Add client side code generation for HandleSymbolMsg

Sandboxed API Team · copybara-github · commit 2b65eaaf1125 · 2026-04-09T06:55:58.000-07:00
After this change, we will not need to expose symbols from the sandboxed library.

PiperOrigin-RevId: 897089250
Change-Id: I065d698e635f6ef09e5b3389adcd84e6ea8730be
diff --git a/cmake/SapiBuildDefs.cmake b/cmake/SapiBuildDefs.cmake
@@ -143,7 +143,7 @@ function(add_sapi_library)
     )
     set(_sapi_sandboxee_client_lib "${_sapi_sandboxee_client_target}")
   else()
-    set (_sapi_sandboxee_client_lib "sapi::call_message_handler")
+    set (_sapi_sandboxee_client_lib "sapi::client_message_handler")
   endif()
 
   # The sandboxed binary
diff --git a/sandboxed_api/BUILD b/sandboxed_api/BUILD
@@ -330,7 +330,7 @@ cc_library(
     hdrs = ["function_call_helper.h"],
     copts = sapi_platform_copts(),
     # Note that this is not a public API. It is used by the generated code and by the
-    # `call_message_handler` below, but should not be used directly by API users.
+    # `client_message_handler` below, but should not be used directly by API users.
     visibility = ["//visibility:public"],
     deps = [
         ":call",
@@ -368,8 +368,8 @@ cc_library(
 )
 
 cc_library(
-    name = "call_message_handler",
-    srcs = ["call_message_handler.cc"],
+    name = "client_message_handler",
+    srcs = ["client_message_handler.cc"],
     copts = sapi_platform_copts(),
     visibility = ["//visibility:public"],
     deps = [
diff --git a/sandboxed_api/CMakeLists.txt b/sandboxed_api/CMakeLists.txt
@@ -298,12 +298,12 @@ target_link_libraries(sapi_function_call_helper
           sapi::var_type
 )
 
-# sapi::call_message_handler
-add_library(sapi_call_message_handler ${SAPI_LIB_TYPE}
-  call_message_handler.cc
+# sapi::client_message_handler
+add_library(sapi_client_message_handler ${SAPI_LIB_TYPE}
+  client_message_handler.cc
 )
-add_library(sapi::call_message_handler ALIAS sapi_call_message_handler)
-target_link_libraries(sapi_call_message_handler PRIVATE
+add_library(sapi::client_message_handler ALIAS sapi_client_message_handler)
+target_link_libraries(sapi_client_message_handler PRIVATE
   absl::check
   absl::core_headers
   absl::log
diff --git a/sandboxed_api/bazel/sapi.bzl b/sandboxed_api/bazel/sapi.bzl
@@ -437,7 +437,7 @@ def sapi_library(
         )
         client_message_handler = ":" + name + ".sandboxee"
     else:
-        client_message_handler = "//sandboxed_api:call_message_handler"
+        client_message_handler = "//sandboxed_api:client_message_handler"
 
     # Library that contains generated interface and sandboxed binary as a data
     # dependency. Add this as a dependency instead of original library.
diff --git a/sandboxed_api/client.cc b/sandboxed_api/client.cc
@@ -43,6 +43,7 @@ namespace sapi {
 namespace client {
 
 void HandleCallMsg(const FuncCall& call, FuncRet* ret);
+void HandleSymbolMsg(const char* symname, FuncRet* ret);
 
 // Handles requests to allocate memory inside the sandboxee.
 void HandleAllocMsg(const size_t size, FuncRet* ret) {
@@ -86,21 +87,6 @@ void HandleFreeMsg(uintptr_t ptr, FuncRet* ret) {
   ret->int_val = 0ULL;
 }
 
-// Handles requests to find a symbol value.
-void HandleSymbolMsg(const char* symname, FuncRet* ret) {
-  ret->ret_type = v::Type::kPointer;
-
-  void* handle = dlopen(nullptr, RTLD_NOW);
-  if (handle == nullptr) {
-    ret->success = false;
-    ret->int_val = static_cast<uintptr_t>(Error::kDlOpen);
-    return;
-  }
-
-  ret->int_val = reinterpret_cast<uintptr_t>(dlsym(handle, symname));
-  ret->success = true;
-}
-
 // Handles requests to receive a file descriptor from sandboxer.
 void HandleSendFd(sandbox2::Comms* comms, FuncRet* ret) {
   ret->ret_type = v::Type::kInt;
diff --git a/sandboxed_api/client_message_handler.cc b/sandboxed_api/client_message_handler.cc
@@ -137,5 +137,20 @@ void HandleCallMsg(const FuncCall& call, FuncRet* ret) {
   ret->success = true;
 }
 
