Rollforward PassthroughBackend implementation with fixes

PiperOrigin-RevId: 897052219
Change-Id: Id798168d5564a559a1fc94a68a898ca6e3458566

Author: Sandboxed API Team

sandboxed_api/BUILD

@@ -412,3 +412,28 @@ cc_library(
     ],
     visibility = ["//visibility:public"],
 )
+
+cc_library(
+    name = "passthrough_backend",
+    srcs = [
+        "passthrough_rpcchannel.cc",
+        "passthrough_rpcchannel.h",
+    ],
+    hdrs = [
+        "passthrough_backend.h",
+    ],
+    deps = [
+        ":call",
+        ":rpcchannel",
+        ":sandbox_config",
+        ":var_type",
+        "@abseil-cpp//absl/base:core_headers",
+        "@abseil-cpp//absl/container:flat_hash_set",
+        "@abseil-cpp//absl/functional:any_invocable",
+        "@abseil-cpp//absl/status",
+        "@abseil-cpp//absl/status:statusor",
+        "@abseil-cpp//absl/synchronization",
+        "@abseil-cpp//absl/time",
+        "@abseil-cpp//absl/types:span",
+    ],
+)

sandboxed_api/CMakeLists.txt

@@ -94,6 +94,30 @@ target_link_libraries(sapi_shared_memory_rpcchannel
           sapi::status
 )
 
+# sandboxed_api:passthrough_backend
+add_library(sapi_passthrough_backend ${SAPI_LIB_TYPE}
+  passthrough_backend.h
+  passthrough_rpcchannel.cc
+  passthrough_rpcchannel.h
+)
+add_library(sapi::passthrough_backend ALIAS sapi_passthrough_backend)
+target_link_libraries(sapi_passthrough_backend
+  PRIVATE absl::any_invocable
+          absl::flat_hash_set
+          absl::status
+          absl::statusor
+          absl::span
+          absl::synchronization
+          absl::time
+          sapi::base
+          sapi::call
+          sapi::rpcchannel
+          sapi::sandbox_config
+          sapi::var_type
+          ${CMAKE_DL_LIBS}
+  PUBLIC absl::check
+)
+
 # sandboxed_api:sandbox2_backend
 add_library(sapi_sandbox2_backend ${SAPI_LIB_TYPE}
   sandbox2_backend.cc
@@ -172,6 +196,7 @@ target_link_libraries(sapi_sapi
          sandbox2::sandbox2
          sapi::base
          sapi::sandbox_config
+         sapi::passthrough_backend
          sapi::sandbox2_backend
          sapi::status
 )

sandboxed_api/bazel/sapi.bzl

@@ -166,6 +166,9 @@ def _sapi_interface_impl(ctx):
     append_arg(args, "--sapi_functions", ",".join(ctx.attr.functions))
     append_arg(args, "--sapi_ns", ctx.attr.namespace)
 
+    if use_clang_generator:
+        append_arg(args, "--sapi_sandbox_mode", ctx.attr.sandbox_mode)
+
     if use_clang_generator and ctx.outputs.sandboxee_src_out:
         append_arg(args, "--sapi_sandboxee_src_out", ctx.outputs.sandboxee_src_out.path)
         outs.append(ctx.outputs.sandboxee_src_out)
@@ -261,6 +264,7 @@ sapi_interface = rule(
         "_generator_v1": make_exec_label(
             "//sandboxed_api/tools/python_generator:sapi_generator",
         ),
+        "sandbox_mode": attr.string(default = "sandbox2"),
         "symbol_list_gen": attr.bool(default = False),
         "_generator_v2": make_exec_label(
             # TODO(cblichmann): Add prebuilt version of Clang based generator
@@ -331,7 +335,8 @@ def sapi_library(
         visibility = None,
         compatible_with = None,
         default_copts = [],
-        exec_properties = {}):
+        exec_properties = {},
+        sandbox_mode = "sandbox2"):
     """Provides the implementation of a Sandboxed API library.
 
     Args:
@@ -371,13 +376,17 @@ def sapi_library(
       default_copts: List of package level default copts, an additional
         attribute since copts already has default value.
       exec_properties: Dict of executable properties to be passed to the generated binary targets.
+      sandbox_mode: Sandbox mode to use for the generated library. Either "sandbox2" (default) or "passthrough".
     """
 
     common = _common_kwargs(tags, visibility, compatible_with)
     generated_file_prefix = name + ".sapi"
     generated_header = generated_file_prefix + ".h"
     generated_sandboxee_src = generated_file_prefix + ".sandboxee.cc"
     use_sandboxee_generation = generator_version == 3
+    if sandbox_mode == "passthrough":
+        embed = False
+    in_process = sandbox_mode == "passthrough"
 
     # Reference (pull into the archive) required functions only. If the functions'
     # array is empty, pull in the whole archive (may not compile with MSAN).
@@ -387,16 +396,48 @@ def sapi_library(
             "-Wl,--whole-archive",
             "-Wl,--allow-multiple-definition",
         ]
+    sandboxee_linkopts = [
+        "-ldl",  # For dlopen(), dlsym()
+        # The sandboxing client must have access to all
+        "-Wl,-E",  # symbols used in the sandboxed library, so these
+    ] + exported_funcs  # must be both referenced, and exported
 
     lib_hdrs = hdrs or []
 
     lib_hdrs.append(generated_header)
 
     default_deps = ["//sandboxed_api/sandbox2"]
 
-    sapi_data_deps = [":" + name + ".bin"] if not embed else []
+    sapi_data_deps = [":" + name + ".bin"] if not embed and not in_process else []
 
