mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
6588aa2a68
Signal handling in Monitor::MainLoop was fixed. PiperOrigin-RevId: 248331692 Change-Id: I0f85d319802258632d2074742c53597bb922555a
193 lines
6.3 KiB
C++
193 lines
6.3 KiB
C++
// Copyright 2019 Google LLC. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
// Implementation of the sandbox2::Result class.
|
|
|
|
#include "sandboxed_api/sandbox2/result.h"
|
|
|
|
#include "absl/strings/str_cat.h"
|
|
#include "sandboxed_api/sandbox2/syscall.h"
|
|
#include "sandboxed_api/sandbox2/util.h"
|
|
#include "sandboxed_api/util/canonical_errors.h"
|
|
|
|
namespace sandbox2 {
|
|
|
|
Result& Result::operator=(const Result& other) {
|
|
final_status_ = other.final_status_;
|
|
reason_code_ = other.reason_code_;
|
|
stack_trace_ = other.stack_trace_;
|
|
if (other.regs_) {
|
|
regs_ = absl::make_unique<Regs>(*other.regs_);
|
|
} else {
|
|
regs_.reset(nullptr);
|
|
}
|
|
if (other.syscall_) {
|
|
syscall_ = absl::make_unique<Syscall>(*other.syscall_);
|
|
} else {
|
|
syscall_.reset(nullptr);
|
|
}
|
|
prog_name_ = other.prog_name_;
|
|
proc_maps_ = other.proc_maps_;
|
|
rusage_monitor_ = other.rusage_monitor_;
|
|
return *this;
|
|
}
|
|
|
|
::sapi::Status Result::ToStatus() const {
|
|
switch (final_status()) {
|
|
case OK:
|
|
if (reason_code() == 0) {
|
|
return ::sapi::OkStatus();
|
|
}
|
|
break;
|
|
case TIMEOUT:
|
|
return ::sapi::DeadlineExceededError(ToString());
|
|
default:
|
|
break;
|
|
}
|
|
return ::sapi::InternalError(ToString());
|
|
}
|
|
|
|
std::string Result::ToString() const {
|
|
std::string result;
|
|
switch (final_status()) {
|
|
case sandbox2::Result::UNSET:
|
|
result = absl::StrCat("UNSET - Code: ", reason_code());
|
|
break;
|
|
case sandbox2::Result::OK:
|
|
result = absl::StrCat("OK - Exit code: ", reason_code());
|
|
break;
|
|
case sandbox2::Result::SETUP_ERROR:
|
|
result = absl::StrCat(
|
|
"SETUP_ERROR - Code: ",
|
|
ReasonCodeEnumToString(static_cast<ReasonCodeEnum>(reason_code())));
|
|
break;
|
|
case sandbox2::Result::VIOLATION:
|
|
result = absl::StrCat("SYSCALL VIOLATION - Violating Syscall ",
|
|
Syscall::GetArchDescription(GetSyscallArch()), "[",
|
|
reason_code(), "/",
|
|
Syscall(GetSyscallArch(), reason_code()).GetName(),
|
|
"] Stack: ", GetStackTrace());
|
|
break;
|
|
case sandbox2::Result::SIGNALED:
|
|
result = absl::StrCat("Process terminated with a SIGNAL - Signal: ",
|
|
util::GetSignalName(reason_code()),
|
|
" Stack: ", GetStackTrace());
|
|
break;
|
|
case sandbox2::Result::TIMEOUT:
|
|
result = absl::StrCat("Process TIMEOUT - Code: ", reason_code(),
|
|
" Stack: ", GetStackTrace());
|
|
break;
|
|
case sandbox2::Result::EXTERNAL_KILL:
|
|
result = absl::StrCat("Process killed by user - Code: ", reason_code(),
|
|
" Stack: ", GetStackTrace());
|
|
break;
|
|
case sandbox2::Result::INTERNAL_ERROR:
|
|
result = absl::StrCat(
|
|
"INTERNAL_ERROR - Code: ",
|
|
ReasonCodeEnumToString(static_cast<ReasonCodeEnum>(reason_code())));
