Proto commits in google/sandboxed-api

These 42 commits are when the Protocol Buffers files have changed:

2024-11-20

Internal Cleanup PiperOrigin-RevId: 698362458 Change-Id: I150f655cac0cbbce038b410abf264b6451622ab0

The documentation is generated from this commit.

2024-10-30

Make mount order deterministic Protobuf makes no guarantees about the order of map entries and may even randomize in certain build configurations. This can lead to unexpected behavior in sandbox2, as the order of mounts can affect the behavior of the sandboxed application. This CL adds an `index` field to the `MountTree` proto. This field is used to keep track of the insertion order of mounts. When mounts are created, they are sorted by their index. This ensures that the order of mounts is always deterministic, regardless of the build configuration. PiperOrigin-RevId: 691329053 Change-Id: Ib73504b0ced8a00e15a68c3e85af5d542fdd8439

2024-10-18

Automated rollback of commit 94d27bedb90181b726395648059baf5d986046df. PiperOrigin-RevId: 687183811 Change-Id: I9344e9d8d75d7b5a4165c833675ba8793982daf1

2024-10-16

Automated rollback of commit a7ad5469a0fe20b841f09c95c1c6bb5c06e4eec2. PiperOrigin-RevId: 686510779 Change-Id: Idd590821dbe4bd412a69dc10b4fc949fe3e0cec0

2024-10-11

Implement ForkServer-based shared network namespace Namespace creation comes at a price. We introduce a means to tie a netns to a forkserver. This means any sandbox started by that forkserver process will have the same netns. PiperOrigin-RevId: 684800270 Change-Id: Ife982bd7bad22ccec9f7fc20b3f127c87622f18d

2024-10-07

mounts: Remove `optional` from mount tree proto Proto3 semantics are "optional" by default and now only control generation of `has_XXX()` presence checks. For the mount tree, we only need those for `node`. PiperOrigin-RevId: 683103568 Change-Id: I3c83385b52431c135df518d21cb20267beb09bf0

2024-10-02

Automated rollback of commit 2ba4460a75aae2285c9909ba58e1542505e19e61. PiperOrigin-RevId: 681393675 Change-Id: If591c8f4813c4630f75785fb36bc1c33f62bff1d

2024-10-01

Keep stable iteration order for mounts - Roll-forward with fixes - Add test PiperOrigin-RevId: 680927684 Change-Id: I6d7a4a6ce6769216abcb8d678577c3bd50bf4079

2024-09-23

Automated rollback of commit bd2762ca078c87ddc49f811fa4666e18318d2b4d. PiperOrigin-RevId: 677891872 Change-Id: I771d24326ac28025f69703f0db9fb237f0700548

Keep stable iteration order for mounts PiperOrigin-RevId: 677826829 Change-Id: If88fdcea300b6185090a72d9531e4e5cd98c66c3

2024-09-20

Remove unused `capabilities` field. PiperOrigin-RevId: 676883432 Change-Id: Iac6434fe6338ba85a05f81f54a334315345daf0c

2024-07-30

Add fine-grained fields to track handled syscalls PiperOrigin-RevId: 657643593 Change-Id: I3afb758e0cb37c83cca1e1d65fdba14f69f67d93

2024-07-24

Add an API to control speculative execution PiperOrigin-RevId: 655475815 Change-Id: Ibd63a180f98888840c80f6960e1c20e6a3e864ba

2024-04-26

Split out proto_helper PiperOrigin-RevId: 628343206 Change-Id: I0a11cfcaf82260f3618b766475562a39f289445b

2024-04-25

Internal change PiperOrigin-RevId: 628051157 Change-Id: I4ba6cbb6793a8abb49bb34e32a502895a76e24bd

2023-12-28

logserver: Support non-UTF8 log messages PiperOrigin-RevId: 594244338 Change-Id: Icc6bf1bea0dd8ad62e6fa274979cecd01e9b8283

2023-08-17

Treat libunwind sandbox as a ~regular sandboxee This removes dependency on unwind from forkserver, which should reduce binary size for all the custom forkservers (also the SAPI generated ones). Unwind was only ever used by the global forkserver anyhow PiperOrigin-RevId: 557921074 Change-Id: Iea4904da0506fee5a00f970538f512cba7b02326

2023-03-08

Seccomp_unotify based monitor Unotify based monitor should bring big performance wins if the sandboxee heavily uses threading or signals. Some of the features are not supported in that mode: - execveat is always allowed instead of just the initial one - stack traces are not collected on normal exit or if the process is terminated by signal PiperOrigin-RevId: 515040101 Change-Id: Ia5574d34b4ff7e91e3601edb8c9cb913e011fbf6

2023-03-02

Remove unused UnwindResult.ip, reuse RunLibUnwindAndSymbolizer PiperOrigin-RevId: 513482530 Change-Id: I50b24619af77a245088d489052f41f370a4d720b

2023-02-24

Add field to track policy source location PiperOrigin-RevId: 512070278 Change-Id: I959a57e296d9b999c4ee3086bc814d7d55484722

2022-03-16

Migration of remaining protobufs from proto2 to proto3 PiperOrigin-RevId: 434973223 Change-Id: I5518aa3944cab94d33ce0538bed8ee82f90d4b3a

