diff options
| author | Wiktor Garbacz <wiktorg@google.com> | 2023-12-13 03:33:36 -0800 |
|---|---|---|
| committer | Copybara-Service <copybara-worker@google.com> | 2023-12-13 03:34:22 -0800 |
| commit | 0a992b683f107813455e029695baa9b6d7063e36 (patch) | |
| tree | a2b154fff94ed634a6088e8b8d1eedd3c1c491ce | |
| parent | d95df64ebbeaf8008d049f61858edfcea98d6332 (diff) | |
| download | sandboxed-api-0a992b683f107813455e029695baa9b6d7063e36.tar.gz | |
Add special handling for global forkserver
PiperOrigin-RevId: 590533638
Change-Id: Ibbb7685c58bae0ebf340eaa0186ecc794a5a5fea
| -rw-r--r-- | sandboxed_api/sandbox2/BUILD.bazel | 1 | ||||
| -rw-r--r-- | sandboxed_api/sandbox2/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | sandboxed_api/sandbox2/fork_client.cc | 7 | ||||
| -rw-r--r-- | sandboxed_api/sandbox2/fork_client.h | 9 | ||||
| -rw-r--r-- | sandboxed_api/sandbox2/global_forkclient.h | 2 | ||||
| -rw-r--r-- | sandboxed_api/sandbox2/monitor_base.cc | 2 |
6 files changed, 20 insertions, 2 deletions
diff --git a/sandboxed_api/sandbox2/BUILD.bazel b/sandboxed_api/sandbox2/BUILD.bazel index 6491dfc..fca41ab 100644 --- a/sandboxed_api/sandbox2/BUILD.bazel +++ b/sandboxed_api/sandbox2/BUILD.bazel @@ -529,6 +529,7 @@ cc_library( ":stack_trace", ":syscall", ":util", + "//sandboxed_api/sandbox2/network_proxy:client", "//sandboxed_api/sandbox2/network_proxy:server", "//sandboxed_api/util:file_helpers", "//sandboxed_api/util:raw_logging", diff --git a/sandboxed_api/sandbox2/CMakeLists.txt b/sandboxed_api/sandbox2/CMakeLists.txt index 5bf253f..a0842bc 100644 --- a/sandboxed_api/sandbox2/CMakeLists.txt +++ b/sandboxed_api/sandbox2/CMakeLists.txt @@ -422,6 +422,7 @@ target_link_libraries(sandbox2_monitor_base sandbox2::executor sandbox2::fork_client sandbox2::ipc + sandbox2::network_proxy_client sandbox2::network_proxy_server sandbox2::notify sandbox2::policy diff --git a/sandboxed_api/sandbox2/fork_client.cc b/sandboxed_api/sandbox2/fork_client.cc index 285344e..7ccc22f 100644 --- a/sandboxed_api/sandbox2/fork_client.cc +++ b/sandboxed_api/sandbox2/fork_client.cc @@ -27,6 +27,13 @@ namespace sandbox2 { using ::sapi::file_util::fileops::FDCloser; +ForkClient::ForkClient(pid_t pid, Comms* comms, bool is_global) + : pid_(pid), comms_(comms), is_global_(is_global) { +} + +ForkClient::~ForkClient() { +} + SandboxeeProcess ForkClient::SendRequest(const ForkRequest& request, int exec_fd, int comms_fd) { SandboxeeProcess process; diff --git a/sandboxed_api/sandbox2/fork_client.h b/sandboxed_api/sandbox2/fork_client.h index 842b152..60d483e 100644 --- a/sandboxed_api/sandbox2/fork_client.h +++ b/sandboxed_api/sandbox2/fork_client.h @@ -37,9 +37,10 @@ struct SandboxeeProcess { class ForkClient { public: - ForkClient(pid_t pid, Comms* comms) : pid_(pid), comms_(comms) {} + ForkClient(pid_t pid, Comms* comms) : ForkClient(pid, comms, false) {} ForkClient(const ForkClient&) = delete; ForkClient& operator=(const ForkClient&) = delete; + ~ForkClient(); // Sends the fork request over the supplied Comms channel. SandboxeeProcess SendRequest(const ForkRequest& request, int exec_fd, @@ -48,10 +49,16 @@ class ForkClient { pid_t pid() { return pid_; } private: + friend class GlobalForkClient; + + ForkClient(pid_t pid, Comms* comms, bool is_global); + // Pid of the ForkServer. pid_t pid_; // Comms channel connecting with the ForkServer. Not owned by the object. Comms* comms_ ABSL_GUARDED_BY(comms_mutex_); + // Is it the global forkserver + bool is_global_; // Mutex locking transactions (requests) over the Comms channel. absl::Mutex comms_mutex_; }; diff --git a/sandboxed_api/sandbox2/global_forkclient.h b/sandboxed_api/sandbox2/global_forkclient.h index 4517c27..13e8ad1 100644 --- a/sandboxed_api/sandbox2/global_forkclient.h +++ b/sandboxed_api/sandbox2/global_forkclient.h @@ -43,7 +43,7 @@ enum class GlobalForkserverStartMode { class GlobalForkClient { public: GlobalForkClient(int fd, pid_t pid) - : comms_(fd), fork_client_(pid, &comms_) {} + : comms_(fd), fork_client_(pid, &comms_, /*is_global=*/true) {} static SandboxeeProcess SendRequest(const ForkRequest& request, int exec_fd, int comms_fd) diff --git a/sandboxed_api/sandbox2/monitor_base.cc b/sandboxed_api/sandbox2/monitor_base.cc index 8423415..76978c9 100644 --- a/sandboxed_api/sandbox2/monitor_base.cc +++ b/sandboxed_api/sandbox2/monitor_base.cc @@ -50,7 +50,9 @@ #include "sandboxed_api/sandbox2/limits.h" #include "sandboxed_api/sandbox2/mounts.h" #include "sandboxed_api/sandbox2/namespace.h" +#include "sandboxed_api/sandbox2/network_proxy/client.h" #include "sandboxed_api/sandbox2/network_proxy/server.h" +#include "sandboxed_api/sandbox2/notify.h" #include "sandboxed_api/sandbox2/policy.h" #include "sandboxed_api/sandbox2/result.h" #include "sandboxed_api/sandbox2/stack_trace.h" |