|
|
break;
|
|
default:
|
|
result =
|
|
absl::StrCat("<UNKNOWN>(", final_status(), ") Code: ", reason_code());
|
|
}
|
|
#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
|
|
defined(THREAD_SANITIZER)
|
|
absl::StrAppend(&result,
|
|
" - Warning: this executor is built with ASAN, "
|
|
"MSAN or TSAN, chances are the sandboxee too, which is "
|
|
"incompatible with sandboxing.");
|
|
#else
|
|
if (
|
|
getenv("COVERAGE") != nullptr) {
|
|
absl::StrAppend(&result,
|
|
" - Warning: this executor is built with coverage "
|
|
"enabled, chances are the sandboxee too, which is "
|
|
"incompatible with sandboxing.");
|
|
}
|
|
#endif
|
|
return result;
|
|
}
|
|
|
|
std::string Result::StatusEnumToString(StatusEnum value) {
|
|
switch (value) {
|
|
case sandbox2::Result::UNSET:
|
|
return "UNSET";
|
|
case sandbox2::Result::OK:
|
|
return "OK";
|
|
case sandbox2::Result::SETUP_ERROR:
|
|
return "SETUP_ERROR";
|
|
case sandbox2::Result::VIOLATION:
|
|
return "VIOLATION";
|
|
case sandbox2::Result::SIGNALED:
|
|
return "SIGNALED";
|
|
case sandbox2::Result::TIMEOUT:
|
|
return "TIMEOUT";
|
|
case sandbox2::Result::EXTERNAL_KILL:
|
|
return "EXTERNAL_KILL";
|
|
case sandbox2::Result::INTERNAL_ERROR:
|
|
return "INTERNAL_ERROR";
|
|
}
|
|
return "UNKNOWN";
|
|
}
|
|
|
|
std::string Result::ReasonCodeEnumToString(ReasonCodeEnum value) {
|
|
switch (value) {
|
|
case sandbox2::Result::UNSUPPORTED_ARCH:
|
|
return "UNSUPPORTED_ARCH";
|
|
case sandbox2::Result::FAILED_TIMERS:
|
|
return "FAILED_TIMERS";
|
|
case sandbox2::Result::FAILED_SIGNALS:
|
|
return "FAILED_SIGNALS";
|
|
case sandbox2::Result::FAILED_SUBPROCESS:
|
|
return "FAILED_SUBPROCESS";
|
|
case sandbox2::Result::FAILED_NOTIFY:
|
|
return "FAILED_NOTIFY";
|
|
case sandbox2::Result::FAILED_CONNECTION:
|
|
return "FAILED_CONNECTION";
|
|
case sandbox2::Result::FAILED_WAIT:
|
|
return "FAILED_WAIT";
|
|
case sandbox2::Result::FAILED_NAMESPACES:
|
|
return "FAILED_NAMESPACES";
|
|
case sandbox2::Result::FAILED_PTRACE:
|
|
return "FAILED_PTRACE";
|
|
case sandbox2::Result::FAILED_IPC:
|
|
return "FAILED_IPC";
|
|
case sandbox2::Result::FAILED_LIMITS:
|
|
return "FAILED_LIMITS";
|
|
case sandbox2::Result::FAILED_CWD:
|
|
return "FAILED_CWD";
|
|
case sandbox2::Result::FAILED_POLICY:
|
|
return "FAILED_POLICY";
|
|
case sandbox2::Result::FAILED_STORE:
|
|
return "FAILED_STORE";
|
|
case sandbox2::Result::FAILED_FETCH:
|
|
return "FAILED_FETCH";
|
|
case sandbox2::Result::FAILED_GETEVENT:
|
|
return "FAILED_GETEVENT";
|
|
case sandbox2::Result::FAILED_MONITOR:
|
|
return "FAILED_MONITOR";
|
|
case sandbox2::Result::FAILED_KILL:
|
|
return "FAILED_KILL";
|
|
case sandbox2::Result::FAILED_CHILD:
|
|
return "FAILED_CHILD";
|
|
case sandbox2::Result::VIOLATION_SYSCALL:
|
|
return "VIOLATION_SYSCALL";
|
|
case sandbox2::Result::VIOLATION_ARCH:
|
|
return "VIOLATION_ARCH";
|
|
}
|
|
return absl::StrCat("UNKNOWN: ", value);
|
|
}
|
|
|
|
} // namespace sandbox2
|