├── .bazelci └── presubmit.yml ├── .bazelignore ├── .bazelrc ├── .clang-format ├── .github └── workflows │ ├── fedora-cmake.yml │ ├── generator-tool.yml │ ├── ubuntu-cmake-contrib.yml │ └── ubuntu-cmake.yml ├── .gitignore ├── .gitmodules ├── CMakeLists.txt ├── CONTRIBUTING.md ├── LICENSE ├── MODULE.bazel ├── MODULE.bazel.lock ├── README.md ├── WORKSPACE.bzlmod ├── cmake ├── SapiBuildDefs.cmake ├── SapiDeps.cmake ├── SapiFetchContent.cmake ├── SapiOptions.cmake ├── SapiUtil.cmake ├── abseil-cpp.cmake ├── benchmark.cmake ├── googletest.cmake ├── libcap.cmake ├── libcap_capability.h.in ├── libffi.cmake ├── libunwind.cmake ├── modules │ ├── FindLibcap.cmake │ └── FindLibffi.cmake ├── protobuf.cmake ├── sandbox2.pc.in ├── sapi.pc.in ├── sapi_force_cxx_linkage.cc.in └── zlib.cmake ├── contrib ├── CMakeLists.txt ├── README.md ├── brotli │ ├── CMakeLists.txt │ ├── brotli.gen.h.in │ ├── example │ │ ├── CMakeLists.txt │ │ └── main.cc │ ├── files │ │ ├── text │ │ ├── text.chunk.brotli │ │ └── text.full.brotli │ ├── sandboxed.h │ ├── test │ │ ├── CMakeLists.txt │ │ └── brotli_test.cc │ └── utils │ │ ├── utils_brotli.cc │ │ ├── utils_brotli.h │ │ ├── utils_brotli_dec.cc │ │ ├── utils_brotli_dec.h │ │ ├── utils_brotli_enc.cc │ │ └── utils_brotli_enc.h ├── c-blosc │ ├── CMakeLists.txt │ ├── example │ │ ├── CMakeLists.txt │ │ └── main.cc │ ├── files │ │ ├── text │ │ ├── text.blosclz │ │ ├── text.lz4 │ │ ├── text.lz4hc │ │ ├── text.zlib │ │ └── text.zstd │ ├── sandboxed.h │ ├── test │ │ ├── CMakeLists.txt │ │ └── test_blosc.cc │ └── utils │ │ ├── utils_blosc.cc │ │ └── utils_blosc.h ├── hunspell │ ├── CMakeLists.txt │ ├── example │ │ ├── CMakeLists.txt │ │ └── main.cc │ ├── files │ │ ├── utf8.aff │ │ ├── utf8.dic │ │ ├── utf8.good │ │ └── utf8.wrong │ ├── sandboxed.h │ └── test │ │ ├── CMakeLists.txt │ │ └── hunspell_test.cc ├── jsonnet │ ├── CMakeLists.txt │ ├── README.md │ ├── examples │ │ ├── CMakeLists.txt │ │ ├── jsonnet_base_example.cc │ │ ├── jsonnet_base_transaction.cc │ │ ├── jsonnet_codes │ │ │ ├── arith.jsonnet │ │ │ ├── formatter_example.jsonnet │ │ │ ├── imports.jsonnet │ │ │ ├── multiple_files_example.jsonnet │ │ │ ├── negroni.jsonnet │ │ │ ├── utils.libsonnet │ │ │ └── yaml_stream_example.jsonnet │ │ ├── jsonnet_codes_expected_output │ │ │ ├── arith.golden │ │ │ ├── first_file.json │ │ │ ├── negroni.golden │ │ │ ├── second_file.json │ │ │ └── yaml_stream_example.yaml │ │ ├── jsonnet_formatter_example.cc │ │ ├── jsonnet_multiple_files_example.cc │ │ └── jsonnet_yaml_stream_example.cc │ ├── jsonnet.patch │ ├── jsonnet_base_sandbox.h │ ├── jsonnet_base_transaction.h │ ├── jsonnet_helper.cc │ ├── jsonnet_helper.h │ └── jsonnet_tests.cc ├── libidn2 │ ├── CMakeLists.txt │ ├── libidn2_sapi.cc │ ├── libidn2_sapi.h │ └── tests │ │ ├── CMakeLists.txt │ │ └── libidn2_sapi_test.cc ├── libraw │ ├── CMakeLists.txt │ ├── example │ │ ├── CMakeLists.txt │ │ └── main.cc │ ├── files │ │ └── img.raw │ ├── raw.gen.h.in │ ├── sandboxed.h │ ├── test │ │ ├── CMakeLists.txt │ │ └── libraw_test.cc │ └── utils │ │ ├── utils_libraw.cc │ │ └── utils_libraw.h ├── libtiff │ ├── CMakeLists.txt │ ├── README.md │ ├── example │ │ ├── CMakeLists.txt │ │ └── main_sandboxed.cc │ ├── sandboxed.h │ ├── test │ │ ├── CMakeLists.txt │ │ ├── check_tag.cc │ │ ├── check_tag.h │ │ ├── defer_strile_writing.cc │ │ ├── helper.cc │ │ ├── helper.h │ │ ├── images │ │ │ └── quad-tile.jpg.tiff │ │ ├── long_tag.cc │ │ ├── raw_decode.cc │ │ └── short_tag.cc │ └── wrapper │ │ ├── CMakeLists.txt │ │ ├── func.cc │ │ └── func.h ├── libxls │ ├── CMakeLists.txt │ ├── README.md │ ├── example │ │ ├── CMakeLists.txt │ │ └── main.cc │ ├── files │ │ ├── t1.xls │ │ ├── t2.xls │ │ └── t3.xls │ ├── sandboxed.h │ ├── test │ │ ├── CMakeLists.txt │ │ └── libxls_test.cc │ ├── utils │ │ ├── utils_libxls.cc │ │ └── utils_libxls.h │ └── xls.gen.h.in ├── libzip │ ├── CMakeLists.txt │ ├── example │ │ ├── CMakeLists.txt │ │ └── main.cc │ ├── files │ │ ├── binary │ │ ├── notinzip │ │ ├── text │ │ └── zip.zip │ ├── sandboxed.h │ ├── test │ │ ├── CMakeLists.txt │ │ └── test_zip.cc │ ├── utils │ │ ├── utils_zip.cc │ │ └── utils_zip.h │ └── wrapper │ │ ├── CMakeLists.txt │ │ ├── wrapper_zip.cc │ │ └── wrapper_zip.h ├── lodepng │ ├── CMakeLists.txt │ ├── README.md │ ├── examples │ │ ├── CMakeLists.txt │ │ ├── helpers.cc │ │ ├── helpers.h │ │ ├── main_sandboxed.cc │ │ ├── main_unit_test.cc │ │ ├── main_unsandboxed.cc │ │ └── sandbox.h │ └── lodepng.gen.h.in ├── pffft │ ├── CMakeLists.txt │ ├── README.md │ └── main_pffft_sandboxed.cc ├── turbojpeg │ ├── CMakeLists.txt │ ├── tests │ │ ├── CMakeLists.txt │ │ ├── sample.jpeg │ │ ├── sample.rgb │ │ └── turbojpeg_sapi_test.cc │ └── turbojpeg_sapi.h ├── uriparser │ ├── CMakeLists.txt │ ├── example │ │ ├── CMakeLists.txt │ │ └── main.cc │ ├── sandboxed.h │ ├── test │ │ ├── CMakeLists.txt │ │ └── test_uriparser.cc │ ├── uri.gen.h.in │ └── utils │ │ ├── utils_uriparser.cc │ │ └── utils_uriparser.h ├── woff2 │ ├── CMakeLists.txt │ ├── testdata │ │ ├── Roboto-Regular.ttf │ │ └── Roboto-Regular.woff2 │ ├── woff2_sapi.h │ ├── woff2_sapi_test.cc │ ├── woff2_wrapper.cc │ └── woff2_wrapper.h ├── zopfli │ ├── CMakeLists.txt │ ├── example │ │ ├── CMakeLists.txt │ │ └── main.cc │ ├── files │ │ ├── binary │ │ └── text │ ├── sandboxed.h │ ├── test │ │ ├── CMakeLists.txt │ │ └── zopfli_test.cc │ ├── utils │ │ ├── utils_zopfli.cc │ │ └── utils_zopfli.h │ └── wrapper │ │ ├── CMakeLists.txt │ │ ├── wrapper_zopfli.cc │ │ └── wrapper_zopfli.h └── zstd │ ├── CMakeLists.txt │ ├── example │ ├── CMakeLists.txt │ └── main.cc │ ├── files │ ├── text │ ├── text.blob.zstd │ └── text.stream.zstd │ ├── sandboxed.h │ ├── test │ ├── CMakeLists.txt │ └── zstd_test.cc │ ├── utils │ ├── utils_zstd.cc │ └── utils_zstd.h │ └── wrapper │ ├── CMakeLists.txt │ ├── wrapper_zstd.cc │ └── wrapper_zstd.h ├── oss-internship-2020 ├── README.md ├── curl │ ├── .gitignore │ ├── CMakeLists.txt │ ├── README.md │ ├── callbacks │ │ ├── callbacks.cc │ │ └── callbacks.h │ ├── curl_util.cc │ ├── curl_util.h │ ├── curl_wrapper │ │ ├── CMakeLists.txt │ │ ├── curl_wrapper.cc │ │ └── curl_wrapper.h │ ├── examples │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ ├── example1.cc │ │ ├── example2.cc │ │ ├── example3.cc │ │ ├── example4.cc │ │ ├── example5.cc │ │ └── example6.cc │ ├── sandbox.h │ └── tests │ │ ├── CMakeLists.txt │ │ ├── test_utils.cc │ │ ├── test_utils.h │ │ └── tests.cc ├── gdal │ ├── CANYrelief1-geo.tif │ ├── CMakeLists.txt │ ├── README.md │ ├── raster.cc │ └── raster_to_gtiff │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ ├── gdal_sandbox.h │ │ ├── get_raster_data.cc │ │ ├── get_raster_data.h │ │ ├── gtiff_converter.cc │ │ ├── gtiff_converter.h │ │ ├── raster_to_gtiff.cc │ │ ├── testdata │ │ ├── SP27GTIF.tif │ │ └── cea.tif │ │ ├── tests.cc │ │ ├── utils.cc │ │ └── utils.h ├── guetzli │ ├── .bazelrc │ ├── BUILD.bazel │ ├── README.md │ ├── WORKSPACE.bazel │ ├── external │ │ ├── butteraugli.BUILD │ │ ├── guetzli.BUILD │ │ ├── jpeg.BUILD │ │ ├── png.BUILD │ │ └── zlib.BUILD │ ├── guetzli_entry_points.cc │ ├── guetzli_entry_points.h │ ├── guetzli_sandbox.h │ ├── guetzli_sandboxed.cc │ ├── guetzli_sapi_test.cc │ ├── guetzli_transaction.cc │ ├── guetzli_transaction.h │ ├── guetzli_transaction_test.cc │ └── testdata │ │ ├── bees.png │ │ ├── bees_reference.jpg │ │ ├── nature.jpg │ │ └── nature_reference.jpg ├── libarchive │ ├── .gitignore │ ├── CMakeLists.txt │ ├── README.md │ ├── examples │ │ ├── CMakeLists.txt │ │ ├── sandbox.h │ │ ├── sapi_minitar.cc │ │ ├── sapi_minitar.h │ │ └── sapi_minitar_main.cc │ ├── functions_to_sandbox.txt │ ├── ld_preload_example │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ ├── minitar.cc │ │ ├── minitar.h │ │ ├── minitar_main.cc │ │ └── sapi_minitar.cc │ ├── patches │ │ ├── archive_virtual.patch │ │ └── header.patch │ └── test │ │ ├── CMakeLists.txt │ │ └── minitar_test.cc ├── libpng │ ├── CMakeLists.txt │ ├── README.md │ ├── examples │ │ ├── CMakeLists.txt │ │ ├── example1.cc │ │ └── example2.cc │ ├── images │ │ ├── pngtest.png │ │ ├── pngtopng_pngtest.png │ │ ├── red_ball.png │ │ ├── rgbtobgr_red_ball.png │ │ └── test_output.png │ ├── sandboxed.h │ ├── tests │ │ ├── CMakeLists.txt │ │ ├── basic_test.cc │ │ ├── extended_test.cc │ │ ├── helper.cc │ │ ├── helper.h │ │ └── libpng.h │ └── wrapper │ │ ├── CMakeLists.txt │ │ ├── func.cc │ │ └── func.h ├── libuv │ ├── .gitignore │ ├── CMakeLists.txt │ ├── README.md │ ├── callbacks │ │ ├── callbacks.cc │ │ └── callbacks.h │ ├── examples │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ ├── helloworld.cc │ │ ├── idle-basic.cc │ │ └── uvcat.cc │ ├── generator │ │ └── wrapper_generator.py │ └── tests │ │ ├── CMakeLists.txt │ │ ├── test_array.cc │ │ ├── test_callback.cc │ │ ├── test_error.cc │ │ ├── test_loop.cc │ │ └── test_os.cc └── openjpeg │ ├── .gitignore │ ├── CMakeLists.txt │ ├── README.md │ └── examples │ ├── CMakeLists.txt │ ├── convert.patch │ ├── convert_h.patch │ └── decompress_example.cc └── sandboxed_api ├── BUILD ├── CMakeLists.txt ├── bazel ├── BUILD ├── build_defs.bzl ├── embed_data.bzl ├── external │ ├── libcap.BUILD │ ├── libffi.BUILD │ ├── libunwind.BUILD │ ├── zlib.BUILD │ └── zlib.patch ├── llvm_config.bzl ├── proto.bzl ├── repositories.bzl └── sapi.bzl ├── call.h ├── client.cc ├── config.cc ├── config.h ├── docs ├── getting-started.md └── images │ └── sapi-lockup-vertical.png ├── embed_file.cc ├── embed_file.h ├── embed_file_test.cc ├── examples ├── CMakeLists.txt ├── hello_sapi │ ├── .bazelrc │ ├── BUILD │ ├── CMakeLists.txt │ ├── WORKSPACE │ ├── hello_lib.cc │ ├── hello_main.cc │ └── hello_transacted.cc ├── stringop │ ├── BUILD │ ├── CMakeLists.txt │ ├── main_stringop.cc │ ├── stringop.cc │ └── stringop_params.proto ├── sum │ ├── BUILD │ ├── CMakeLists.txt │ ├── main_sum.cc │ ├── main_sum_test.sh │ ├── sum.c │ ├── sum_cpp.cc │ └── sum_params.proto └── zlib │ ├── BUILD │ ├── CMakeLists.txt │ ├── main_zlib.cc │ └── main_zlib_test.sh ├── file_toc.h ├── lenval_core.h ├── rpcchannel.cc ├── rpcchannel.h ├── sandbox.cc ├── sandbox.h ├── sandbox2 ├── BUILD ├── CMakeLists.txt ├── README.md ├── allow_all_syscalls.h ├── allow_map_exec.h ├── allow_seccomp_speculation.h ├── allow_unrestricted_networking.h ├── allowlists │ ├── BUILD │ ├── CMakeLists.txt │ ├── all_syscalls.h │ ├── map_exec.h │ ├── namespaces.h │ ├── seccomp_speculation.h │ ├── trace_all_syscalls.h │ └── unrestricted_networking.h ├── bpf_evaluator.cc ├── bpf_evaluator.h ├── bpf_evaluator_test.cc ├── bpfdisassembler.cc ├── bpfdisassembler.h ├── bpfdisassembler_test.cc ├── buffer.cc ├── buffer.h ├── buffer_test.cc ├── client.cc ├── client.h ├── comms.cc ├── comms.h ├── comms_test.cc ├── comms_test.proto ├── examples │ ├── CMakeLists.txt │ ├── crc4 │ │ ├── BUILD │ │ ├── CMakeLists.txt │ │ ├── crc4bin.cc │ │ ├── crc4sandbox.cc │ │ └── crc4sandbox_test.cc │ ├── custom_fork │ │ ├── BUILD │ │ ├── CMakeLists.txt │ │ ├── custom_fork_bin.cc │ │ ├── custom_fork_sandbox.cc │ │ └── custom_fork_sandbox_test.sh │ ├── network │ │ ├── BUILD │ │ ├── CMakeLists.txt │ │ ├── network_bin.cc │ │ ├── network_sandbox.cc │ │ └── network_sandbox_test.sh │ ├── network_proxy │ │ ├── BUILD │ │ ├── CMakeLists.txt │ │ ├── networkproxy_bin.cc │ │ ├── networkproxy_sandbox.cc │ │ └── networkproxy_sandbox_test.sh │ ├── static │ │ ├── BUILD │ │ ├── CMakeLists.txt │ │ ├── static_bin.cc │ │ ├── static_sandbox.cc │ │ └── static_sandbox_test.sh │ ├── tool │ │ ├── BUILD │ │ ├── CMakeLists.txt │ │ ├── sandbox2tool.cc │ │ └── sandbox2tool_test.sh │ └── zlib │ │ ├── BUILD │ │ ├── CMakeLists.txt │ │ ├── zpipe.c │ │ └── zpipe_sandbox.cc ├── executor.cc ├── executor.h ├── fork_client.cc ├── fork_client.h ├── forkingclient.cc ├── forkingclient.h ├── forkserver.cc ├── forkserver.h ├── forkserver.proto ├── forkserver_bin.cc ├── forkserver_test.cc ├── global_forkclient.cc ├── global_forkclient.h ├── global_forkclient_lib_ctor.cc ├── ipc.cc ├── ipc.h ├── ipc_test.cc ├── limits.h ├── limits_test.cc ├── logserver.cc ├── logserver.h ├── logserver.proto ├── logsink.cc ├── logsink.h ├── monitor_base.cc ├── monitor_base.h ├── monitor_ptrace.cc ├── monitor_ptrace.h ├── monitor_unotify.cc ├── monitor_unotify.h ├── mount_tree.proto ├── mounts.cc ├── mounts.h ├── mounts_test.cc ├── namespace.cc ├── namespace.h ├── namespace_test.cc ├── network_proxy │ ├── BUILD │ ├── CMakeLists.txt │ ├── client.cc │ ├── client.h │ ├── filtering.cc │ ├── filtering.h │ ├── filtering_test.cc │ ├── server.cc │ ├── server.h │ ├── testing.cc │ └── testing.h ├── network_proxy_test.cc ├── notify.h ├── notify_test.cc ├── policy.cc ├── policy.h ├── policy_test.cc ├── policybuilder.cc ├── policybuilder.h ├── policybuilder_test.cc ├── regs.cc ├── regs.h ├── regs_test.cc ├── result.cc ├── result.h ├── sandbox2.cc ├── sandbox2.h ├── sandbox2_test.cc ├── sanitizer.cc ├── sanitizer.h ├── sanitizer_test.cc ├── stack_trace.cc ├── stack_trace.h ├── stack_trace_test.cc ├── syscall.cc ├── syscall.h ├── syscall_defs.cc ├── syscall_defs.h ├── syscall_test.cc ├── testcases │ ├── BUILD │ ├── CMakeLists.txt │ ├── abort.cc │ ├── add_policy_on_syscalls.cc │ ├── buffer.cc │ ├── close_fds.cc │ ├── custom_fork.cc │ ├── execveat.cc │ ├── ipc.cc │ ├── limits.cc │ ├── malloc.cc │ ├── minimal.cc │ ├── namespace.cc │ ├── network_proxy.cc │ ├── personality.cc │ ├── pidcomms.cc │ ├── policy.cc │ ├── posix_timers.cc │ ├── sandbox_detection.cc │ ├── sanitizer.cc │ ├── sleep.cc │ ├── starve.cc │ ├── symbolize.cc │ ├── symbolize_lib.cc │ ├── symbolize_lib.h │ ├── tsync.cc │ └── util_communicate.cc ├── testing.h ├── trace_all_syscalls.h ├── unwind │ ├── BUILD │ ├── CMakeLists.txt │ ├── ptrace_hook.cc │ ├── ptrace_hook.h │ ├── unwind.cc │ ├── unwind.h │ └── unwind.proto ├── util.cc ├── util.h ├── util │ ├── BUILD │ ├── CMakeLists.txt │ ├── bpf_helper.c │ ├── bpf_helper.h │ ├── bpf_helper_test.cc │ ├── deadline_manager.cc │ ├── deadline_manager.h │ ├── deadline_manager_test.cc │ ├── elf_parser.cc │ ├── elf_parser.h │ ├── library_resolver.cc │ ├── library_resolver.h │ ├── maps_parser.cc │ ├── maps_parser.h │ ├── maps_parser_test.cc │ ├── minielf.cc │ ├── minielf.h │ ├── minielf_test.cc │ ├── pid_waiter.cc │ ├── pid_waiter.h │ ├── pid_waiter_test.cc │ ├── seccomp_unotify.cc │ ├── seccomp_unotify.h │ ├── seccomp_unotify_test.cc │ ├── syscall_trap.cc │ ├── syscall_trap.h │ └── testdata │ │ ├── chrome_grte_header │ │ └── hello_world ├── util_c.cc ├── util_c.h └── util_test.cc ├── sapi_test.cc ├── testing.cc ├── testing.h ├── tools ├── clang_generator │ ├── BUILD │ ├── CMakeLists.txt │ ├── compilation_database.cc │ ├── compilation_database.h │ ├── diagnostics.cc │ ├── diagnostics.h │ ├── emitter.cc │ ├── emitter.h │ ├── emitter_base.cc │ ├── emitter_base.h │ ├── emitter_test.cc │ ├── frontend_action_test_util.cc │ ├── frontend_action_test_util.h │ ├── generator.cc │ ├── generator.h │ ├── generator_tool.cc │ ├── includes.h │ ├── testdata │ │ └── simple_functions.cc │ ├── types.cc │ └── types.h ├── filewrapper │ ├── BUILD │ ├── CMakeLists.txt │ ├── filewrapper.cc │ ├── filewrapper_test.cc │ └── testdata │ │ └── filewrapper_embedded.bin └── python_generator │ ├── BUILD │ ├── build_test.sh │ ├── code.py │ ├── code_test.py │ ├── code_test_util.py │ ├── sapi_generator.py │ └── testdata │ ├── main.cc │ ├── tests.cc │ ├── tests.h │ └── tests2.cc ├── transaction.cc ├── transaction.h ├── util ├── BUILD ├── CMakeLists.txt ├── file_helpers.cc ├── file_helpers.h ├── file_helpers_test.cc ├── fileops.cc ├── fileops.h ├── fileops_test.cc ├── path.cc ├── path.h ├── path_test.cc ├── proto_arg.proto ├── proto_helper.cc ├── proto_helper.h ├── raw_logging.cc ├── raw_logging.h ├── runfiles.h ├── runfiles_bazel.cc ├── runfiles_nobazel.cc ├── status.cc ├── status.h ├── status.proto ├── status_macros.h ├── status_macros_test.cc ├── status_test.cc ├── strerror.cc ├── strerror.h ├── strerror_test.cc ├── temp_file.cc ├── temp_file.h ├── temp_file_test.cc └── thread.h ├── var_abstract.cc ├── var_abstract.h ├── var_array.h ├── var_int.cc ├── var_int.h ├── var_lenval.cc ├── var_lenval.h ├── var_proto.h ├── var_ptr.h ├── var_reg.h ├── var_struct.h ├── var_type.h ├── var_void.h └── vars.h /.bazelci/presubmit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | tasks: 3 | debian12: 4 | shell_commands: 5 | - "sudo apt -y update && sudo apt -y install llvm-19-dev libclang-19-dev libncurses-dev python3-clang-19" 6 | build_targets: 7 | - "..." 