mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
166 lines
5.2 KiB
C++
166 lines
5.2 KiB
C++
// Copyright 2023 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// https://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
// The sandbox2::Monitor class is responsible for tracking the processes, and
|
|
// displaying their current statuses (syscalls, states, violations).
|
|
|
|
#ifndef SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_
|
|
#define SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_
|
|
|
|
#include <sys/resource.h>
|
|
#include <sys/types.h>
|
|
|
|
#include <cstdint>
|
|
#include <cstdio>
|
|
#include <memory>
|
|
#include <thread>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "absl/status/statusor.h"
|
|
#include "absl/synchronization/notification.h"
|
|
#include "absl/time/time.h"
|
|
#include "sandboxed_api/sandbox2/comms.h"
|
|
#include "sandboxed_api/sandbox2/executor.h"
|
|
#include "sandboxed_api/sandbox2/fork_client.h"
|
|
#include "sandboxed_api/sandbox2/forkserver.pb.h"
|
|
#include "sandboxed_api/sandbox2/ipc.h"
|
|
#include "sandboxed_api/sandbox2/network_proxy/server.h"
|
|
#include "sandboxed_api/sandbox2/notify.h"
|
|
#include "sandboxed_api/sandbox2/policy.h"
|
|
#include "sandboxed_api/sandbox2/regs.h"
|
|
#include "sandboxed_api/sandbox2/result.h"
|
|
#include "sandboxed_api/sandbox2/syscall.h"
|
|
|
|
namespace sandbox2 {
|
|
|
|
class MonitorBase {
|
|
public:
|
|
// executor, policy and notify are not owned by the Monitor
|
|
MonitorBase(Executor* executor, Policy* policy, Notify* notify);
|
|
|
|
MonitorBase(const MonitorBase&) = delete;
|
|
MonitorBase& operator=(const MonitorBase&) = delete;
|
|
|
|
virtual ~MonitorBase();
|
|
|
|
// Starts the Monitor.
|
|
void Launch();
|
|
|
|
// Getters for private fields.
|
|
bool IsDone() const { return done_notification_.HasBeenNotified(); }
|
|
|
|
// Enable network proxy server, this will start a thread in the sandbox
|
|
// that waits for connection requests from the sandboxee.
|
|
void EnableNetworkProxyServer();
|
|
|
|
pid_t pid() const { return process_.main_pid; }
|
|
|
|
const Result& result() const { return result_; }
|
|
|
|
absl::StatusOr<Result> AwaitResultWithTimeout(absl::Duration timeout);
|
|
|
|
virtual void Kill() = 0;
|
|
virtual void DumpStackTrace() = 0;
|
|
virtual void SetWallTimeLimit(absl::Duration limit) = 0;
|
|
|
|
protected:
|
|
void OnDone();
|
|
// Sets basic info status and reason code in the result object.
|
|
void SetExitStatusCode(Result::StatusEnum final_status,
|
|
uintptr_t reason_code);
|
|
// Logs a SANDBOX VIOLATION message based on the registers and additional
|
|
// explanation for the reason of the violation.
|
|
void LogSyscallViolation(const Syscall& syscall) const;
|
|
|
|
// Tells if collecting stack trace is at all possible.
|
|
bool StackTraceCollectionPossible() const;
|
|
|
|
// Whether a stack trace should be collected given the current status
|
|
bool ShouldCollectStackTrace(Result::StatusEnum status) const;
|
|
|
|
// Gets stack trace.
|
|
absl::StatusOr<std::vector<std::string>> GetStackTrace(const Regs* regs);
|
|
|
|
// Gets and logs stack trace.
|
|
absl::StatusOr<std::vector<std::string>> GetAndLogStackTrace(
|
|
const Regs* regs);
|
|
|
|
// Internal objects, owned by the Sandbox2 object.
|
|
Executor* executor_;
|
|
Notify* notify_;
|
|
Policy* policy_;
|
|
// The sandboxee process.
|
|
SandboxeeProcess process_;
|
|
Result result_;
|
|
// Comms channel ptr, copied from the Executor object for convenience.
|
|
Comms* comms_;
|
|
// Log file specified by
|
|
// --sandbox_danger_danger_permit_all_and_log flag.
|
|
FILE* log_file_ = nullptr;
|
|
// Handle to the class responsible for proxying and validating connect()
|
|
// requests.
|
|
std::unique_ptr<NetworkProxyServer> network_proxy_server_;
|
|
// Monitor type
|
|
MonitorType type_ = FORKSERVER_MONITOR_PTRACE;
|
|
|
|
private:
|
|
// Sends Policy to the Client.
|
|
// Returns success/failure status.
|
|
bool InitSendPolicy();
|
|
|
|
// Waits for the SandboxReady signal from the client.
|
|
// Returns success/failure status.
|
|
bool WaitForSandboxReady();
|
|
|
|
// Sends information about data exchange channels.
|
|
bool InitSendIPC();
|
|
|
|
// Sends information about the current working directory.
|
|
bool InitSendCwd();
|
|
|
|
// Applies limits on the sandboxee.
|
|
bool InitApplyLimits();
|
|
|
|
// Applies individual limit on the sandboxee.
|
|
bool InitApplyLimit(pid_t pid, int resource, const rlimit64& rlim) const;
|
|
|
|
// Logs an additional explanation for the possible reason of the violation
|
|
// based on the registers.
|
|
void LogSyscallViolationExplanation(const Syscall& syscall) const;
|
|
|
|
virtual void RunInternal() = 0;
|
|
virtual void Join() = 0;
|
|
|
|
// IPC ptr, used for exchanging data with the sandboxee.
|
|
IPC* ipc_;
|
|
|
|
// The field indicates whether the sandboxing task has been completed (either
|
|
// successfully or with error).
|
|
absl::Notification done_notification_;
|
|
|
|
// Empty temp file used for mapping the comms fd when the Tomoyo LSM is
|
|
// active.
|
|
std::string comms_fd_dev_;
|
|
|
|
std::thread network_proxy_thread_;
|
|
|
|
// Is the sandboxee forked from a custom forkserver?
|
|
bool uses_custom_forkserver_;
|
|
};
|
|
|
|
} // namespace sandbox2
|
|
|
|
#endif // SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_
|