-    backend_dep = ["//sandboxed_api:sandbox2_backend"]
+    backend_dep = []
+    if sandbox_mode == "sandbox2":
+        backend_dep = ["//sandboxed_api:sandbox2_backend"]
+    elif sandbox_mode == "passthrough":
+        backend_dep = ["//sandboxed_api:passthrough_backend", ":" + name + ".lib"]
+    else:
+        fail("Unsupported sandbox mode: " + sandbox_mode)
+
+    if use_sandboxee_generation:
+        cc_library(
+            name = name + ".sandboxee",
+            srcs = [generated_sandboxee_src],
+            deps = [
+                ":" + name + ".lib",
+                "@abseil-cpp//absl/base:core_headers",
+                "@abseil-cpp//absl/base:no_destructor",
+                "@abseil-cpp//absl/container:flat_hash_map",
+                "@abseil-cpp//absl/log",
+                "@abseil-cpp//absl/strings:string_view",
+                "//sandboxed_api:call",
+                "//sandboxed_api:function_call_helper",
+            ],
+            copts = default_copts,
+            **common
+        )
+        client_message_handler = ":" + name + ".sandboxee"
+    else:
+        client_message_handler = "//sandboxed_api:call_message_handler"
 
     # Library that contains generated interface and sandboxed binary as a data
     # dependency. Add this as a dependency instead of original library.
@@ -407,6 +448,7 @@ def sapi_library(
         hdrs = lib_hdrs,
         copts = default_copts + copts,
         defines = defines,
+        linkopts = sandboxee_linkopts if in_process else [],
         deps = sort_deps(
             [
                 "@abseil-cpp//absl/base:core_headers",
@@ -418,46 +460,24 @@ def sapi_library(
             ] + deps +
             ([":" + name + "_embed"] if embed else []) +
             (default_deps if add_default_deps else []) +
+            ([client_message_handler] if in_process else []) +
             backend_dep,
         ),
         **common
     )
 
-    if use_sandboxee_generation:
-        cc_library(
-            name = name + ".sandboxee",
-            srcs = [generated_sandboxee_src],
+    if not in_process:
+        cc_binary(
+            name = name + ".bin",
+            linkopts = sandboxee_linkopts,
+            malloc = malloc,
             deps = [
-                "@abseil-cpp//absl/base:core_headers",
-                "@abseil-cpp//absl/base:no_destructor",
-                "@abseil-cpp//absl/container:flat_hash_map",
-                "@abseil-cpp//absl/log",
-                "@abseil-cpp//absl/strings:string_view",
-                "//sandboxed_api:call",
-                "//sandboxed_api:function_call_helper",
-            ],
+                ":" + name + ".lib",
+                "//sandboxed_api:client",
+            ] + [client_message_handler],
             copts = default_copts,
             **common
         )
-        client_message_handler = ":" + name + ".sandboxee"
-    else:
-        client_message_handler = "//sandboxed_api:call_message_handler"
-
-    cc_binary(
-        name = name + ".bin",
-        linkopts = [
-            "-ldl",  # For dlopen(), dlsym()
-            # The sandboxing client must have access to all
-            "-Wl,-E",  # symbols used in the sandboxed library, so these
-        ] + exported_funcs,  # must be both referenced, and exported
-        malloc = malloc,
-        deps = [
-            ":" + name + ".lib",
-            "//sandboxed_api:client",
-        ] + [client_message_handler],
-        copts = default_copts,
-        **common
-    )
 
     cc_library(
         name = name + ".lib",
@@ -494,6 +514,7 @@ def sapi_library(
         api_version = api_version,
         generator_version = generator_version,
         limit_scan_depth = limit_scan_depth,
+        sandbox_mode = sandbox_mode,
         **common
     )
 

sandboxed_api/passthrough_backend.h

@@ -0,0 +1,66 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef SANDBOXED_API_NULL_BACKEND_H_
+#define SANDBOXED_API_NULL_BACKEND_H_
+
+#include <memory>
+#include <utility>
+
+#include "absl/status/status.h"
+#include "absl/status/statusor.h"
+#include "absl/time/time.h"
+#include "sandboxed_api/passthrough_rpcchannel.h"
+#include "sandboxed_api/sandbox_config.h"
+
+namespace sapi {
+
+class SandboxBase;
+
+class PassthroughBackend {
+ public:
+  using CallFunctionT = PassthroughRPCChannel::CallFunctionT;
+  PassthroughBackend(SandboxConfig config, CallFunctionT call_function)
+      : rpc_channel_(
+            std::make_unique<PassthroughRPCChannel>(std::move(call_function))) {
+  }
+
+  // Initializes a new sandboxing session.
+  absl::Status Init() { return absl::OkStatus(); }
+
+  // Returns whether the current sandboxing session is active.
+  bool is_active() const { return true; }
+
+  PassthroughRPCChannel* rpc_channel() const { return rpc_channel_.get(); }
+
+  absl::Status SetWallTimeLimit(absl::Duration limit) const {
+    // TODO(sroettger): This should enforce a wall time limit.
+    return absl::OkStatus();
+  }
+
+  absl::Status AwaitExitStatus() { return absl::OkStatus(); }
+
+  absl::StatusOr<int> GetPid() const {
+    return absl::UnavailableError("In-process sandbox has no pid");
+  }
+
+  void Terminate(bool attempt_graceful_exit = true) {}
+
+ private:
+  std::unique_ptr<PassthroughRPCChannel> rpc_channel_;
+};
+
+}  // namespace sapi
+
+#endif  // SANDBOXED_API_NULL_BACKEND_H_