mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Christian Blichmann d73f80cfa5 Enable AArch64 syscalls in examples

PiperOrigin-RevId: 375923215
Change-Id: I9523a074579975379b1a9d4644497268781499e1

2021-05-26 05:47:37 -07:00

examples

Enable AArch64 syscalls in examples

2021-05-26 05:47:37 -07:00

network_proxy

Update third-party dependencies

2021-04-26 05:00:30 -07:00

testcases

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

unwind

Use sapi::file::GetContents() and light Mini-ELF refactoring

2021-04-28 07:49:17 -07:00

util

Use sapi::file::GetContents() and light Mini-ELF refactoring

2021-04-28 07:49:17 -07:00

bpfdisassembler.cc

Use absl::Span in BPF disassembler

2021-04-21 05:33:12 -07:00

bpfdisassembler.h

Use absl::Span in BPF disassembler

2021-04-21 05:33:12 -07:00

buffer_test.cc

Deprecate IPC::comms()

2021-02-19 04:43:14 -08:00

buffer.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

buffer.h

Change int64 to size_t in Buffer

2020-10-01 06:45:38 -07:00

BUILD.bazel

Internal change

2021-05-20 08:17:10 -07:00

client.cc

Log more info for seccomp setup failure

2021-04-15 05:09:38 -07:00

client.h

Replace std::unique_ptr<uint8_t[]> with vector

2020-11-05 02:03:46 -08:00

CMakeLists.txt

Internal change

2021-05-20 08:17:10 -07:00

comms_test.cc

Change int64 to size_t in Buffer

2020-10-01 06:45:38 -07:00

comms_test.proto

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

comms.cc

Fix a data race in Comms

2021-05-18 05:48:54 -07:00

comms.h

Add workaround for active Tomoyo LSM

2021-05-10 07:04:04 -07:00

executor.cc

Minor cleanup/formatting changes

2021-05-17 04:07:08 -07:00

executor.h

Remove unneeded Executor ctors

2021-02-02 06:55:30 -08:00

fork_client.cc

Minor ForkClient improvements

2020-10-05 05:10:16 -07:00

fork_client.h

Start global fork-server on demand

2020-11-05 08:48:03 -08:00

forkingclient.cc

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

forkingclient.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

forkserver_bin.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

forkserver_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

forkserver.cc

Minor cleanup/formatting changes

2021-05-17 04:07:08 -07:00

forkserver.h

Extract ForkClient to a separate target

2020-07-17 04:54:54 -07:00

forkserver.proto

Internal change

2020-01-31 05:39:25 -08:00

global_forkclient_lib_ctor.cc

Do not fail if forkserver is disabled by env when lib_ctor is used

2020-12-10 02:49:54 -08:00

global_forkclient.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

global_forkclient.h

Add IsStarted() method to GlobalForkClient.

2021-01-11 09:34:13 -08:00

ipc_test.cc

Internal change

2021-01-22 06:01:34 -08:00

ipc.cc

Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.

2020-02-20 07:45:44 -08:00

ipc.h

Deprecate IPC::comms()

2021-02-19 04:43:14 -08:00

limits_test.cc

Internal change

2021-01-22 06:01:34 -08:00

limits.h

Improvements to limits.h header

2021-01-27 08:05:25 -08:00

logserver.cc

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

logserver.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

logserver.proto

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

logsink.cc

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

logsink.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

monitor.cc

Automated rollback of commit 5bb161b0db392eab78412cbd96b1898c3fbf1d30.

2021-05-21 02:59:34 -07:00

monitor.h

Internal change

2021-05-20 08:17:10 -07:00

mounts_test.cc

Fix Mounts::ResolvePath for dir nodes.

2021-04-14 02:45:41 -07:00

mounts.cc

Minor cleanup/formatting changes

2021-05-17 04:07:08 -07:00

mounts.h

Add workaround for active Tomoyo LSM

2021-05-10 07:04:04 -07:00

mounttree.proto

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

namespace_test.cc

Internal change

2021-01-22 06:01:34 -08:00

namespace.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

namespace.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

notify_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

notify.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

policy_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

policy.cc

Internal change

2021-05-20 08:17:10 -07:00

policy.h

Internal change

2021-05-20 08:17:10 -07:00

policybuilder_test.cc

Avoid sanitizer macros use Abseil's where necessary

2021-02-01 07:11:15 -08:00

policybuilder.cc

Automated rollback of commit 54ac8f86fcb7fe4ebf7a77c7d379aad6bf8612f6.

2021-04-15 04:54:14 -07:00

policybuilder.h

Internal change

2021-05-20 08:17:10 -07:00

README.md

Corrects typo in link

2019-10-07 02:36:35 -07:00

regs.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

regs.h

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

result.cc

Avoid sanitizer macros use Abseil's where necessary

2021-02-01 07:11:15 -08:00

result.h

Adds IsRetryable() method to Result class, currently just returns false.

2021-02-11 09:34:23 -08:00

sandbox2_test.cc

Internal change

2021-01-22 06:01:34 -08:00

sandbox2.cc

Internal BUILD refactoring

2020-09-03 07:40:33 -07:00

sandbox2.h

Internal BUILD refactoring

2020-09-03 07:40:33 -07:00

sanitizer_test.cc

Internal change

2021-01-22 06:01:34 -08:00

sanitizer.cc

Add optional VLOG(1) for additional process info on Syscall Violation.

2021-04-16 12:43:08 -07:00

sanitizer.h

Update license header with recommended best practices

2020-01-17 05:05:29 -08:00

stack_trace_test.cc

Fix order-dependent test.

2021-03-18 05:56:40 -07:00

stack_trace.cc

Deprecate IPC::comms()

2021-02-19 04:43:14 -08:00

stack_trace.h

Refactor stack trace handling

2020-07-20 00:24:40 -07:00

syscall_defs.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

syscall_defs.h

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

syscall_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

syscall.cc

Add more compiler variants to GitHub Actions

2021-04-07 15:23:23 +02:00

syscall.h

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

testing.h

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

util_test.cc

Move utility code into sandboxed_api/util

2021-01-13 09:25:52 -08:00

util.cc

Add optional VLOG(1) for additional process info on Syscall Violation.

2021-04-16 12:43:08 -07:00

util.h

Add optional VLOG(1) for additional process info on Syscall Violation.

2021-04-16 12:43:08 -07:00

violation.proto

Add support for ARM32 (hard float target)

2020-12-16 09:18:25 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.