+// Handles requests to find a symbol value.
+void HandleSymbolMsg(const char* symname, FuncRet* ret) {
+  ret->ret_type = v::Type::kPointer;
+
+  void* handle = dlopen(nullptr, RTLD_NOW);
+  if (handle == nullptr) {
+    ret->success = false;
+    ret->int_val = static_cast<uintptr_t>(Error::kDlOpen);
+    return;
+  }
+
+  ret->int_val = reinterpret_cast<uintptr_t>(dlsym(handle, symname));
+  ret->success = true;
+}
+
 }  // namespace client
 }  // namespace sapi
diff --git a/sandboxed_api/sandbox2_rpcchannel.cc b/sandboxed_api/sandbox2_rpcchannel.cc
@@ -54,15 +54,15 @@ absl::StatusOr<FuncRet> Sandbox2RPCChannel::Return(v::Type exp_type) {
                << " != " << sizeof(FuncRet) << ")";
     return absl::UnavailableError("Received TLV has incorrect length");
   }
+  if (!ret.success) {
+    LOG(ERROR) << "FuncRet->success == false";
+    return absl::UnavailableError("Function call failed");
+  }
   if (ret.ret_type != exp_type) {
     LOG(ERROR) << "FuncRet->type != exp_type (" << ret.ret_type
                << " != " << exp_type << ")";
     return absl::UnavailableError("Received TLV has incorrect return type");
   }
-  if (!ret.success) {
-    LOG(ERROR) << "FuncRet->success == false";
-    return absl::UnavailableError("Function call failed");
-  }
   return ret;
 }
 
diff --git a/sandboxed_api/tests/BUILD b/sandboxed_api/tests/BUILD
@@ -66,6 +66,7 @@ sapi_library(
     name = "sapi_test-sapi",
     functions = [
         "accumulate",
+        "compare_self_symbol",
     ],
     input_files = [
         "sapi_test_lib_cpp.cc",
diff --git a/sandboxed_api/tests/CMakeLists.txt b/sandboxed_api/tests/CMakeLists.txt
@@ -27,6 +27,7 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING AND NOT CMAKE_CROSSCOMPILING)
   # sandboxed_api/examples/sum/lib:sum-sapi
   add_sapi_library(sapi_test-sapi
     FUNCTIONS accumulate
+              compare_self_symbol
     INPUTS sapi_test_lib_cpp.cc
     LIBRARY sapi_test_lib
     LIBRARY_NAME SapiTest
diff --git a/sandboxed_api/tests/sapi_test.cc b/sandboxed_api/tests/sapi_test.cc
@@ -58,6 +58,7 @@ namespace sapi {
 namespace {
 
 using ::absl_testing::IsOk;
+using ::absl_testing::IsOkAndHolds;
 using ::absl_testing::StatusIs;
 using ::testing::ContainerEq;
 using ::testing::Eq;
@@ -496,6 +497,18 @@ TEST_P(SandboxTest, MapFd) {
   }
 }
 
