc_maps = 10; // Contains the received signal that caused the death if applicable. int32 signal = 11; }