Skip to content

Commit

Permalink
Automated rollback of commit 4ef595d.
Browse files Browse the repository at this point in the history
PiperOrigin-RevId: 645057180
Change-Id: Ife67e9791ef64780313566b587608f3472696f04
  • Loading branch information
Sandboxed API Team authored and copybara-github committed Jun 20, 2024
1 parent 4ef595d commit 470d04f
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 22 deletions.
25 changes: 12 additions & 13 deletions sandboxed_api/sandbox2/monitor_ptrace.cc
Original file line number Diff line number Diff line change
Expand Up @@ -657,8 +657,9 @@ bool PtraceMonitor::InitPtraceAttach() {
void PtraceMonitor::ActionProcessSyscall(Regs* regs, const Syscall& syscall) {
// If the sandboxing is not enabled yet, allow the first __NR_execveat.
if (syscall.nr() == __NR_execveat && !IsActivelyMonitoring()) {
VLOG(1) << "[PERMITTED/BEFORE_EXECVEAT]: " << "SYSCALL ::: PID: "
<< regs->pid() << ", PROG: '" << util::GetProgName(regs->pid())
VLOG(1) << "[PERMITTED/BEFORE_EXECVEAT]: "
<< "SYSCALL ::: PID: " << regs->pid() << ", PROG: '"
<< util::GetProgName(regs->pid())
<< "' : " << syscall.GetDescription();
ContinueProcess(regs->pid(), 0);
return;
Expand Down Expand Up @@ -692,7 +693,7 @@ void PtraceMonitor::ActionProcessSyscall(Regs* regs, const Syscall& syscall) {
return;
}

ActionProcessSyscallViolation(regs, syscall, ViolationType::kSyscall);
ActionProcessSyscallViolation(regs, syscall, kSyscallViolation);
}

void PtraceMonitor::ActionProcessSyscallViolation(
Expand Down Expand Up @@ -743,8 +744,7 @@ void PtraceMonitor::EventPtraceSeccomp(pid_t pid, int event_msg) {
// If the architecture of the syscall used is different that the current host
// architecture, report a violation.
if (syscall_arch != Syscall::GetHostArch()) {
ActionProcessSyscallViolation(&regs, syscall,
ViolationType::kArchitectureSwitch);
ActionProcessSyscallViolation(&regs, syscall, kArchitectureSwitchViolation);
return;
}

Expand Down Expand Up @@ -781,18 +781,18 @@ void PtraceMonitor::EventPtraceNewProcess(pid_t pid, int event_msg) {
// ptrace doesn't issue syscall-exit-stops for successful fork/vfork/clone
// system calls. Check if the monitor wanted to inspect the syscall's return
// value, and call EventSyscallReturn for the parent process if so.
if (auto index = syscalls_in_progress_.find(pid);
index != syscalls_in_progress_.end()) {
auto index = syscalls_in_progress_.find(pid);
if (index != syscalls_in_progress_.end()) {
auto syscall_nr = index->second.nr();
bool creating_new_process = syscall_nr == __NR_clone;
#ifdef __NR_clone3
creating_new_process |= syscall_nr == __NR_clone3;
creating_new_process = creating_new_process || syscall_nr == __NR_clone3;
#endif
#ifdef __NR_fork
creating_new_process |= syscall_nr == __NR_fork;
creating_new_process = creating_new_process || syscall_nr == __NR_fork;
#endif
#ifdef __NR_vfork
creating_new_process |= syscall_nr == __NR_vfork;
creating_new_process = creating_new_process || syscall_nr == __NR_vfork;
#endif
if (!creating_new_process) {
LOG(ERROR) << "Expected a fork/vfork/clone syscall in progress in PID "
Expand Down Expand Up @@ -861,9 +861,8 @@ void PtraceMonitor::EventPtraceExit(pid_t pid, int event_msg) {
// Process signaled due to seccomp violation.
if (is_seccomp) {
VLOG(1) << "PID: " << pid << " violation uncovered via the EXIT_EVENT";
ActionProcessSyscallViolation(regs.get(),
regs->ToSyscall(Syscall::GetHostArch()),
ViolationType::kSyscall);
ActionProcessSyscallViolation(
regs.get(), regs->ToSyscall(Syscall::GetHostArch()), kSyscallViolation);
return;
}

Expand Down
7 changes: 3 additions & 4 deletions sandboxed_api/sandbox2/monitor_unotify.cc
Original file line number Diff line number Diff line change
Expand Up @@ -185,8 +185,8 @@ void UnotifyMonitor::HandleUnotify() {
req_->data.args[3], req_->data.args[4], req_->data.args[5]},
req_->pid, 0, req_->data.instruction_pointer);
ViolationType violation_type = syscall.arch() == Syscall::GetHostArch()
? ViolationType::kSyscall
: ViolationType::kArchitectureSwitch;
? kSyscallViolation
: kArchitectureSwitchViolation;
LogSyscallViolation(syscall);
notify_->EventSyscallViolation(syscall, violation_type);
MaybeGetStackTrace(req_->pid, Result::VIOLATION);
Expand Down Expand Up @@ -285,8 +285,7 @@ void UnotifyMonitor::Run() {
}

void UnotifyMonitor::SetExitStatusFromStatusPipe() {
int code;
int status;
int code, status;
rusage usage;

std::vector<iovec> iov = {
Expand Down
8 changes: 3 additions & 5 deletions sandboxed_api/sandbox2/notify.h
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@

#include <sys/types.h>

#include <cstdint>

#include "absl/base/attributes.h"
#include "absl/log/log.h"
#include "sandboxed_api/sandbox2/comms.h"
Expand All @@ -30,11 +28,11 @@

namespace sandbox2 {

enum class ViolationType {
enum ViolationType {
// A syscall disallowed by the policy was invoked.
kSyscall,
kSyscallViolation,
// A syscall with cpu architecture not covered by the policy was invoked.
kArchitectureSwitch,
kArchitectureSwitchViolation,
};

class Notify {
Expand Down

0 comments on commit 470d04f

Please sign in to comment.