+TEST_P(SandboxTest, CompareSelfSymbol) {
+  SandboxConfig config = GetDefaultConfig();
+  SapiTestSandbox sandbox(std::move(config));
+  ASSERT_THAT(sandbox.Init(), IsOk());
+  SapiTestApi api(&sandbox);
+  void* symbol = nullptr;
+  SAPI_ASSERT_OK(sandbox.Symbol("compare_self_symbol", &symbol));
+  EXPECT_THAT(symbol, NotNull());
+  sapi::v::RemotePtr remote_symbol(symbol);
+  EXPECT_THAT(api.compare_self_symbol(&remote_symbol), IsOkAndHolds(true));
+}
+
 INSTANTIATE_TEST_SUITE_P(SAPI, SandboxTest, ::testing::Values(false, true),
                          [](const ::testing::TestParamInfo<bool>& info) {
                            return info.param ? "EnableSharedMemory"
diff --git a/sandboxed_api/tests/sapi_test_lib_cpp.cc b/sandboxed_api/tests/sapi_test_lib_cpp.cc
@@ -27,3 +27,7 @@ extern "C" int accumulate(int* a, int* b, int* c, int* d, int* e, int* f,
                           int* g, int* h) {
   return internal::accumulate({a, b, c, d, e, f, g, h});
 }
+
+extern "C" bool compare_self_symbol(void* self) {
+  return self == reinterpret_cast<void*>(&compare_self_symbol);
+}
diff --git a/sandboxed_api/tools/clang_generator/emitter.cc b/sandboxed_api/tools/clang_generator/emitter.cc
@@ -14,6 +14,7 @@
 
 #include "sandboxed_api/tools/clang_generator/emitter.h"
 
+#include <algorithm>
 #include <string>
 #include <utility>
 #include <vector>
@@ -124,9 +125,10 @@ using %1$s = ::sapi::Sandbox<::sapi::Sandbox2Backend>;
 
 // Text template arguments:
 //   1. Function name prefix
-constexpr absl::string_view kHandleCallMsgDeclarationTemplate = R"(
+constexpr absl::string_view kHandleMsgDeclarationTemplate = R"(
 namespace sapi::client {
 void %1$sHandleCallMsg(const ::sapi::FuncCall& call, ::sapi::FuncRet* ret);
+void %1$sHandleSymbolMsg(const char* symname, ::sapi::FuncRet* ret);
 }  // namespace sapi::client
 )";
 
@@ -211,14 +213,29 @@ void %3$sHandleCallMsg(const ::sapi::FuncCall& call, ::sapi::FuncRet* ret) {
   if (ABSL_PREDICT_FALSE(it == kSandboxeeFunctions->end())) {
     LOG(ERROR) << "Function not found: '" << call.func << "'";
     *ret = ToFuncError(Error::kInvalidFunctionName);
-    ret->ret_type = call.ret_type;
     return;
   }
 
   ::sapi::FunctionCallPreparer preparer(call);
   *ret = it->second(preparer);
 }
 
+void %3$sHandleSymbolMsg(const char* symname, ::sapi::FuncRet* ret) {
+  static const absl::NoDestructor<absl::flat_hash_map<std::string, void*>>
+    kSandboxeeSymbols({
+  %5$s
+  });
+  auto it = kSandboxeeSymbols->find(symname);
+  if (ABSL_PREDICT_FALSE(it == kSandboxeeSymbols->end())) {
+    LOG(ERROR) << "Symbol not found: '" << symname << "'";
+    *ret = ToFuncError(Error::kInvalidFunctionName);
+    return;
+  }
+  ret->int_val = reinterpret_cast<uintptr_t>(it->second);
+  ret->success = true;
+  ret->ret_type = ::sapi::v::Type::kPointer;
+}
+
 }  // namespace sapi::client
 )";
 
@@ -468,19 +485,33 @@ absl::StatusOr<std::string> Emitter::DoEmitSandboxeeSrc() {
   absl::StrAppend(&out, kSandboxeeCommonIncludes);
   std::string call_msg_prefix =
       options_.sandbox_mode == SandboxMode::kPassthrough ? options_.name : "";
+  std::vector<std::string> rendered_functions_unqualified_ordered(
+      rendered_functions_unqualified_.begin(),
+      rendered_functions_unqualified_.end());
+  std::sort(rendered_functions_unqualified_ordered.begin(),
+            rendered_functions_unqualified_ordered.end());
+
   absl::StrAppend(
       &out, absl::StrFormat(
                 kSandboxeeSrcTemplate,
                 absl::StrJoin(rendered_sandboxee_prototypes_ordered_, "\n"),
                 absl::StrJoin(rendered_sandboxee_handler_ordered_, "\n"),
                 call_msg_prefix,
-                absl::StrJoin(rendered_functions_unqualified_, ",\n",
+                absl::StrJoin(rendered_functions_unqualified_ordered, ",\n",
                               [](std::string* out, std::string_view func) {
                                 absl::StrAppend(
                                     out,
                                     absl::StrFormat(
                                         "{\"%1$s\", FuncHandler%1$s}", func));
-                              })));
+                              }),
+                absl::StrJoin(
+                    rendered_functions_unqualified_ordered, ",\n",
+                    [](std::string* out, std::string_view func) {
+                      absl::StrAppend(
+                          out, absl::StrFormat(
+                                   "{\"%1$s\", reinterpret_cast<void*>(&%1$s)}",
+                                   func));
+                    })));
   return out;
 }
 
