sandboxed-api/sandboxed_api/sandbox2/util.h
Sandboxed API Team c6bab97690 Added more descriptive Syscall argument types, and an API for introspecting arguments.
PiperOrigin-RevId: 612904089
Change-Id: Ia0ef7b0559f7eed923981b13fa8224bc891e8c37
2024-03-05 11:07:06 -08:00

125 lines
4.3 KiB
C++

// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// The sandbox2::util namespace provides various, uncategorized, functions
// useful for creating sandboxes.
#ifndef SANDBOXED_API_SANDBOX2_UTIL_H_
#define SANDBOXED_API_SANDBOX2_UTIL_H_
#include <sys/types.h>
#include <cstdint>
#include <string>
#include <vector>
#include "absl/base/attributes.h"
#include "absl/base/macros.h"
#include "absl/status/statusor.h"
namespace sandbox2::util {
void DumpCoverageData();
// An char ptr array limited by the terminating nullptr entry (like environ
// or argv).
class CharPtrArray {
public:
CharPtrArray(char* const* array);
static CharPtrArray FromStringVector(const std::vector<std::string>& vec);
const std::vector<const char*>& array() const { return array_; }
const char* const* data() const { return array_.data(); }
std::vector<std::string> ToStringVector() const;
private:
CharPtrArray(const std::vector<std::string>& vec);
const std::string content_;
std::vector<const char*> array_;
};
// Converts an array of char* (terminated by a nullptr, like argv, or environ
// arrays), to an std::vector<std::string>.
ABSL_DEPRECATED("Use CharPtrArray(arr).ToStringVector() instead")
inline void CharPtrArrToVecString(char* const* arr,
std::vector<std::string>* vec) {
*vec = sandbox2::util::CharPtrArray(arr).ToStringVector();
}
// Returns the program name (via /proc/self/comm) for a given PID.
std::string GetProgName(pid_t pid);
// Given a resource descriptor FD and a PID, returns link of /proc/PID/fds/FD.
absl::StatusOr<std::string> GetResolvedFdLink(pid_t pid, uint32_t fd);
// Returns the command line (via /proc/self/cmdline) for a given PID. The
// argument separators '\0' are converted to spaces.
std::string GetCmdLine(pid_t pid);
// Returns the specified line from /proc/<pid>/status for a given PID. 'value'
// is a field name like "Threads" or "Tgid".
std::string GetProcStatusLine(int pid, const std::string& value);
// Invokes a syscall, avoiding on-stack argument promotion, as it might happen
// with vararg syscall() function.
long Syscall(long sys_no, // NOLINT
uintptr_t a1 = 0, uintptr_t a2 = 0, uintptr_t a3 = 0,
uintptr_t a4 = 0, uintptr_t a5 = 0, uintptr_t a6 = 0);
// Fork based on clone() which updates glibc's PID/TID caches - Based on:
// https://chromium.googlesource.com/chromium/src/+/9eb564175dbd452196f782da2b28e3e8e79c49a5%5E!/
//
// Return values as for 'man 2 fork'.
pid_t ForkWithFlags(int flags);
// Creates a new memfd.
bool CreateMemFd(int* fd, const char* name = "buffer_file");
// Executes a the program given by argv and the specified environment and
// captures any output to stdout/stderr.
absl::StatusOr<int> Communicate(const std::vector<std::string>& argv,
const std::vector<std::string>& envv,
std::string* output);
// Returns signal description.
std::string GetSignalName(int signo);
// Returns the socket address family as a string ("AF_INET", ...)
std::string GetAddressFamily(int addr_family);
// Returns rlimit resource name
std::string GetRlimitName(int resource);
// Returns ptrace event name
std::string GetPtraceEventName(int event);
// Reads `size` bytes from the given `ptr` address, or returns an error.
absl::StatusOr<std::vector<uint8_t>> ReadBytesFromPid(pid_t pid, uintptr_t ptr,
uint64_t size);
// Reads a path string (NUL-terminated, shorter than PATH_MAX) from another
// process memory
absl::StatusOr<std::string> ReadCPathFromPid(pid_t pid, uintptr_t ptr);
// Wrapper for execveat(2).
int Execveat(int dirfd, const char* pathname, const char* const argv[],
const char* const envp[], int flags, uintptr_t extra_arg = 0);
} // namespace sandbox2::util
#endif // SANDBOXED_API_SANDBOX2_UTIL_H_