StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Sandboxed API Team 75c7081622 For the SECCOMP event, check if the event msg is in the range of one of the known architectures. 
If it isn't, assume that the process has exited and the event msg contains an exit code.

PiperOrigin-RevId: 471258449
Change-Id: I44408c30fe7fb39e20b55cea871f3efb68fcde67
2022-08-31 08:09:37 -07:00
..
examples
Internal-only change.
2022-06-17 00:37:39 -07:00
network_proxy
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
testcases
Internal-only change.
2022-06-17 00:37:39 -07:00
unwind
Apply page offset during stack unwinding/symbolization
2022-02-11 07:19:34 -08:00
util
Fix visibility
2022-07-18 07:44:38 -07:00
bpfdisassembler.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
bpfdisassembler.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
buffer_test.cc
Fix BlockSyscallsWithErrno
2022-02-21 00:46:50 -08:00
buffer.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
buffer.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
BUILD.bazel
forkserver_bin is usually embedded via cc_embed_data. So there is no real reason why it should be stamped.
2022-08-25 09:54:24 -07:00
client.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
client.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
CMakeLists.txt
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
comms_test.cc
Changes to comms_test module to run unittests with --config=android_arm64
2022-03-29 07:16:43 -07:00
comms_test.proto
Migration of remaining protobufs from proto2 to proto3
2022-03-16 00:43:46 -07:00
comms.cc
Patch sandbox2/comms module to build for Android.
2022-03-17 05:27:07 -07:00
comms.h
Change to proto2::MessageLite and resolve reflextion for mobile builds
2022-03-03 04:48:30 -08:00
executor.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
executor.h
Add default member initializer for sandbox2::Executor::Process members
2022-04-11 06:59:17 -07:00
fork_client.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
fork_client.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkingclient.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkingclient.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkserver_bin.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkserver_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkserver.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
forkserver.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkserver.proto
Migrate forkserver.proto to proto3 syntax
2022-03-14 07:28:23 -07:00
global_forkclient_lib_ctor.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
global_forkclient.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
global_forkclient.h
Introduce commandline flag to pass forkserver_bin path for Android builds.
2022-03-02 08:12:21 -08:00
ipc_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
ipc.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
ipc.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
limits_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
limits.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
logserver.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
logserver.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
logserver.proto
Migration of remaining protobufs from proto2 to proto3
2022-03-16 00:43:46 -07:00
logsink.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
logsink.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
monitor.cc
For the SECCOMP event, check if the event msg is in the range of one of the known architectures.
2022-08-31 08:09:37 -07:00
monitor.h
Fix possible crash when multiple termination conditions occur simultaneously
2022-05-13 04:35:27 -07:00
mount_tree.proto
Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
2022-03-14 05:15:15 -07:00
mounts_test.cc
Disable deprecation warnings
2022-04-22 04:58:02 -07:00
mounts.cc
Extend ValidateInterpreter with Android_Arm64 interpreter
2022-03-30 09:45:58 -07:00
mounts.h
Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
2022-03-14 05:15:15 -07:00
namespace_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
namespace.cc
Add an option to allow mount propagation
2022-03-08 08:01:19 -08:00
namespace.h
Add an option to allow mount propagation
2022-03-08 08:01:19 -08:00
notify_test.cc
Remove AllowStaticStartup because AllowDynamicStartup calls this as well
2022-04-29 00:48:37 -07:00
notify.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
policy_test.cc
This change introduces internal experimental support for Android.
2022-06-08 06:51:41 -07:00
policy.cc
Block installing user notify inside Sandbox2
2022-07-03 11:20:31 -07:00
policy.h
Add option to block the ptrace system call instead of denying it.
2022-05-27 02:57:37 -07:00
policybuilder_test.cc
This change introduces internal experimental support for Android.
2022-06-08 06:51:41 -07:00
policybuilder.cc
This change introduces internal experimental support for Android.
2022-06-08 06:51:41 -07:00
policybuilder.h
Internal change
2022-05-27 06:45:58 -07:00
README.md
Update references to the new documentation
2021-12-14 09:03:29 -08:00
regs_test.cc
Fix -Wc++11-narrowing error with Clang introduced in 2546d9e
2022-01-14 03:40:01 -08:00
regs.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
regs.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
result.cc
More permissive ptrace handling in edge cases
2022-05-09 06:58:27 -07:00
result.h
More permissive ptrace handling in edge cases
2022-05-09 06:58:27 -07:00
sandbox2_test.cc
This change introduces internal experimental support for Android.
2022-06-08 06:51:41 -07:00
sandbox2.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
sandbox2.h
Delete deprecated ::sandbox2::Sandbox2::GetPid and its remaining call sites.
2022-02-02 09:57:11 -08:00
sanitizer_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
sanitizer.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
sanitizer.h
Delete deprecated ::sandbox2::Sandbox2::WaitForTsan and its remaining call sites.
2022-02-03 11:23:56 -08:00
stack_trace_test.cc
Link more complex test cases dynamically
2022-02-16 05:59:13 -08:00
stack_trace.cc
Fix stack traces on Fedora
2022-03-28 04:05:36 -07:00
stack_trace.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
syscall_defs.cc
Remove leftover definition from move to SyscallTable
2022-08-16 08:24:56 -07:00
syscall_defs.h
Make code not have a -Warray-parameter warning.
2022-08-15 22:55:51 -07:00
syscall_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
syscall.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
syscall.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
testing.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
util_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
util.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
util.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
violation.proto
Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
2022-03-14 05:15:15 -07:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.