8 | -------------------------------------------------------------------------------- /.bazelignore: -------------------------------------------------------------------------------- 1 | # Using CMake or own WORKSPACE 2 | oss-internship-2020 3 | # Uses its own WORKSPACE 4 | sandboxed_api/examples/hello_sapi 5 | -------------------------------------------------------------------------------- /.bazelrc: -------------------------------------------------------------------------------- 1 | # Enable Bazel modules 2 | common --enable_bzlmod 3 | 4 | # Build in C++17 mode without a custom CROSSTOOL 5 | build --cxxopt=-std=c++17 --host_cxxopt=-std=c++17 6 | -------------------------------------------------------------------------------- /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | BasedOnStyle: Google 4 | DerivePointerAlignment: false 5 | PointerAlignment: Left 6 | ... 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # macOS Finder metadata 2 | .DS_Store 3 | # Build files 4 | bazel-* 5 | # Local CMake build dir 6 | build/ 7 | # Editor backup files 8 | *.swp 9 | *~ 10 | # Compiled Python files and cache 11 | *.py[co] 12 | __py_cache__/ 13 | # IDE files 14 | .cache/ 15 | .clangd/ 16 | .idea/ 17 | .vscode/ 18 | compile_commands.json 19 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "oss-internship-2020/sapi_lodepng/lodepng"] 2 | path = oss-internship-2020/lodepng/lodepng 3 | url = https://github.com/lvandeve/lodepng 4 | [submodule "oss-internship-2020/openjpeg/openjpeg"] 5 | path = oss-internship-2020/openjpeg/openjpeg 6 | url = https://github.com/uclouvain/openjpeg.git 7 | [submodule "oss-internship-2020/gdal/gdal"] 8 | path = oss-internship-2020/gdal/gdal 9 | url = https://github.com/OSGeo/gdal/ 10 | [submodule "oss-internship-2020/curl/curl_wrapper/curl"] 11 | path = oss-internship-2020/curl/curl_wrapper/curl 12 | url = https://github.com/curl/curl 13 | [submodule "oss-internship-2020/libuv/libuv"] 14 | path = oss-internship-2020/libuv/libuv 15 | url = https://github.com/libuv/libuv.git 16 | [submodule "oss-internship-2020/libtiff/wrapper/libtiff"] 17 | path = oss-internship-2020/libtiff/wrapper/libtiff 18 | url = https://gitlab.com/libtiff/libtiff 19 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Want to contribute? Great! First, read this page (including the small print at the end). 2 | 3 | ### Before you contribute 4 | Before we can use your code, you must sign the 5 | [Google Individual Contributor License Agreement](https://cla.developers.google.com/about/google-individual) 6 | (CLA), which you can do online. The CLA is necessary mainly because you own the 7 | copyright to your changes, even after your contribution becomes part of our 8 | codebase, so we need your permission to use and distribute your code. We also 9 | need to be sure of various other things—for instance that you'll tell us if you 10 | know that your code infringes on other people's patents. You don't have to sign 11 | the CLA until after you've submitted your code for review and a member has 12 | approved it, but you must do it before we can put your code into our codebase. 13 | Before you start working on a larger contribution, you should get in touch with 14 | us first through the issue tracker with your idea so that we can help out and 15 | possibly guide you. Coordinating up front makes it much easier to avoid 16 | frustration later on. 17 | 18 | ### Code reviews 19 | All submissions, including submissions by project members, require review. We 20 | use Github pull requests for this purpose. 21 | 22 | ### The small print 23 | Contributions made by corporations are covered by a different agreement than 24 | the one above, the 25 | [Software Grant and Corporate Contributor License Agreement](https://cla.developers.google.com/about/google-corporate). 26 | -------------------------------------------------------------------------------- /WORKSPACE.bzlmod: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # This file marks the root of the Bazel workspace. 16 | # See MODULE.bazel for external dependencies setup. 17 | -------------------------------------------------------------------------------- /cmake/SapiFetchContent.cmake: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(FetchContent) 16 | 17 | if(CMAKE_VERSION VERSION_LESS 3.14) 18 | # Simple implementation for CMake 3.13, which is missing this. 19 | macro(FetchContent_MakeAvailable) 20 | foreach(content_name IN ITEMS ${ARGV}) 21 | string(TOLOWER ${content_name} content_name_lower) 22 | FetchContent_GetProperties(${content_name}) 23 | if(NOT ${content_name_lower}_POPULATED) 24 | FetchContent_Populate(${content_name}) 25 | if(EXISTS ${${content_name_lower}_SOURCE_DIR}/CMakeLists.txt) 26 | add_subdirectory(${${content_name_lower}_SOURCE_DIR} 27 | ${${content_name_lower}_BINARY_DIR}) 28 | endif() 29 | endif() 30 | endforeach() 31 | endmacro() 32 | endif() 33 | -------------------------------------------------------------------------------- /cmake/abseil-cpp.cmake: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FetchContent_Declare(absl 16 | URL https://github.com/abseil/abseil-cpp/archive/e4c43850ad008b362b53622cb3c88fd915d8f714.zip # 2025-05-23 17 | URL_HASH SHA256=00d20e61e2d5dfe86dee88d70897fcdbe593696dfc8ac162873b5fce718557ae 18 | ) 19 | set(ABSL_CXX_STANDARD ${SAPI_CXX_STANDARD} CACHE STRING "" FORCE) 20 | set(ABSL_PROPAGATE_CXX_STD ON CACHE BOOL "" FORCE) 21 | set(ABSL_RUN_TESTS OFF CACHE BOOL "" FORCE) 22 | set(ABSL_BUILD_TEST_HELPERS ON CACHE BOOL "" FORCE) 23 | set(ABSL_USE_EXTERNAL_GOOGLETEST ON) 24 | set(ABSL_FIND_GOOGLETEST OFF) 25 | set(ABSL_USE_GOOGLETEST_HEAD OFF CACHE BOOL "" FORCE) 26 | 27 | FetchContent_MakeAvailable(absl) 28 | -------------------------------------------------------------------------------- /cmake/benchmark.cmake: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FetchContent_Declare(benchmark 16 | URL https://github.com/google/benchmark/archive/604f6fd3f4b34a84ec4eb4db81d842fa4db829cd.zip # 2023-05-30 17 | URL_HASH SHA256=342705876335bf894147e052d0dac141fe15962034b41bef5aa59c4b279ca89c 18 | ) 19 | set(BENCHMARK_ENABLE_TESTING OFF) 20 | set(BENCHMARK_ENABLE_EXCEPTIONS OFF) 21 | set(BENCHMARK_ENABLE_GTEST_TESTS OFF) 22 | FetchContent_MakeAvailable(benchmark) 23 | -------------------------------------------------------------------------------- /cmake/googletest.cmake: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FetchContent_Declare(googletest 16 | URL https://github.com/google/googletest/archive/334704df263b480a3e9e7441ed3292a5e30a37ec.zip # 2023-06-06 17 | URL_HASH SHA256=a217118c2c36a3632b594af7ff98111a65bb2b980b726a7fa62305e02a998440 18 | ) 19 | FetchContent_MakeAvailable(googletest) 20 | -------------------------------------------------------------------------------- /cmake/libcap_capability.h.in: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_CMAKE_LIBCAP_CAPABILITY_H_ 16 | #define SANDBOXED_API_CMAKE_LIBCAP_CAPABILITY_H_ 17 | 18 | // Forward include to location found by find_package() 19 | #include "@libcap_INCLUDE_DIR@/sys/capability.h" 20 | 21 | #endif // SANDBOXED_API_CMAKE_LIBCAP_CAPABILITY_H_ 22 | -------------------------------------------------------------------------------- /cmake/modules/FindLibcap.cmake: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # On Debian, install libcap-dev to use this module. 16 | 17 | find_path(libcap_INCLUDE_DIR sys/capability.h) 18 | # Look for static library only. 19 | find_library(libcap_LIBRARY cap) 20 | mark_as_advanced(libcap_INCLUDE_DIR libcap_LIBRARY) 21 | 22 | include(FindPackageHandleStandardArgs) 23 | find_package_handle_standard_args(libcap 24 | REQUIRED_VARS libcap_LIBRARY libcap_INCLUDE_DIR 25 | ) 26 | 27 | if(libcap_FOUND AND NOT TARGET libcap::libcap) 28 | add_library(libcap::libcap UNKNOWN IMPORTED) 29 | set_target_properties(libcap::libcap PROPERTIES 30 | IMPORTED_LINK_INTERFACE_LANGUAGES "C" 31 | IMPORTED_LOCATION "${libcap_LIBRARY}" 32 | INTERFACE_INCLUDE_DIRECTORIES "${libcap_INCLUDE_DIR}" 33 | ) 34 | endif() 35 | -------------------------------------------------------------------------------- /cmake/modules/FindLibffi.cmake: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # On Debian, install libffi-dev to use this module. 16 | 17 | find_path(libffi_INCLUDE_DIR ffitarget.h) 18 | # Look for static library only. 19 | find_library(libffi_LIBRARY ffi) 20 | mark_as_advanced(libffi_INCLUDE_DIR libffi_LIBRARY) 21 | 22 | include(FindPackageHandleStandardArgs) 23 | find_package_handle_standard_args(libffi 24 | REQUIRED_VARS libffi_LIBRARY libffi_INCLUDE_DIR 25 | ) 26 | 27 | if(libffi_FOUND AND NOT TARGET libffi::libffi) 28 | add_library(libffi::libffi UNKNOWN IMPORTED) 29 | set_target_properties(libffi::libffi PROPERTIES 30 | IMPORTED_LINK_INTERFACE_LANGUAGES "C" 31 | IMPORTED_LOCATION "${libffi_LIBRARY}" 32 | INTERFACE_INCLUDE_DIRECTORIES "${libffi_INCLUDE_DIR}" 33 | ) 34 | endif() 35 | -------------------------------------------------------------------------------- /cmake/protobuf.cmake: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FetchContent_Declare(protobuf 16 | URL https://github.com/protocolbuffers/protobuf/archive/refs/tags/v31.0.tar.gz # 2025-05-14 17 | URL_HASH SHA256=2b695cb1eaef8e173f884235ee6d55f57186e95d89ebb31361ee55cb5fd1b996 18 | ) 19 | 20 | set(protobuf_ABSL_PROVIDER "package" CACHE STRING "" FORCE) 21 | set(protobuf_BUILD_TESTS OFF CACHE BOOL "" FORCE) 22 | set(protobuf_BUILD_SHARED_LIBS OFF CACHE BOOL "" FORCE) 23 | set(protobuf_INSTALL OFF CACHE BOOL "" FORCE) 24 | set(protobuf_WITH_ZLIB OFF CACHE BOOL "" FORCE) 25 | 26 | FetchContent_MakeAvailable(protobuf) 27 | 28 | sapi_check_target(protobuf::libprotobuf) 29 | sapi_check_target(protobuf::protoc) 30 | set(Protobuf_INCLUDE_DIR "${protobuf_SOURCE_DIR}/src" CACHE INTERNAL "") 31 | set(Protobuf_LIBRARIES protobuf::libprotobuf CACHE INTERNAL "") 32 | -------------------------------------------------------------------------------- /cmake/sandbox2.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@CMAKE_INSTALL_PREFIX@ 2 | exec_prefix=@CMAKE_INSTALL_FULL_BINDIR@ 3 | libdir=@CMAKE_INSTALL_FULL_LIBDIR@ 4 | includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@ 5 | 6 | Name: sandbox2 7 | Description: Sandbox2 is a C++ security sandbox for Linux using seccomp and BPF 8 | Version: @PROJECT_VERSION@ 9 | Libs: -L${libdir} -lsandbox2_sandbox2 10 | Cflags: -I${includedir} 11 | -------------------------------------------------------------------------------- /cmake/sapi.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@CMAKE_INSTALL_PREFIX@ 2 | exec_prefix=@CMAKE_INSTALL_FULL_BINDIR@ 3 | libdir=@CMAKE_INSTALL_FULL_LIBDIR@ 4 | includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@ 5 | 6 | Name: sapi 7 | Description: Sandboxed API makes sandboxing C/C++ libraries easier by auto-generating library API interfaces that call into sandboxed libraries using a custom RPC layer. Sandboxed API uses Sandbox2 as its underlying sandboxing technology. 8 | Version: @PROJECT_VERSION@ 9 | Libs: -L${libdir} -lsapi 10 | Cflags: -I${includedir} 11 | -------------------------------------------------------------------------------- /cmake/sapi_force_cxx_linkage.cc.