1*ec63e07aSXin Li // Copyright 2019 Google LLC 2*ec63e07aSXin Li // 3*ec63e07aSXin Li // Licensed under the Apache License, Version 2.0 (the "License"); 4*ec63e07aSXin Li // you may not use this file except in compliance with the License. 5*ec63e07aSXin Li // You may obtain a copy of the License at 6*ec63e07aSXin Li // 7*ec63e07aSXin Li // https://www.apache.org/licenses/LICENSE-2.0 8*ec63e07aSXin Li // 9*ec63e07aSXin Li // Unless required by applicable law or agreed to in writing, software 10*ec63e07aSXin Li // distributed under the License is distributed on an "AS IS" BASIS, 11*ec63e07aSXin Li // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*ec63e07aSXin Li // See the License for the specific language governing permissions and 13*ec63e07aSXin Li // limitations under the License. 14*ec63e07aSXin Li 15*ec63e07aSXin Li // The sandbox2::Sandbox object is the central object of the Sandbox2. 16*ec63e07aSXin Li // It handles sandboxed jobs. 17*ec63e07aSXin Li 18*ec63e07aSXin Li #ifndef SANDBOXED_API_SANDBOX2_SANDBOX2_H_ 19*ec63e07aSXin Li #define SANDBOXED_API_SANDBOX2_SANDBOX2_H_ 20*ec63e07aSXin Li 21*ec63e07aSXin Li #include <ctime> 22*ec63e07aSXin Li #include <memory> 23*ec63e07aSXin Li #include <utility> 24*ec63e07aSXin Li 25*ec63e07aSXin Li #include "absl/base/attributes.h" 26*ec63e07aSXin Li #include "absl/base/macros.h" 27*ec63e07aSXin Li #include "absl/log/check.h" 28*ec63e07aSXin Li #include "absl/status/status.h" 29*ec63e07aSXin Li #include "absl/status/statusor.h" 30*ec63e07aSXin Li #include "absl/time/time.h" 31*ec63e07aSXin Li #include "sandboxed_api/sandbox2/comms.h" 32*ec63e07aSXin Li #include "sandboxed_api/sandbox2/executor.h" 33*ec63e07aSXin Li #include "sandboxed_api/sandbox2/ipc.h" 34*ec63e07aSXin Li #include "sandboxed_api/sandbox2/monitor_base.h" 35*ec63e07aSXin Li #include "sandboxed_api/sandbox2/notify.h" 36*ec63e07aSXin Li #include "sandboxed_api/sandbox2/policy.h" 37*ec63e07aSXin Li #include "sandboxed_api/sandbox2/result.h" 38*ec63e07aSXin Li 39*ec63e07aSXin Li namespace sandbox2 { 40*ec63e07aSXin Li 41*ec63e07aSXin Li class Sandbox2 final { 42*ec63e07aSXin Li public: Sandbox2(std::unique_ptr<Executor> executor,std::unique_ptr<Policy> policy)43*ec63e07aSXin Li Sandbox2(std::unique_ptr<Executor> executor, std::unique_ptr<Policy> policy) 44*ec63e07aSXin Li : Sandbox2(std::move(executor), std::move(policy), /*notify=*/nullptr) {} 45*ec63e07aSXin Li Sandbox2(std::unique_ptr<Executor> executor,std::unique_ptr<Policy> policy,std::unique_ptr<Notify> notify)46*ec63e07aSXin Li Sandbox2(std::unique_ptr<Executor> executor, std::unique_ptr<Policy> policy, 47*ec63e07aSXin Li std::unique_ptr<Notify> notify) 48*ec63e07aSXin Li : executor_(std::move(executor)), 49*ec63e07aSXin Li policy_(std::move(policy)), 50*ec63e07aSXin Li notify_(std::move(notify)) { 51*ec63e07aSXin Li CHECK(executor_ != nullptr); 52*ec63e07aSXin Li CHECK(policy_ != nullptr); 53*ec63e07aSXin Li } 54*ec63e07aSXin Li 55*ec63e07aSXin Li Sandbox2(const Sandbox2&) = delete; 56*ec63e07aSXin Li Sandbox2& operator=(const Sandbox2&) = delete; 57*ec63e07aSXin Li 58*ec63e07aSXin Li // Runs the sandbox, blocking until there is a result. Run()59*ec63e07aSXin Li ABSL_MUST_USE_RESULT Result Run() { 60*ec63e07aSXin Li RunAsync(); 61*ec63e07aSXin Li return AwaitResult(); 62*ec63e07aSXin Li } 63*ec63e07aSXin Li 64*ec63e07aSXin Li // Runs asynchronously. The return value indicates whether the sandboxee 65*ec63e07aSXin Li // set-up process succeeded 66*ec63e07aSXin Li // Even if set-up fails AwaitResult can still used to get a more specific 67*ec63e07aSXin Li // failure reason. 68*ec63e07aSXin Li bool RunAsync(); 69*ec63e07aSXin Li // Waits for sandbox execution to finish and returns the execution result. 