sandboxed-api/oss-internship-2020/jsonnet/examples/jsonnet_multiple_files_example.cc
Christian Blichmann dbaf95c724 Move utility code into sandboxed_api/util
This change should make it less confusing where utility code comes from.
Having it in two places made sense when we were debating whether to publish
Sandbox2 separately, but not any longer.

Follow-up changes will move `sandbox2/util.h` and rename the remaining
`sandbox2/util` folder.

PiperOrigin-RevId: 351601640
Change-Id: I6256845261f610e590c25e2c59851cc51da2d778
2021-01-13 09:25:52 -08:00

133 lines
4.3 KiB
C++

// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <libgen.h>
#include <syscall.h>
#include <cstdlib>
#include <iostream>
#include "jsonnet_sapi.sapi.h" // NOLINT(build/include)
#include "sandboxed_api/util/flag.h"
#include "sandboxed_api/util/fileops.h"
#include "sandboxed_api/util/path.h"
class JsonnetSapiSandbox : public JsonnetSandbox {
public:
explicit JsonnetSapiSandbox(std::string in_file, std::string out_directory)
: in_file_(std::move(in_file)),
out_directory_(std::move(out_directory)) {}
// We need a slightly different policy than the default one
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
sandbox2::PolicyBuilder*) override {
return sandbox2::PolicyBuilder()
.AllowStaticStartup()
.AllowOpen()
.AllowRead()
.AllowWrite()
.AllowStat()
.AllowSystemMalloc()
.AllowExit()
.AllowSyscalls({
__NR_futex,
__NR_close,
})
.AddDirectoryAt(sandbox2::file::CleanPath(&out_directory_[0]),
"/output",
/*is_ro=*/false)
.AddDirectoryAt(dirname(&in_file_[0]), "/input", true)
.BuildOrDie();
}
private:
std::string in_file_;
std::string out_directory_;
};
absl::Status JsonnetMain(std::string in_file, std::string out_file) {
using sapi::file::JoinPath;
using sapi::file_util::fileops::Basename;
// Initialize sandbox.
JsonnetSapiSandbox sandbox(in_file, out_file);
SAPI_RETURN_IF_ERROR(sandbox.Init())
JsonnetApi api(&sandbox);
// Initialize library's main structure.
SAPI_ASSIGN_OR_RETURN(JsonnetVm * jsonnet_vm, api.c_jsonnet_make());
sapi::v::RemotePtr vm_pointer(jsonnet_vm);
// Read input file.
std::string in_file_in_sandboxee(JoinPath("/input", Basename(in_file)));
sapi::v::ConstCStr in_file_var(in_file_in_sandboxee.c_str());
SAPI_ASSIGN_OR_RETURN(char* input,
api.c_read_input(false, in_file_var.PtrBefore()));
// Process jsonnet data.
sapi::v::RemotePtr input_pointer(input);
sapi::v::Int error;
SAPI_ASSIGN_OR_RETURN(char* output, api.c_jsonnet_evaluate_snippet_multi(
&vm_pointer, in_file_var.PtrBefore(),
&input_pointer, error.PtrAfter()));
CHECK(!error.GetValue()) << "Jsonnet code evaluation failed: "
<< error.GetValue() << "\n"
<< "Make sure all files used by your jsonnet file "
"are in the same directory as your file.";
// Write data to file.
std::string out_file_in_sandboxee(JoinPath("/output", Basename(out_file)));
sapi::v::ConstCStr out_file_var(out_file_in_sandboxee.c_str());
sapi::v::RemotePtr output_pointer(output);
SAPI_ASSIGN_OR_RETURN(
bool success,
api.c_write_output_file(&output_pointer, out_file_var.PtrBefore()));
CHECK(success) << "Writing to output file failed: " << success;
// Clean up.
SAPI_ASSIGN_OR_RETURN(char* result,
api.c_jsonnet_realloc(&vm_pointer, &output_pointer, 0));
SAPI_RETURN_IF_ERROR(api.c_jsonnet_destroy(&vm_pointer));
SAPI_RETURN_IF_ERROR(api.c_free_input(&input_pointer));
return absl::OkStatus();
}
int main(int argc, char* argv[]) {
using sapi::file_util::fileops::Basename;
google::InitGoogleLogging(argv[0]);
gflags::ParseCommandLineFlags(&argc, &argv, true);
if (!(argc == 3)) {
std::cerr << "Usage:\n"
<< Basename(argv[0])
<< " /absolute/path/to/INPUT.jsonnet /absolute/path/to/OUTPUT\n";
return EXIT_FAILURE;
}
std::string in_file(argv[1]);
std::string out_file(argv[2]);
absl::Status status = JsonnetMain(in_file, out_file);
if (!status.ok()) {
LOG(ERROR) << "Failed: " << status.ToString();
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}