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/cmake/sapi_force_cxx_linkage.cc.in -------------------------------------------------------------------------------- /contrib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Append to this list whenever a new sandboxed library is added to `contrib/`. 16 | set(SAPI_CONTRIB_SANDBOXES 17 | c-blosc 18 | hunspell 19 | jsonnet 20 | libidn2 21 | libraw 22 | libtiff 23 | libxls 24 | libzip 25 | pffft 26 | turbojpeg 27 | uriparser 28 | woff2 29 | zopfli 30 | zstd 31 | ) 32 | 33 | foreach(_contrib IN LISTS SAPI_CONTRIB_SANDBOXES) 34 | add_sapi_subdirectory("contrib/${_contrib}" INCLUDE_FROM_ALL) 35 | endforeach() 36 | -------------------------------------------------------------------------------- /contrib/brotli/brotli.gen.h.in: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // The libclang based generator doesn't handle complicated structures and 16 | // dependencies of brotli well. We have to enforce multiple includes. 17 | 18 | #include "${brotli_INCLUDE_DIR}/brotli/port.h" 19 | #include "${brotli_INCLUDE_DIR}/brotli/types.h" 20 | #include "${brotli_INCLUDE_DIR}/brotli/encode.h" 21 | #include "${brotli_INCLUDE_DIR}/brotli/decode.h" 22 | -------------------------------------------------------------------------------- /contrib/brotli/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_minibrotli 16 | main.cc 17 | ../utils/utils_brotli.cc 18 | ../utils/utils_brotli.h 19 | ../utils/utils_brotli_dec.cc 20 | ../utils/utils_brotli_dec.h 21 | ../utils/utils_brotli_enc.cc 22 | ../utils/utils_brotli_enc.h 23 | ) 24 | target_link_libraries(sapi_minibrotli PRIVATE 25 | absl::die_if_null 26 | absl::flags 27 | absl::flags_parse 28 | absl::log_globals 29 | absl::log_initialize 30 | sapi_contrib::brotli 31 | sapi::sapi 32 | ) 33 | -------------------------------------------------------------------------------- /contrib/brotli/files/text.chunk.brotli: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/brotli/files/text.chunk.brotli -------------------------------------------------------------------------------- /contrib/brotli/files/text.full.brotli: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/brotli/files/text.full.brotli -------------------------------------------------------------------------------- /contrib/brotli/sandboxed.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_BROTLI_SANDBOXED_H_ 16 | #define CONTRIB_BROTLI_SANDBOXED_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include 22 | 23 | #include "sapi_brotli.sapi.h" // NOLINT(build/include) 24 | #include "sandboxed_api/sandbox2/allowlists/map_exec.h" 25 | 26 | class BrotliSapiSandbox : public BrotliSandbox { 27 | public: 28 | std::unique_ptr ModifyPolicy( 29 | sandbox2::PolicyBuilder*) override { 30 | return sandbox2::PolicyBuilder() 31 | .AllowDynamicStartup(sandbox2::MapExec()) 32 | .AllowRead() 33 | .AllowWrite() 34 | .AllowSystemMalloc() 35 | .AllowGetPIDs() 36 | .AllowExit() 37 | .BlockSyscallWithErrno(__NR_openat, ENOENT) 38 | .BuildOrDie(); 39 | } 40 | }; 41 | 42 | #endif // CONTRIB_BROTLI_SANDBOXED_H_ 43 | -------------------------------------------------------------------------------- /contrib/brotli/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable(sapi_brotli_test 18 | brotli_test.cc 19 | ../utils/utils_brotli.cc 20 | ../utils/utils_brotli_enc.cc 21 | ../utils/utils_brotli_dec.cc 22 | ) 23 | target_link_libraries(sapi_brotli_test PRIVATE 24 | sapi_contrib::brotli 25 | sapi::test_main 26 | ) 27 | gtest_discover_tests(sapi_brotli_test PROPERTIES 28 | ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files" 29 | ) 30 | -------------------------------------------------------------------------------- /contrib/brotli/utils/utils_brotli.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_BROTLI_UTILS_UTILS_BROTLI_H_ 16 | #define CONTRIB_BROTLI_UTILS_UTILS_BROTLI_H_ 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "absl/status/status.h" 25 | #include "absl/status/statusor.h" 26 | 27 | constexpr size_t kFileMaxSize = size_t{1} << 30; // 1GiB 28 | 29 | std::streamsize GetStreamSize(std::ifstream& stream); 30 | 31 | absl::StatusOr> ReadFile(const std::string& in_file_s); 32 | 33 | absl::Status WriteFile(const std::string& out_file_s, 34 | const std::vector& out_buf); 35 | 36 | #endif // CONTRIB_BROTLI_UTILS_UTILS_BROTLI_H_ 37 | -------------------------------------------------------------------------------- /contrib/c-blosc/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_miniblosc 16 | main.cc 17 | ../utils/utils_blosc.cc 18 | ) 19 | 20 | target_include_directories(sapi_miniblosc INTERFACE 21 | "${SAPI_SOURCE_DIR}" 22 | ) 23 | 24 | target_link_libraries(sapi_miniblosc PRIVATE 25 | absl::flags 26 | absl::flags_parse 27 | absl::log_globals 28 | absl::log_initialize 29 | sapi_contrib::blosc 30 | sapi::sapi 31 | ) 32 | -------------------------------------------------------------------------------- /contrib/c-blosc/files/text.blosclz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/c-blosc/files/text.blosclz -------------------------------------------------------------------------------- /contrib/c-blosc/files/text.lz4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/c-blosc/files/text.lz4 -------------------------------------------------------------------------------- /contrib/c-blosc/files/text.lz4hc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/c-blosc/files/text.lz4hc -------------------------------------------------------------------------------- /contrib/c-blosc/files/text.zlib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/c-blosc/files/text.zlib -------------------------------------------------------------------------------- /contrib/c-blosc/files/text.zstd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/c-blosc/files/text.zstd -------------------------------------------------------------------------------- /contrib/c-blosc/sandboxed.