70*ec63e07aSXin Li ABSL_MUST_USE_RESULT Result AwaitResult(); 71*ec63e07aSXin Li 72*ec63e07aSXin Li // Waits for sandbox execution to finish within the timeout. 73*ec63e07aSXin Li // Returns execution result or a DeadlineExceededError if the sandboxee does 74*ec63e07aSXin Li // not finish in time. 75*ec63e07aSXin Li absl::StatusOr<Result> AwaitResultWithTimeout(absl::Duration timeout); 76*ec63e07aSXin Li 77*ec63e07aSXin Li // Requests termination of the sandboxee. 78*ec63e07aSXin Li // Sandbox should still waited with AwaitResult(), as it may finish for other 79*ec63e07aSXin Li // reason before the request is handled. 80*ec63e07aSXin Li void Kill(); 81*ec63e07aSXin Li 82*ec63e07aSXin Li // Dumps the main sandboxed process's stack trace to log. 83*ec63e07aSXin Li void DumpStackTrace(); 84*ec63e07aSXin Li 85*ec63e07aSXin Li // Returns whether sandboxing task has ended. 86*ec63e07aSXin Li bool IsTerminated() const; 87*ec63e07aSXin Li 88*ec63e07aSXin Li // Sets a wall time limit on a running sandboxee, 0 to disarm. 89*ec63e07aSXin Li // Limit is a timeout duration (e.g. 10 secs) not a deadline (e.g. 12:00). 90*ec63e07aSXin Li // This can be useful in a persistent sandbox scenario, to impose a deadline 91*ec63e07aSXin Li // for responses after each request and reset the deadline in between. 92*ec63e07aSXin Li // Sandboxed API can be used to implement persistent sandboxes. 93*ec63e07aSXin Li ABSL_DEPRECATED("Use set_walltime_limit() instead") SetWallTimeLimit(time_t limit)94*ec63e07aSXin Li void SetWallTimeLimit(time_t limit) const { 95*ec63e07aSXin Li this->set_walltime_limit(absl::Seconds(limit)); 96*ec63e07aSXin Li } 97*ec63e07aSXin Li 98*ec63e07aSXin Li // Sets a wall time limit on a running sandboxee, absl::ZeroDuration() to 99*ec63e07aSXin Li // disarm. This can be useful in a persistent sandbox scenario, to impose a 100*ec63e07aSXin Li // deadline for responses after each request and reset the deadline in 101*ec63e07aSXin Li // between. Sandboxed API can be used to implement persistent sandboxes. 102*ec63e07aSXin Li void set_walltime_limit(absl::Duration limit) const; 103*ec63e07aSXin Li 104*ec63e07aSXin Li // Returns the process id inside the executor. pid()105*ec63e07aSXin Li pid_t pid() const { return monitor_ != nullptr ? monitor_->pid() : -1; } 106*ec63e07aSXin Li 107*ec63e07aSXin Li // Gets the comms inside the executor. comms()108*ec63e07aSXin Li Comms* comms() { 109*ec63e07aSXin Li return executor_ != nullptr ? executor_->ipc()->comms() : nullptr; 110*ec63e07aSXin Li } 111*ec63e07aSXin Li 112*ec63e07aSXin Li absl::Status EnableUnotifyMonitor(); 113*ec63e07aSXin Li 114*ec63e07aSXin Li private: 115*ec63e07aSXin Li // Launches the Monitor. 116*ec63e07aSXin Li void Launch(); 117*ec63e07aSXin Li 118*ec63e07aSXin Li std::unique_ptr<MonitorBase> CreateMonitor(); 119*ec63e07aSXin Li 120*ec63e07aSXin Li // Executor set by user - owned by Sandbox2. 121*ec63e07aSXin Li std::unique_ptr<Executor> executor_; 122*ec63e07aSXin Li 123*ec63e07aSXin Li // Seccomp policy set by the user - owned by Sandbox2. 124*ec63e07aSXin Li std::unique_ptr<Policy> policy_; 125*ec63e07aSXin Li 126*ec63e07aSXin Li // Notify object - owned by Sandbox2. 127*ec63e07aSXin Li std::unique_ptr<Notify> notify_; 128*ec63e07aSXin Li 129*ec63e07aSXin Li // Monitor object - owned by Sandbox2. 130*ec63e07aSXin Li std::unique_ptr<MonitorBase> monitor_; 131*ec63e07aSXin Li 132*ec63e07aSXin Li bool use_unotify_monitor_ = false; 133*ec63e07aSXin Li }; 134*ec63e07aSXin Li 135*ec63e07aSXin Li } // namespace sandbox2 136*ec63e07aSXin Li 137*ec63e07aSXin Li #endif // SANDBOXED_API_SANDBOX2_SANDBOX2_H_ 138