2022-03-14

Migrate forkserver.proto to proto3 syntax PiperOrigin-RevId: 434458725 Change-Id: I277f76a1a5ebd3eed15c6b3f3e7f849bf6edacea

Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto PiperOrigin-RevId: 434435260 Change-Id: Ie4cfe04bf1a9357e63b6159c3d5a8b95388b5292

2022-03-08

Add an option to allow mount propagation PiperOrigin-RevId: 433211924 Change-Id: I653f000d44de10b668b375fd2dfff3c668cbf673

2022-01-28

Change license link to HTTPS URL PiperOrigin-RevId: 424811734 Change-Id: If5ea692edc56ddc9c99fd478673df41c0246e9cc

2021-10-11

Move example sandboxes out of `lib` directories This is mainly so that the structure of the examples follows what we do internally (not having separate directories). PiperOrigin-RevId: 402298115 Change-Id: I0f542607b88597572de39532364816f80a076697

2020-12-16

Add support for ARM32 (hard float target) This change enables support for 32-bit ARM, as used by embedded controllers and older phones. Note: This does not support 32-bit sandboxees on AArch64. Both sandboxee and host code must have the same bitness. PiperOrigin-RevId: 347835193 Change-Id: I6395882677530f9862f118d2dc10230a61049836

2020-12-14

Remove `FsDescription` proto FS checks are an internal feature that has been deprecated for a while in favor of user namespaces. PiperOrigin-RevId: 347378761 Change-Id: I1d7956cecd6db47b2b96fdedaada0b2a36f9b112

2020-09-11

Initial changes to support AArch64 This is a work in progress: - Syscall tables need work - Only tested on real hardware using one of our test hosts As a drive-by, this change also enables the open source version to function on POWER. Another side-effect of this change is that the default policies no longer check for different host architectures at runtime. On x86_64, we do not need to check for PPC or AArch64 specifice and vice versa. PiperOrigin-RevId: 331137472 Change-Id: Ic6d6be5cbe61d83dbe13d5a0be036871754b2eb8

Use inclusive language PiperOrigin-RevId: 331116936 Change-Id: I7084b24440a1c78c0d70030da900330f0b8d954f

2020-07-20

Refactor stack trace handling - Drop `delim` argument from the `GetStackTrace()` family of functions. We only ever used plain spaces. - Use an `std::vector<std::string>` for the symbolized stack frames and adjust the unwind proto accordingly. This change now prints each stack frame on its own line while skipping duplicate ones: ``` I20200717 11:47:16.811381 3636246 monitor.cc:326] Stack trace: [ I20200717 11:47:16.811415 3636246 monitor.cc:337] map:/lib/x86_64-linux-gnu/libc-2.30.so+0xceee7(0x7fb871602ee7) I20200717 11:47:16.811420 3636246 monitor.cc:337] Rot13File+0x130(0x55ed24615995) I20200717 11:47:16.811424 3636246 monitor.cc:337] ffi_call_unix64+0x55(0x55ed2461f2dd) I20200717 11:47:16.811429 3636246 monitor.cc:337] map:[stack]+0x1ec80(0x7ffee4257c80) I20200717 11:47:16.811455 3636246 monitor.cc:339] (last frame repeated 196 times) I20200717 11:47:16.811460 3636246 monitor.cc:347] ] ``` PiperOrigin-RevId: 322089140 Change-Id: I05b0de2f4118fed90fe920c06bbd70ea0d1119e2

2020-02-27

Replace sapi::Status with absl::Status PiperOrigin-RevId: 297614681 Change-Id: I89fe1357a172ed4d28df6dd84b80fee364ce1c14

2020-01-31

Internal change PiperOrigin-RevId: 292529030 Change-Id: Ie6b315d9edd5f253386474be4afff1a59e24a91e

2020-01-20

Internal change PiperOrigin-RevId: 290621061 Change-Id: I4b575ac65a9c225453552db74416eed45f1f4ebd

Internal change PiperOrigin-RevId: 290586117 Change-Id: I637ca27121ef541d48a717903496cab256214a0a

2020-01-17

Update license header with recommended best practices PiperOrigin-RevId: 290250533 Change-Id: Ic34b253446463cf971a055b70a242df93a598ee3

2019-11-14

Remount chroot as read-only PiperOrigin-RevId: 280394655 Change-Id: I1490b7dfbbca3d91f5efb4dd5800397c9da57da8

2019-09-24

Internal change PiperOrigin-RevId: 270878802 Change-Id: I4c946fdb5f566909eaead35a3050a99ab9047553

2019-03-20

Disable "mini" debug format support in libunwind to avoid additional library dependency PiperOrigin-RevId: 239397518 Change-Id: Icd8c641f9d5aac721a2cf1e4e0d3347743f49d58

Merge pull request #8 from shaan1337:patch-1 PiperOrigin-RevId: 239384106 Change-Id: Ibeb4b6a76226a1384fc21df33378101a31764012

Rename deathrattle_fatalmsg proto PiperOrigin-RevId: 239377742 Change-Id: I169407087f5e6f3275e282a51232bb6eea330e49

2019-03-18

Sandboxed API OSS release. PiperOrigin-RevId: 238996664 Change-Id: I9646527e2be68ee0b6b371572b7aafe967102e57 Signed-off-by: Christian Blichmann <cblichmann@google.com>