Skip to content

Commit 2b65eaa

Browse files
Sandboxed API Teamcopybara-github
authored andcommitted
Add client side code generation for HandleSymbolMsg
After this change, we will not need to expose symbols from the sandboxed library. PiperOrigin-RevId: 897089250 Change-Id: I065d698e635f6ef09e5b3389adcd84e6ea8730be
1 parent a9d499d commit 2b65eaa

12 files changed

Lines changed: 88 additions & 38 deletions

File tree

cmake/SapiBuildDefs.cmake

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,7 @@ function(add_sapi_library)
143143
)
144144
set(_sapi_sandboxee_client_lib "${_sapi_sandboxee_client_target}")
145145
else()
146-
set (_sapi_sandboxee_client_lib "sapi::call_message_handler")
146+
set (_sapi_sandboxee_client_lib "sapi::client_message_handler")
147147
endif()
148148

149149
# The sandboxed binary

sandboxed_api/BUILD

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -330,7 +330,7 @@ cc_library(
330330
hdrs = ["function_call_helper.h"],
331331
copts = sapi_platform_copts(),
332332
# Note that this is not a public API. It is used by the generated code and by the
333-
# `call_message_handler` below, but should not be used directly by API users.
333+
# `client_message_handler` below, but should not be used directly by API users.
334334
visibility = ["//visibility:public"],
335335
deps = [
336336
":call",
@@ -368,8 +368,8 @@ cc_library(
368368
)
369369

370370
cc_library(
371-
name = "call_message_handler",
372-
srcs = ["call_message_handler.cc"],
371+
name = "client_message_handler",
372+
srcs = ["client_message_handler.cc"],
373373
copts = sapi_platform_copts(),
374374
visibility = ["//visibility:public"],
375375
deps = [

sandboxed_api/CMakeLists.txt

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -298,12 +298,12 @@ target_link_libraries(sapi_function_call_helper
298298
sapi::var_type
299299
)
300300

301-
# sapi::call_message_handler
302-
add_library(sapi_call_message_handler ${SAPI_LIB_TYPE}
303-
call_message_handler.cc
301+
# sapi::client_message_handler
302+
add_library(sapi_client_message_handler ${SAPI_LIB_TYPE}
303+
client_message_handler.cc
304304
)
305-
add_library(sapi::call_message_handler ALIAS sapi_call_message_handler)
306-
target_link_libraries(sapi_call_message_handler PRIVATE
305+
add_library(sapi::client_message_handler ALIAS sapi_client_message_handler)
306+
target_link_libraries(sapi_client_message_handler PRIVATE
307307
absl::check
308308
absl::core_headers
309309
absl::log

sandboxed_api/bazel/sapi.bzl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -437,7 +437,7 @@ def sapi_library(
437437
)
438438
client_message_handler = ":" + name + ".sandboxee"
439439
else:
440-
client_message_handler = "//sandboxed_api:call_message_handler"
440+
client_message_handler = "//sandboxed_api:client_message_handler"
441441

442442
# Library that contains generated interface and sandboxed binary as a data
443443
# dependency. Add this as a dependency instead of original library.

sandboxed_api/client.cc

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ namespace sapi {
4343
namespace client {
4444

4545
void HandleCallMsg(const FuncCall& call, FuncRet* ret);
46+
void HandleSymbolMsg(const char* symname, FuncRet* ret);
4647

4748
// Handles requests to allocate memory inside the sandboxee.
4849
void HandleAllocMsg(const size_t size, FuncRet* ret) {
@@ -86,21 +87,6 @@ void HandleFreeMsg(uintptr_t ptr, FuncRet* ret) {
8687
ret->int_val = 0ULL;
8788
}
8889

89-
// Handles requests to find a symbol value.
90-
void HandleSymbolMsg(const char* symname, FuncRet* ret) {
91-
ret->ret_type = v::Type::kPointer;
92-
93-
void* handle = dlopen(nullptr, RTLD_NOW);
94-
if (handle == nullptr) {
95-
ret->success = false;
96-
ret->int_val = static_cast<uintptr_t>(Error::kDlOpen);
97-
return;
98-
}
99-
100-
ret->int_val = reinterpret_cast<uintptr_t>(dlsym(handle, symname));
101-
ret->success = true;
102-
}
103-
10490
// Handles requests to receive a file descriptor from sandboxer.
10591
void HandleSendFd(sandbox2::Comms* comms, FuncRet* ret) {
10692
ret->ret_type = v::Type::kInt;
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,5 +137,20 @@ void HandleCallMsg(const FuncCall& call, FuncRet* ret) {
137137
ret->success = true;
138138
}
139139

