StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Sandboxed API Team 508c7066a6 asan uses mmap() internally, so allow mmap() calls in asan builds 
PiperOrigin-RevId: 358802336
Change-Id: I26fa891cc9fffcfd32f6b18a63b39d6f2282ff7d
2021-02-22 06:02:35 -08:00
..
examples
Deprecate IPC::comms()
2021-02-19 04:43:14 -08:00
network_proxy
Internal change
2021-01-22 06:01:34 -08:00
testcases
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
unwind
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
util
Internal change
2021-01-22 06:01:34 -08:00
bpfdisassembler.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
bpfdisassembler.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
buffer_test.cc
Deprecate IPC::comms()
2021-02-19 04:43:14 -08:00
buffer.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
buffer.h
Change int64 to size_t in Buffer
2020-10-01 06:45:38 -07:00
BUILD.bazel
Avoid sanitizer macros use Abseil's where necessary
2021-02-01 07:11:15 -08:00
client.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
client.h
Replace std::unique_ptr<uint8_t[]> with vector
2020-11-05 02:03:46 -08:00
CMakeLists.txt
Replace GetNode with ResolvePath in Mounts
2021-02-19 00:43:34 -08:00
comms_test.cc
Change int64 to size_t in Buffer
2020-10-01 06:45:38 -07:00
comms_test.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
comms.cc
Avoid sanitizer macros use Abseil's where necessary
2021-02-01 07:11:15 -08:00
comms.h
Internal change
2021-01-22 06:01:34 -08:00
executor.cc
Simplify Executor ctor hierarchy
2021-01-28 02:20:37 -08:00
executor.h
Remove unneeded Executor ctors
2021-02-02 06:55:30 -08:00
fork_client.cc
Minor ForkClient improvements
2020-10-05 05:10:16 -07:00
fork_client.h
Start global fork-server on demand
2020-11-05 08:48:03 -08:00
forkingclient.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
forkingclient.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
forkserver_bin.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
forkserver_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
forkserver.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
forkserver.h
Extract ForkClient to a separate target
2020-07-17 04:54:54 -07:00
forkserver.proto
Internal change
2020-01-31 05:39:25 -08:00
global_forkclient_lib_ctor.cc
Do not fail if forkserver is disabled by env when lib_ctor is used
2020-12-10 02:49:54 -08:00
global_forkclient.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
global_forkclient.h
Add IsStarted() method to GlobalForkClient.
2021-01-11 09:34:13 -08:00
ipc_test.cc
Internal change
2021-01-22 06:01:34 -08:00
ipc.cc
Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
2020-02-20 07:45:44 -08:00
ipc.h
Deprecate IPC::comms()
2021-02-19 04:43:14 -08:00
limits_test.cc
Internal change
2021-01-22 06:01:34 -08:00
limits.h
Improvements to limits.h header
2021-01-27 08:05:25 -08:00
logserver.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logserver.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logserver.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logsink.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logsink.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
monitor.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
monitor.h
Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
2020-02-20 07:45:44 -08:00
mounts_test.cc
Internal change
2021-01-22 06:01:34 -08:00
mounts.cc
Replace GetNode with ResolvePath in Mounts
2021-02-19 00:43:34 -08:00
mounts.h
Replace GetNode with ResolvePath in Mounts
2021-02-19 00:43:34 -08:00
mounttree.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
namespace_test.cc
Internal change
2021-01-22 06:01:34 -08:00
namespace.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
namespace.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
notify_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
notify.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
policy_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
policy.cc
Internal change
2021-02-02 02:41:13 -08:00
policy.h
Permit sandboxee's bpf() to fail
2020-12-02 08:38:32 -08:00
policybuilder_test.cc
Avoid sanitizer macros use Abseil's where necessary
2021-02-01 07:11:15 -08:00
policybuilder.cc
asan uses mmap() internally, so allow mmap() calls in asan builds
2021-02-22 06:02:35 -08:00
policybuilder.h
Permit sandboxee's bpf() to fail
2020-12-02 08:38:32 -08:00
README.md
Corrects typo in link
2019-10-07 02:36:35 -07:00
regs.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
regs.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
result.cc
Avoid sanitizer macros use Abseil's where necessary
2021-02-01 07:11:15 -08:00
result.h
Adds IsRetryable() method to Result class, currently just returns false.
2021-02-11 09:34:23 -08:00
sandbox2_test.cc
Internal change
2021-01-22 06:01:34 -08:00
sandbox2.cc
Internal BUILD refactoring
2020-09-03 07:40:33 -07:00
sandbox2.h
Internal BUILD refactoring
2020-09-03 07:40:33 -07:00
sanitizer_test.cc
Internal change
2021-01-22 06:01:34 -08:00
sanitizer.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
sanitizer.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
stack_trace_test.cc
Internal change
2021-01-22 06:01:34 -08:00
stack_trace.cc
Deprecate IPC::comms()
2021-02-19 04:43:14 -08:00
stack_trace.h
Refactor stack trace handling
2020-07-20 00:24:40 -07:00
syscall_defs.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
syscall_defs.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
syscall_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
syscall.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
syscall.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
testing.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
util_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
util.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
util.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
violation.proto
Add support for ARM32 (hard float target)
2020-12-16 09:18:25 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.