@@ -525,11 +556,11 @@ absl::StatusOr<std::string> Emitter::DoEmitHeader() {
     absl::StrAppendFormat(&out, kEmbedInclude, include_file);
   }
 
-  std::string handle_call_msg_prefix =
+  std::string handle_msg_prefix =
       options_.has_sandboxee_src_out() ? options_.name : "";
   if (options_.sandbox_mode == SandboxMode::kPassthrough) {
-    absl::StrAppendFormat(&out, kHandleCallMsgDeclarationTemplate,
-                          handle_call_msg_prefix);
+    absl::StrAppendFormat(&out, kHandleMsgDeclarationTemplate,
+                          handle_msg_prefix);
   }
 
   // If specified, wrap the generated API in a namespace
@@ -586,8 +617,7 @@ absl::StatusOr<std::string> Emitter::DoEmitHeader() {
     case SandboxMode::kPassthrough: {
       absl::StrAppendFormat(
           &out, kPassthroughClassTemplate, sandbox_class_name,
-          absl::StrCat("::sapi::client::", handle_call_msg_prefix,
-                       "HandleCallMsg"));
+          absl::StrCat("::sapi::client::", handle_msg_prefix, "HandleCallMsg"));
       break;
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ function(add_sapi_library)`
`143`	`143`	`)`
`144`	`144`	`set(_sapi_sandboxee_client_lib "${_sapi_sandboxee_client_target}")`
`145`	`145`	`else()`
`146`		`- set (_sapi_sandboxee_client_lib "sapi::call_message_handler")`
	`146`	`+ set (_sapi_sandboxee_client_lib "sapi::client_message_handler")`
`147`	`147`	`endif()`
`148`	`148`
`149`	`149`	`# The sandboxed binary`
Original file line number	Diff line number	Diff line change
`@@ -437,7 +437,7 @@ def sapi_library(`
`437`	`437`	`)`
`438`	`438`	`client_message_handler = ":" + name + ".sandboxee"`
`439`	`439`	`else:`
`440`		`- client_message_handler = "//sandboxed_api:call_message_handler"`
	`440`	`+ client_message_handler = "//sandboxed_api:client_message_handler"`
`441`	`441`
`442`	`442`	`# Library that contains generated interface and sandboxed binary as a data`
`443`	`443`	`# dependency. Add this as a dependency instead of original library.`
Original file line number	Diff line number	Diff line change
`@@ -54,15 +54,15 @@ absl::StatusOr<FuncRet> Sandbox2RPCChannel::Return(v::Type exp_type) {`
`54`	`54`	`<< " != " << sizeof(FuncRet) << ")";`
`55`	`55`	`return absl::UnavailableError("Received TLV has incorrect length");`
`56`	`56`	`}`
	`57`	`+ if (!ret.success) {`
	`58`	`+ LOG(ERROR) << "FuncRet->success == false";`
	`59`	`+ return absl::UnavailableError("Function call failed");`
	`60`	`+ }`
`57`	`61`	`if (ret.ret_type != exp_type) {`
`58`	`62`	`LOG(ERROR) << "FuncRet->type != exp_type (" << ret.ret_type`
`59`	`63`	`<< " != " << exp_type << ")";`
`60`	`64`	`return absl::UnavailableError("Received TLV has incorrect return type");`
`61`	`65`	`}`
`62`		`- if (!ret.success) {`
`63`		`- LOG(ERROR) << "FuncRet->success == false";`
`64`		`- return absl::UnavailableError("Function call failed");`
`65`		`- }`
`66`	`66`	`return ret;`
`67`	`67`	`}`
`68`	`68`