sandboxed-api/sandboxed_api
Paul Wankadia bb6ae1d4ab Introduce AllowRestartableSequencesWithProcFiles() and tidy up.
1. In many cases, sandboxes need to allow /proc/stat and /proc/cpuinfo so that
get_nprocs(3) will work; otherwise, per-CPU logic can't determine how many CPUs
there are. Unfortunately, some of those sandboxes also disable namespaces. The
solution is to provide two functions: AllowRestartableSequencesWithProcFiles(),
which allows syscalls and files; and AllowRestartableSequences(), which allows
syscalls only. Sandboxes should usually call the former; sandboxes that disable
namespaces should instead call the latter and are responsible for allowing the
files via the deprecated Fs mechanism.

2. Make the mmap(2) policy evaluate prot AND flags, not prot OR flags.

3. Order the code and the comments identically for better readability.

PiperOrigin-RevId: 386414028
Change-Id: I016b1854ed1da9c9bcff7b351c5e0041093b8193
2021-07-23 02:23:22 -07:00
..
bazel Update third-party dependencies 2021-04-26 05:00:30 -07:00
docs Internal change. 2020-03-19 09:58:28 -07:00
examples Check for either violate() or ViolateIndirect() in stack trace 2021-05-06 07:36:13 -07:00
sandbox2 Introduce AllowRestartableSequencesWithProcFiles() and tidy up. 2021-07-23 02:23:22 -07:00
tools Properly handle unsigned-by-default char types 2021-03-24 04:48:16 -07:00
util Raw logging should not allocate memory 2021-05-18 05:37:38 -07:00
BUILD.bazel Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
call.h Avoid complex designated initializer, initialize internal struct padding 2021-02-02 00:56:58 -08:00
client.cc Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
CMakeLists.txt Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
config.h Internal change 2021-05-20 08:17:10 -07:00
embed_file.cc Revert memfd file sealing for embeded files 2021-07-20 02:29:21 -07:00
embed_file.h Rename static singleton accessor 2021-07-14 08:00:59 -07:00
file_toc.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
lenval_core.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
proto_arg.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
proto_helper.h Internal BUILD refactoring 2020-09-03 07:40:33 -07:00
rpcchannel.cc Use size_t/uintptr_t instead of uintptr_t or uint64_t where appropriate 2020-09-18 07:45:03 -07:00
rpcchannel.h Use size_t/uintptr_t instead of uintptr_t or uint64_t where appropriate 2020-09-18 07:45:03 -07:00
sandbox.cc Rename static singleton accessor 2021-07-14 08:00:59 -07:00
sandbox.h Move GetInternalDataDependencyFilePath() into internal namespace 2021-01-14 05:11:22 -08:00
sapi_test.cc Check for either violate() or ViolateIndirect() in stack trace 2021-05-06 07:36:13 -07:00
testing.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
testing.h Avoid sanitizer macros use Abseil's where necessary 2021-02-01 07:11:15 -08:00
transaction.cc Internal change 2021-01-22 06:01:34 -08:00
transaction.h Internal change 2021-01-22 06:01:34 -08:00
var_abstract.cc Internal change 2021-01-22 06:01:34 -08:00
var_abstract.h Modernize a few files 2020-07-20 03:07:54 -07:00
var_array.h Avoid buffer overflows when the sandboxee shrinks a shared buffer. 2021-02-02 23:59:12 -08:00
var_int.cc Internal change 2021-01-22 06:01:34 -08:00
var_int.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_lenval.cc Internal change 2021-01-22 06:01:34 -08:00
var_lenval.h Replace sapi::Status with absl::Status 2020-02-27 09:24:12 -08:00
var_pointable.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
var_pointable.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_proto.h Internal change 2021-01-22 06:01:34 -08:00
var_ptr.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_reg.h Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
var_struct.h Modernize a few files 2020-07-20 03:07:54 -07:00
var_type.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
var_void.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
vars.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00