StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Wiktor Garbacz f87b6feb18 stack_trace: do not add common libraries when not a custom fork-server 
Avoids duplicate entries warnings and tightens the namespace.
Drive-by: modernize the policy.
PiperOrigin-RevId: 503108939
Change-Id: If34d23dd83ca39682799dfb36bd0b9b9ceb19fdc
2023-01-19 02:47:49 -08:00
..
examples
Update clients of PolicyBuilder to support architectures other than x86_64.
2023-01-04 01:44:20 -08:00
network_proxy
Use SyscallTrap in NetworkProxy
2022-11-30 05:47:44 -08:00
testcases
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
unwind
Handle S2 unwinding by trapping ptrace
2022-11-30 06:00:29 -08:00
util
Introduce SyscallTrap helper class
2022-11-30 05:21:12 -08:00
bpfdisassembler.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
bpfdisassembler.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
buffer_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
buffer.cc
Remove Tag constructor, add standard comment for absl::WrapUnique(new T)
2022-10-25 06:20:51 -07:00
buffer.h
Remove Tag constructor, add standard comment for absl::WrapUnique(new T)
2022-10-25 06:20:51 -07:00
BUILD.bazel
stack_trace: do not add common libraries when not a custom fork-server
2023-01-19 02:47:49 -08:00
client.cc
#Cleanup: Consistently use std::make_unique
2022-10-12 05:23:42 -07:00
client.h
Sandbox2: Graciously handle mapping over Comms/Exec fds
2022-10-10 09:39:01 -07:00
CMakeLists.txt
stack_trace: do not add common libraries when not a custom fork-server
2023-01-19 02:47:49 -08:00
comms_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
comms_test.proto
Migration of remaining protobufs from proto2 to proto3
2022-03-16 00:43:46 -07:00
comms.cc
contrib: Replace uses of CHECK_NOTNULL
2022-10-25 05:50:59 -07:00
comms.h
Sandbox2: Graciously handle mapping over Comms/Exec fds
2022-10-10 09:39:01 -07:00
executor.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
executor.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
fork_client.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
fork_client.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkingclient.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
forkingclient.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkserver_bin.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
forkserver_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
forkserver.cc
#Cleanup: Consistently use std::make_unique
2022-10-12 05:23:42 -07:00
forkserver.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
forkserver.proto
Migrate forkserver.proto to proto3 syntax
2022-03-14 07:28:23 -07:00
global_forkclient_lib_ctor.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
global_forkclient.cc
Use CLONE_VM for starting the global forkserver
2023-01-03 05:36:40 -08:00
global_forkclient.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
ipc_test.cc
#Cleanup: Consistently use std::make_unique
2022-10-12 05:23:42 -07:00
ipc.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
ipc.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
limits_test.cc
#Cleanup: Consistently use std::make_unique
2022-10-12 05:23:42 -07:00
limits.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
logserver.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logserver.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logserver.proto
Migration of remaining protobufs from proto2 to proto3
2022-03-16 00:43:46 -07:00
logsink.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logsink.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
monitor.cc
stack_trace: do not add common libraries when not a custom fork-server
2023-01-19 02:47:49 -08:00
monitor.h
stack_trace: do not add common libraries when not a custom fork-server
2023-01-19 02:47:49 -08:00
mount_tree.proto
Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
2022-03-14 05:15:15 -07:00
mounts_test.cc
Disable deprecation warnings
2022-04-22 04:58:02 -07:00
mounts.cc
Extend ValidateInterpreter with Android_Arm64 interpreter
2022-03-30 09:45:58 -07:00
mounts.h
Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
2022-03-14 05:15:15 -07:00
namespace_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
namespace.cc
#Cleanup: Consistently use std::make_unique
2022-10-12 05:23:42 -07:00
namespace.h
Add an option to allow mount propagation
2022-03-08 08:01:19 -08:00
notify_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
notify.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
policy_test.cc
Use new helpers in policy_test
2022-12-21 06:17:07 -08:00
policy.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
policy.h
Add option to block the ptrace system call instead of denying it.
2022-05-27 02:57:37 -07:00
policybuilder_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
policybuilder.cc
Allow MADV_HUGEPAGE used by tcmalloc
2023-01-13 04:41:22 -08:00
policybuilder.h
Update PolicyBuilder to include wrappers for more syscall families that differ between platforms.
2022-12-13 09:32:17 -08:00
README.md
Update references to the new documentation
2021-12-14 09:03:29 -08:00
regs_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
regs.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
regs.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
result.cc
Full syscall info in Result::ToString
2023-01-12 03:57:44 -08:00
result.h
#Cleanup: Consistently use std::make_unique
2022-10-12 05:23:42 -07:00
sandbox2_test.cc
#Cleanup: Consistently use std::make_unique
2022-10-12 05:23:42 -07:00
sandbox2.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
sandbox2.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
sanitizer_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
sanitizer.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
sanitizer.h
Delete deprecated ::sandbox2::Sandbox2::WaitForTsan and its remaining call sites.
2022-02-03 11:23:56 -08:00
stack_trace_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
stack_trace.cc
stack_trace: do not add common libraries when not a custom fork-server
2023-01-19 02:47:49 -08:00
stack_trace.h
stack_trace: do not add common libraries when not a custom fork-server
2023-01-19 02:47:49 -08:00
syscall_defs.cc
More precise sycall_defs
2022-12-22 05:00:48 -08:00
syscall_defs.h
Make code not have a -Warray-parameter warning.
2022-08-15 22:55:51 -07:00
syscall_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
syscall.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
syscall.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
testing.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
util_test.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
util.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
util.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
violation.proto
Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
2022-03-14 05:15:15 -07:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.