sandboxed-api/sandboxed_api/sandbox2
Christian Blichmann 221e929018 Include shell-based tests in OSS builds
These were previously dependent on an internal-only testing target.

For now, this only works with Bazel, but should enable us to have better test coverage in GitHub actions.
Eventually, all of these shell-based tests should be converted to `cc_test`s.

PiperOrigin-RevId: 400713615
Change-Id: I1cabb5b72977987ef4a1803480f699b58c4d56e9
2021-10-04 07:18:36 -07:00
..
examples Include shell-based tests in OSS builds 2021-10-04 07:18:36 -07:00
network_proxy Introduce sapi::OsErrorMessage() for error handling 2021-07-27 04:10:04 -07:00
testcases Fix Symbolize* tests. 2021-08-12 08:03:52 -07:00
unwind Fix formatting of pgoff. 2021-09-20 09:02:14 -07:00
util Introduce sapi::OsErrorMessage() for error handling 2021-07-27 04:10:04 -07:00
bpfdisassembler.cc Use absl::Span in BPF disassembler 2021-04-21 05:33:12 -07:00
bpfdisassembler.h Use absl::Span in BPF disassembler 2021-04-21 05:33:12 -07:00
buffer_test.cc Deprecate IPC::comms() 2021-02-19 04:43:14 -08:00
buffer.cc Introduce sapi::OsErrorMessage() for error handling 2021-07-27 04:10:04 -07:00
buffer.h Change int64 to size_t in Buffer 2020-10-01 06:45:38 -07:00
BUILD.bazel Internal Change 2021-09-29 22:12:26 -07:00
client.cc Log more info for seccomp setup failure 2021-04-15 05:09:38 -07:00
client.h Replace std::unique_ptr<uint8_t[]> with vector 2020-11-05 02:03:46 -08:00
CMakeLists.txt Use regular logging in fork client 2021-09-29 00:46:12 -07:00
comms_test.cc Change int64 to size_t in Buffer 2020-10-01 06:45:38 -07:00
comms_test.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
comms.cc Reorder error logging before Terminate() 2021-07-29 07:12:02 -07:00
comms.h Add workaround for active Tomoyo LSM 2021-05-10 07:04:04 -07:00
executor.cc Use FDCloser in Executor extensively 2021-08-05 04:16:11 -07:00
executor.h Use FDCloser in Executor extensively 2021-08-05 04:16:11 -07:00
fork_client.cc Use regular logging in fork client 2021-09-29 00:46:12 -07:00
fork_client.h Start global fork-server on demand 2020-11-05 08:48:03 -08:00
forkingclient.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkingclient.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkserver_bin.cc Automated rollback of commit 2036f5b2f0. 2021-09-10 03:34:44 -07:00
forkserver_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
forkserver.cc Automated rollback of commit 2036f5b2f0. 2021-09-10 03:34:44 -07:00
forkserver.h Another round of file descriptor handling fixes 2021-07-14 01:33:34 -07:00
forkserver.proto Internal change 2020-01-31 05:39:25 -08:00
global_forkclient_lib_ctor.cc Do not fail if forkserver is disabled by env when lib_ctor is used 2020-12-10 02:49:54 -08:00
global_forkclient.cc Log when global forkserver is started and its exit status 2021-09-22 07:16:43 -07:00
global_forkclient.h Add IsStarted() method to GlobalForkClient. 2021-01-11 09:34:13 -08:00
ipc_test.cc Internal change 2021-01-22 06:01:34 -08:00
ipc.cc Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional. 2020-02-20 07:45:44 -08:00
ipc.h Deprecate IPC::comms() 2021-02-19 04:43:14 -08:00
limits_test.cc Internal change 2021-01-22 06:01:34 -08:00
limits.h Internal change. 2021-07-29 05:52:19 -07:00
logserver.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logserver.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logserver.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logsink.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logsink.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
monitor.cc Automated rollback of commit 2036f5b2f0. 2021-09-10 03:34:44 -07:00
monitor.h Internal change 2021-05-20 08:17:10 -07:00
mounts_test.cc Internal change. 2021-09-01 01:28:19 -07:00
mounts.cc Minor cleanup/formatting changes 2021-05-17 04:07:08 -07:00
mounts.h Add workaround for active Tomoyo LSM 2021-05-10 07:04:04 -07:00
mounttree.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
namespace_test.cc Internal change 2021-01-22 06:01:34 -08:00
namespace.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
namespace.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
notify_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
notify.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
policy_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
policy.cc Take a vector in Policy::AllowUnsafeKeepCapabilities() 2021-07-12 05:43:21 -07:00
policy.h Allow collecting stacktraces on normal process exit 2021-08-16 03:13:15 -07:00
policybuilder_test.cc Avoid sanitizer macros use Abseil's where necessary 2021-02-01 07:11:15 -08:00
policybuilder.cc Enable mmap for msan (it's already enabled for asan and tsan) 2021-09-27 05:08:45 -07:00
policybuilder.h Internal change. 2021-09-01 01:28:19 -07:00
README.md Corrects typo in link 2019-10-07 02:36:35 -07:00
regs.cc Introduce sapi::OsErrorMessage() for error handling 2021-07-27 04:10:04 -07:00
regs.h Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
result.cc Avoid sanitizer macros use Abseil's where necessary 2021-02-01 07:11:15 -08:00
result.h Adds IsRetryable() method to Result class, currently just returns false. 2021-02-11 09:34:23 -08:00
sandbox2_test.cc Allow collecting stacktraces on normal process exit 2021-08-16 03:13:15 -07:00
sandbox2.cc (Mostly) internal change. Add pid() accessor. 2021-09-16 06:57:44 -07:00
sandbox2.h (Mostly) internal change. Add pid() accessor. 2021-09-16 06:57:44 -07:00
sanitizer_test.cc Automated rollback of commit 2036f5b2f0. 2021-09-10 03:34:44 -07:00
sanitizer.cc Automated rollback of commit 2036f5b2f0. 2021-09-10 03:34:44 -07:00
sanitizer.h Automated rollback of commit 2036f5b2f0. 2021-09-10 03:34:44 -07:00
stack_trace_test.cc Fix order-dependent test. 2021-03-18 05:56:40 -07:00
stack_trace.cc Take a vector in Policy::AllowUnsafeKeepCapabilities() 2021-07-12 05:43:21 -07:00
stack_trace.h Automated rollback of commit 4a38f59728. 2021-06-28 02:03:06 -07:00
syscall_defs.cc Add new x86-64 syscalls 2021-06-04 01:01:34 -07:00
syscall_defs.h Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
syscall_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
syscall.cc Add more compiler variants to GitHub Actions 2021-04-07 15:23:23 +02:00
syscall.h Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
testing.h Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
util_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
util.cc Introduce sapi::OsErrorMessage() for error handling 2021-07-27 04:10:04 -07:00
util.h Add optional VLOG(1) for additional process info on Syscall Violation. 2021-04-16 12:43:08 -07:00
violation.proto Add support for ARM32 (hard float target) 2020-12-16 09:18:25 -08:00

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.