mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Sandboxed API Team 04503f9bbe Replace <bits/local_lim.h> with <climits>

PiperOrigin-RevId: 409932987
Change-Id: I388aca627d6d0f3c9d5721e66574fb8af85cc8f4

2021-11-15 03:16:28 -08:00

examples

Improve examples

2021-10-11 07:50:27 -07:00

network_proxy

Use alias s6_addr instead of direct field access.

2021-11-15 01:01:20 -08:00

testcases

Fix Symbolize* tests.

2021-08-12 08:03:52 -07:00

unwind

Expose unwind symbol helpers.

2021-11-12 05:59:51 -08:00

util

Introduce sapi::OsErrorMessage() for error handling

2021-07-27 04:10:04 -07:00

bpfdisassembler.cc

Use absl::Span in BPF disassembler

2021-04-21 05:33:12 -07:00

bpfdisassembler.h

Use absl::Span in BPF disassembler

2021-04-21 05:33:12 -07:00

buffer_test.cc

Deprecate IPC::comms()

2021-02-19 04:43:14 -08:00

buffer.cc

Introduce sapi::OsErrorMessage() for error handling

2021-07-27 04:10:04 -07:00

buffer.h

Change int64 to size_t in Buffer

2020-10-01 06:45:38 -07:00

BUILD.bazel

Internal Change

2021-09-29 22:12:26 -07:00

client.cc

Check and limit seccomp policy length.

2021-11-11 06:10:40 -08:00

client.h

Replace std::unique_ptr<uint8_t[]> with vector

2020-11-05 02:03:46 -08:00

CMakeLists.txt

Use regular logging in fork client

2021-09-29 00:46:12 -07:00

comms_test.cc

Change int64 to size_t in Buffer

2020-10-01 06:45:38 -07:00

comms_test.proto

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

comms.cc

Reorder error logging before Terminate()

2021-07-29 07:12:02 -07:00

comms.h

Add workaround for active Tomoyo LSM

2021-05-10 07:04:04 -07:00

executor.cc

Use FDCloser in Executor extensively

2021-08-05 04:16:11 -07:00

executor.h

Use FDCloser in Executor extensively

2021-08-05 04:16:11 -07:00

fork_client.cc

Use regular logging in fork client

2021-09-29 00:46:12 -07:00

fork_client.h

Start global fork-server on demand

2020-11-05 08:48:03 -08:00

forkingclient.cc

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

forkingclient.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

forkserver_bin.cc

Automated rollback of commit 2036f5b2f04171d4fe973ba069760963ee7cd557.

2021-09-10 03:34:44 -07:00

forkserver_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

forkserver.cc

Automated rollback of commit 2036f5b2f04171d4fe973ba069760963ee7cd557.

2021-09-10 03:34:44 -07:00

forkserver.h

Another round of file descriptor handling fixes

2021-07-14 01:33:34 -07:00

forkserver.proto

Internal change

2020-01-31 05:39:25 -08:00

global_forkclient_lib_ctor.cc

Do not fail if forkserver is disabled by env when lib_ctor is used

2020-12-10 02:49:54 -08:00

global_forkclient.cc

Log when global forkserver is started and its exit status

2021-09-22 07:16:43 -07:00

global_forkclient.h

Add IsStarted() method to GlobalForkClient.

2021-01-11 09:34:13 -08:00

ipc_test.cc

Internal change

2021-01-22 06:01:34 -08:00

ipc.cc

Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.

2020-02-20 07:45:44 -08:00

ipc.h

Deprecate IPC::comms()

2021-02-19 04:43:14 -08:00

limits_test.cc

Internal change

2021-01-22 06:01:34 -08:00

limits.h

Internal change.

2021-07-29 05:52:19 -07:00

logserver.cc

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

logserver.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

logserver.proto

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

logsink.cc

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

logsink.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

monitor.cc

Automated rollback of commit 2036f5b2f04171d4fe973ba069760963ee7cd557.

2021-09-10 03:34:44 -07:00

monitor.h

Internal change

2021-05-20 08:17:10 -07:00

mounts_test.cc

Internal change.

2021-09-01 01:28:19 -07:00

mounts.cc

Minor cleanup/formatting changes

2021-05-17 04:07:08 -07:00

mounts.h

Add workaround for active Tomoyo LSM

2021-05-10 07:04:04 -07:00

mounttree.proto

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

namespace_test.cc

Modernize namespace_test a little

2021-10-13 04:17:46 -07:00

namespace.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

namespace.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

notify_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

notify.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

policy_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

policy.cc

Take a vector in Policy::AllowUnsafeKeepCapabilities()

2021-07-12 05:43:21 -07:00

policy.h

Allow collecting stacktraces on normal process exit

2021-08-16 03:13:15 -07:00

policybuilder_test.cc

Avoid sanitizer macros use Abseil's where necessary

2021-02-01 07:11:15 -08:00

policybuilder.cc

Safer and more efficient custom syscall policies

2021-11-12 02:44:41 -08:00

policybuilder.h

Check and limit seccomp policy length.

2021-11-11 06:10:40 -08:00

README.md

Corrects typo in link

2019-10-07 02:36:35 -07:00

regs.cc

Introduce sapi::OsErrorMessage() for error handling

2021-07-27 04:10:04 -07:00

regs.h

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

result.cc

Avoid sanitizer macros use Abseil's where necessary

2021-02-01 07:11:15 -08:00

result.h

Adds IsRetryable() method to Result class, currently just returns false.

2021-02-11 09:34:23 -08:00

sandbox2_test.cc

Allow collecting stacktraces on normal process exit

2021-08-16 03:13:15 -07:00

sandbox2.cc

(Mostly) internal change. Add pid() accessor.

2021-09-16 06:57:44 -07:00

sandbox2.h

(Mostly) internal change. Add pid() accessor.

2021-09-16 06:57:44 -07:00

sanitizer_test.cc

Automated rollback of commit 2036f5b2f04171d4fe973ba069760963ee7cd557.

2021-09-10 03:34:44 -07:00

sanitizer.cc

Automated rollback of commit 2036f5b2f04171d4fe973ba069760963ee7cd557.

2021-09-10 03:34:44 -07:00

sanitizer.h

Automated rollback of commit 2036f5b2f04171d4fe973ba069760963ee7cd557.

2021-09-10 03:34:44 -07:00

stack_trace_test.cc

Fix order-dependent test.

2021-03-18 05:56:40 -07:00

stack_trace.cc

Take a vector in Policy::AllowUnsafeKeepCapabilities()

2021-07-12 05:43:21 -07:00

stack_trace.h

Automated rollback of commit 4a38f59728f7f8849a42422faa9846c865918ac1.

2021-06-28 02:03:06 -07:00

syscall_defs.cc

Add new x86-64 syscalls

2021-06-04 01:01:34 -07:00

syscall_defs.h

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

syscall_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

syscall.cc

Add more compiler variants to GitHub Actions

2021-04-07 15:23:23 +02:00

syscall.h

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

testing.h

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

util_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

util.cc

Replace <bits/local_lim.h> with <climits>

2021-11-15 03:16:28 -08:00

util.h

Add optional VLOG(1) for additional process info on Syscall Violation.

2021-04-16 12:43:08 -07:00

violation.proto

Add support for ARM32 (hard float target)

2020-12-16 09:18:25 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.