140+
// Handles requests to find a symbol value.
141+
void HandleSymbolMsg(const char* symname, FuncRet* ret) {
142+
ret->ret_type = v::Type::kPointer;
143+
144+
void* handle = dlopen(nullptr, RTLD_NOW);
145+
if (handle == nullptr) {
146+
ret->success = false;
147+
ret->int_val = static_cast<uintptr_t>(Error::kDlOpen);
148+
return;
149+
}
150+
151+
ret->int_val = reinterpret_cast<uintptr_t>(dlsym(handle, symname));
152+
ret->success = true;
153+
}
154+
140155
} // namespace client
141156
} // namespace sapi

sandboxed_api/sandbox2_rpcchannel.cc

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -54,15 +54,15 @@ absl::StatusOr<FuncRet> Sandbox2RPCChannel::Return(v::Type exp_type) {
5454
<< " != " << sizeof(FuncRet) << ")";
5555
return absl::UnavailableError("Received TLV has incorrect length");
5656
}
57+
if (!ret.success) {
58+
LOG(ERROR) << "FuncRet->success == false";
59+
return absl::UnavailableError("Function call failed");
60+
}
5761
if (ret.ret_type != exp_type) {
5862
LOG(ERROR) << "FuncRet->type != exp_type (" << ret.ret_type
5963
<< " != " << exp_type << ")";
6064
return absl::UnavailableError("Received TLV has incorrect return type");
6165
}
62-
if (!ret.success) {
63-
LOG(ERROR) << "FuncRet->success == false";
64-
return absl::UnavailableError("Function call failed");
65-
}
6666
return ret;
6767
}
6868

sandboxed_api/tests/BUILD

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ sapi_library(
6666
name = "sapi_test-sapi",
6767
functions = [
6868
"accumulate",
69+
"compare_self_symbol",
6970
],
7071
input_files = [
7172
"sapi_test_lib_cpp.cc",

sandboxed_api/tests/CMakeLists.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING AND NOT CMAKE_CROSSCOMPILING)
2727
# sandboxed_api/examples/sum/lib:sum-sapi
2828
add_sapi_library(sapi_test-sapi
2929
FUNCTIONS accumulate
30+
compare_self_symbol
3031
INPUTS sapi_test_lib_cpp.cc
3132
LIBRARY sapi_test_lib
3233
LIBRARY_NAME SapiTest

sandboxed_api/tests/sapi_test.cc

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ namespace sapi {
5858
namespace {
5959

6060
using ::absl_testing::IsOk;
61+
using ::absl_testing::IsOkAndHolds;
6162
using ::absl_testing::StatusIs;
6263
using ::testing::ContainerEq;
6364
using ::testing::Eq;
@@ -496,6 +497,18 @@ TEST_P(SandboxTest, MapFd) {
496497
}
497498
}
498499

500+
TEST_P(SandboxTest, CompareSelfSymbol) {
501+
SandboxConfig config = GetDefaultConfig();
502+
SapiTestSandbox sandbox(std::move(config));
503+
ASSERT_THAT(sandbox.Init(), IsOk());
504+
SapiTestApi api(&sandbox);
505+
void* symbol = nullptr;
506+
SAPI_ASSERT_OK(sandbox.Symbol("compare_self_symbol", &symbol));
507+
EXPECT_THAT(symbol, NotNull());
508+
sapi::v::RemotePtr remote_symbol(symbol);
509+
EXPECT_THAT(api.compare_self_symbol(&remote_symbol), IsOkAndHolds(true));
510+
}
511+
499512
INSTANTIATE_TEST_SUITE_P(SAPI, SandboxTest, ::testing::Values(false, true),
500513
[](const ::testing::TestParamInfo<bool>& info) {
501514
return info.param ? "EnableSharedMemory"

0 commit comments

Comments
 (0)