xref: /aosp_15_r20/external/sandboxed-api/sandboxed_api/sandbox2/monitor_base.h (revision ec63e07ab9515d95e79c211197c445ef84cefa6a) 
1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 // The sandbox2::Monitor class is responsible for tracking the processes, and
16 // displaying their current statuses (syscalls, states, violations).
17 
18 #ifndef SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_
19 #define SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_
20 
21 #include <sys/resource.h>
22 #include <sys/types.h>
23 
24 #include <cstdint>
25 #include <cstdio>
26 #include <memory>
27 #include <thread>
28 #include <string>
29 #include <vector>
30 
31 #include "absl/status/statusor.h"
32 #include "absl/synchronization/notification.h"
33 #include "absl/time/time.h"
34 #include "sandboxed_api/sandbox2/comms.h"
35 #include "sandboxed_api/sandbox2/executor.h"
36 #include "sandboxed_api/sandbox2/fork_client.h"
37 #include "sandboxed_api/sandbox2/forkserver.pb.h"
38 #include "sandboxed_api/sandbox2/ipc.h"
39 #include "sandboxed_api/sandbox2/network_proxy/server.h"
40 #include "sandboxed_api/sandbox2/notify.h"
41 #include "sandboxed_api/sandbox2/policy.h"
42 #include "sandboxed_api/sandbox2/regs.h"
43 #include "sandboxed_api/sandbox2/result.h"
44 #include "sandboxed_api/sandbox2/syscall.h"
45 
46 namespace sandbox2 {
47 
48 class MonitorBase {
49  public:
50   // executor, policy and notify are not owned by the Monitor
51   MonitorBase(Executor* executor, Policy* policy, Notify* notify);
52 
53   MonitorBase(const MonitorBase&) = delete;
54   MonitorBase& operator=(const MonitorBase&) = delete;
55 
56   virtual ~MonitorBase();
57 
58   // Starts the Monitor.
59   void Launch();
60 
61   // Getters for private fields.
IsDone()62   bool IsDone() const { return done_notification_.HasBeenNotified(); }
63 
64   // Enable network proxy server, this will start a thread in the sandbox
65   // that waits for connection requests from the sandboxee.
66   void EnableNetworkProxyServer();
67 
pid()68   pid_t pid() const { return process_.main_pid; }
69 
result()70   const Result& result() const { return result_; }
71 
72   absl::StatusOr<Result> AwaitResultWithTimeout(absl::Duration timeout);
73 
74   virtual void Kill() = 0;
75   virtual void DumpStackTrace() = 0;
76   virtual void SetWallTimeLimit(absl::Duration limit) = 0;
77 
78  protected:
79   void OnDone();
80   // Sets basic info status and reason code in the result object.
81   void SetExitStatusCode(Result::StatusEnum final_status,
82                          uintptr_t reason_code);
83   // Logs a SANDBOX VIOLATION message based on the registers and additional
84   // explanation for the reason of the violation.
85   void LogSyscallViolation(const Syscall& syscall) const;
86 
87   // Tells if collecting stack trace is at all possible.
88   bool StackTraceCollectionPossible() const;
89 
90   // Whether a stack trace should be collected given the current status
91   bool ShouldCollectStackTrace(Result::StatusEnum status) const;
92 
93   // Gets stack trace.
94   absl::StatusOr<std::vector<std::string>> GetStackTrace(const Regs* regs);
95 
96   // Gets and logs stack trace.
97   absl::StatusOr<std::vector<std::string>> GetAndLogStackTrace(
98       const Regs* regs);
99 
100   // Internal objects, owned by the Sandbox2 object.
101   Executor* executor_;
102   Notify* notify_;
103   Policy* policy_;
104   // The sandboxee process.
105   SandboxeeProcess process_;
106   Result result_;
107   // Comms channel ptr, copied from the Executor object for convenience.
108   Comms* comms_;
109   // Log file specified by
110   // --sandbox_danger_danger_permit_all_and_log flag.
111   FILE* log_file_ = nullptr;
112   // Handle to the class responsible for proxying and validating connect()
113   // requests.
114   std::unique_ptr<NetworkProxyServer> network_proxy_server_;
115   // Monitor type
116   MonitorType type_ = FORKSERVER_MONITOR_PTRACE;
117 
118  private:
119   // Sends Policy to the Client.
120   // Returns success/failure status.
121   bool InitSendPolicy();
122 
123   // Waits for the SandboxReady signal from the client.
124   // Returns success/failure status.
125   bool WaitForSandboxReady();
126 
127   // Sends information about data exchange channels.
128   bool InitSendIPC();
129 
130   // Sends information about the current working directory.
131   bool InitSendCwd();
132 
133   // Applies limits on the sandboxee.
134   bool InitApplyLimits();
135 
136   // Applies individual limit on the sandboxee.
137   bool InitApplyLimit(pid_t pid, int resource, const rlimit64& rlim) const;
138 
139   // Logs an additional explanation for the possible reason of the violation
140   // based on the registers.
141   void LogSyscallViolationExplanation(const Syscall& syscall) const;
142 
143   virtual void RunInternal() = 0;
144   virtual void Join() = 0;
145 
146   // IPC ptr, used for exchanging data with the sandboxee.
147   IPC* ipc_;
148 
149   // The field indicates whether the sandboxing task has been completed (either
150   // successfully or with error).
151   absl::Notification done_notification_;
152 
153   // Empty temp file used for mapping the comms fd when the Tomoyo LSM is
154   // active.
155   std::string comms_fd_dev_;
156 
157   std::thread network_proxy_thread_;
158 
159   // Is the sandboxee forked from a custom forkserver?
160   bool uses_custom_forkserver_;
161 };
162 
163 }  // namespace sandbox2
164 
165 #endif  // SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_
166