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_CBLOSC_SANDBOXED_H_ 16 | #define CONTRIB_CBLOSC_SANDBOXED_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include 22 | 23 | #include "sapi_blosc.sapi.h" // NOLINT(build/include) 24 | 25 | class CbloscSapiSandbox : public CbloscSandbox { 26 | public: 27 | std::unique_ptr ModifyPolicy( 28 | sandbox2::PolicyBuilder*) override { 29 | return sandbox2::PolicyBuilder() 30 | .AllowStaticStartup() 31 | .AllowRead() 32 | .AllowWrite() 33 | .AllowExit() 34 | .AllowSystemMalloc() 35 | .AllowSyscalls({ 36 | __NR_sysinfo, 37 | }) 38 | .BuildOrDie(); 39 | } 40 | }; 41 | 42 | #endif // CONTRIB_CBLOSC_SANDBOXED_ 43 | -------------------------------------------------------------------------------- /contrib/c-blosc/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable( 18 | sapi_blosc_test 19 | 20 | test_blosc.cc 21 | ../utils/utils_blosc.cc 22 | ) 23 | 24 | 25 | target_link_libraries( 26 | sapi_blosc_test PRIVATE 27 | 28 | sapi_blosc 29 | sapi::temp_file 30 | sapi::test_main 31 | ) 32 | 33 | gtest_discover_tests(sapi_blosc_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files") 34 | -------------------------------------------------------------------------------- /contrib/c-blosc/utils/utils_blosc.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_ 16 | #define CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include "absl/status/status.h" 22 | #include "contrib/c-blosc/sandboxed.h" 23 | 24 | absl::Status Compress(CbloscApi& api, std::ifstream& in_stream, 25 | std::ofstream& out_stream, int clevel, 26 | std::string& compress, int nthreads); 27 | absl::Status Decompress(CbloscApi& api, std::ifstream& in_stream, 28 | std::ofstream& out_stream, int nthreads); 29 | 30 | #endif // CONTRIB_CBLOSC_UTILS_UTILS_BLOSC_H_ 31 | -------------------------------------------------------------------------------- /contrib/hunspell/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_minihunspell 16 | main.cc 17 | ) 18 | 19 | target_link_libraries(sapi_minihunspell PRIVATE 20 | absl::flags 21 | absl::flags_parse 22 | absl::log_globals 23 | absl::log_initialize 24 | sapi_contrib::hunspell 25 | sapi::sapi 26 | ) 27 | -------------------------------------------------------------------------------- /contrib/hunspell/files/utf8.aff: -------------------------------------------------------------------------------- 1 | SET UTF-8 2 | 3 | SFX A Y 7 4 | SFX A 0 őő . 5 | SFX A 0 ő o 6 | SFX A 0 ő ó 7 | SFX A ó ő ó 8 | SFX A ó őoo ó 9 | SFX A o őo o 10 | SFX A 0 ó [abcdó] 11 | -------------------------------------------------------------------------------- /contrib/hunspell/files/utf8.dic: -------------------------------------------------------------------------------- 1 | 2 2 | foo/A 3 | foó/A 4 | -------------------------------------------------------------------------------- /contrib/hunspell/files/utf8.good: -------------------------------------------------------------------------------- 1 | foo 2 | foó 3 | fooőő 4 | fooő 5 | foóő 6 | foő 7 | foőo 8 | foőoo 9 | foóó 10 | -------------------------------------------------------------------------------- /contrib/hunspell/files/utf8.wrong: -------------------------------------------------------------------------------- 1 | 𐏑𐏒𐏒 2 | 𐏑𐏒𐏒 3 | -------------------------------------------------------------------------------- /contrib/hunspell/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable( 18 | sapi_hunspell_test 19 | 20 | hunspell_test.cc 21 | ) 22 | 23 | 24 | target_link_libraries( 25 | sapi_hunspell_test PRIVATE 26 | 27 | sapi_hunspell 28 | sapi::test_main 29 | sapi::temp_file 30 | ) 31 | 32 | gtest_discover_tests(sapi_hunspell_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files") 33 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | foreach(target IN ITEMS base multiple_files yaml_stream formatter) 16 | add_executable(jsonnet_${target}_sandboxed 17 | jsonnet_${target}_example.cc 18 | ) 19 | target_link_libraries(jsonnet_${target}_sandboxed PRIVATE 20 | absl::check 21 | absl::flags 22 | absl::flags_parse 23 | absl::log 24 | absl::log_globals 25 | absl::log_initialize 26 | libjsonnet 27 | sapi_contrib::jsonnet_helper 28 | sapi_contrib::jsonnet 29 | sapi::file_base 30 | sapi::fileops 31 | sapi::sapi 32 | ) 33 | endforeach() 34 | 35 | add_executable(jsonnet_base_transacted 36 | jsonnet_base_transaction.cc 37 | ) 38 | target_link_libraries(jsonnet_base_transacted PRIVATE 39 | absl::check 40 | absl::flags 41 | absl::flags_parse 42 | absl::log 43 | absl::log_globals 44 | absl::log_initialize 45 | libjsonnet 46 | sapi_contrib::jsonnet_helper 47 | sapi_contrib::jsonnet 48 | sapi::sapi 49 | ) 50 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes/formatter_example.jsonnet: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // This is a poorly written jsonnet file. Given to the formatter executable 16 | // will be changed into a canonical jsonnet file form. 17 | local b = import "somefile.libsonnet"; # comment 18 | local a = import "differentfile.libsonnet"; // another comment in different style 19 | 20 | local SomeStuff = {bar: "foo"}; 21 | 22 | local funtion_to_do_addition(x,y)=x+y; 23 | 24 | { 25 | "this": ((3)) , 26 | "that that": 27 | funtion_to_do_addition(4,2), 28 | arrArr: [[ 29 | 1, 2, 5 30 | ], 31 | 3, 10, 19 32 | ] 33 | } + SomeStuff 34 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes/imports.jsonnet: -------------------------------------------------------------------------------- 1 | // Copyright 2015 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | local martinis = import 'martinis.libsonnet'; 16 | 17 | { 18 | 'Vodka Martini': martinis['Vodka Martini'], 19 | Manhattan: { 20 | ingredients: [ 21 | { kind: 'Rye', qty: 2.5 }, 22 | { kind: 'Sweet Red Vermouth', qty: 1 }, 23 | { kind: 'Angostura', qty: 'dash' }, 24 | ], 25 | garnish: importstr 'garnish.txt', 26 | served: 'Straight Up', 27 | }, 28 | } 29 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes/multiple_files_example.jsonnet: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // This is jsonnet code which evaluates to multiple output files. 16 | { 17 | "first_file.json": { 18 | name: 'This is the first file created by the multiple-files example code.', 19 | caption: 'The other one\'s name is -> ' + $["second_file.json"].name, 20 | }, 21 | "second_file.json": { 22 | name: 'And that is the other one.', 23 | caption: 'If it was the first one, variable name would hold what\'s in variable.', 24 | first_name: $["first_file.json"].name, 25 | }, 26 | } 27 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes/negroni.jsonnet: -------------------------------------------------------------------------------- 1 | // Copyright 2015 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | local utils = import 'utils.libsonnet'; 16 | { 17 | Negroni: { 18 | // Divide 3oz among the 3 ingredients. 19 | ingredients: utils.equal_parts(3, [ 20 | 'Farmers Gin', 21 | 'Sweet Red Vermouth', 22 | 'Campari', 23 | ]), 24 | garnish: 'Orange Peel', 25 | served: 'On The Rocks', 26 | }, 27 | } 28 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes/utils.libsonnet: -------------------------------------------------------------------------------- 1 | // Copyright 2015 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | { 16 | equal_parts(size, ingredients):: 17 | // Define a function-scoped variable. 18 | local qty = size / std.length(ingredients); 19 | // Return an array. 20 | [ 21 | { kind: i, qty: qty } 22 | for i in ingredients 23 | ], 24 | } 25 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes/yaml_stream_example.jsonnet: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // This is jsonnet code which evaluates to json file, which can be 16 | // interpreted as YAML stream. 17 | local 18 | first_object = { 19 | name: 'First object\'s name.', 20 | age: 'Just created!', 21 | }, 22 | second_object = { 23 | name: 'Hi, my name is .', 24 | sibling: first_object.name 25 | }; 26 | 27 | [first_object, second_object] 28 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes_expected_output/arith.golden: -------------------------------------------------------------------------------- 1 | { 2 | "concat_array": [ 3 | 1, 4 | 2, 5 | 3, 6 | 4 7 | ], 8 | "concat_string": "1234", 9 | "equality1": false, 10 | "equality2": true, 11 | "ex1": 1.6666666666666665, 12 | "ex2": 3, 13 | "ex3": 1.6666666666666665, 14 | "ex4": true, 15 | "obj": { 16 | "a": 1, 17 | "b": 3, 18 | "c": 4 19 | }, 20 | "obj_member": true, 21 | "str1": "The value of self.ex2 is 3.", 22 | "str2": "The value of self.ex2 is 3.", 23 | "str3": "ex1=1.67, ex2=3.00", 24 | "str4": "ex1=1.67, ex2=3.00", 25 | "str5": "ex1=1.67\nex2=3.00\n" 26 | } 27 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes_expected_output/first_file.json: -------------------------------------------------------------------------------- 1 | { 2 | "caption": "The other one's name is -> And that is the other one.", 3 | "name": "This is the first file created by the multiple-files example code." 4 | } 5 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes_expected_output/negroni.golden: -------------------------------------------------------------------------------- 1 | { 2 | "Negroni": { 3 | "garnish": "Orange Peel", 4 | "ingredients": [ 5 | { 6 | "kind": "Farmers Gin", 7 | "qty": 1 8 | }, 9 | { 10 | "kind": "Sweet Red Vermouth", 11 | "qty": 1 12 | }, 13 | { 14 | "kind": "Campari", 15 | "qty": 1 16 | } 17 | ], 18 | "served": "On The Rocks" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes_expected_output/second_file.json: -------------------------------------------------------------------------------- 1 | { 2 | "caption": "If it was the first one, variable name would hold what's in variable.", 3 | "first_name": "This is the first file created by the multiple-files example code.", 4 | "name": "And that is the other one." 5 | } 6 | -------------------------------------------------------------------------------- /contrib/jsonnet/examples/jsonnet_codes_expected_output/yaml_stream_example.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | { 3 | "age": "Just created!", 4 | "name": "First object's name." 5 | } 6 | --- 7 | { 8 | "name": "Hi, my name is .", 9 | "sibling": "First object's name." 10 | } 11 | ... 12 | -------------------------------------------------------------------------------- /contrib/jsonnet/jsonnet_base_transaction.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_JSNONNET_BASE_TRANSACTION_H_ 16 | #define CONTRIB_JSNONNET_BASE_TRANSACTION_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include "jsonnet_base_sandbox.h" // NOLINT(build/include) 22 | 23 | class JsonnetTransaction : public sapi::Transaction { 24 | public: 25 | JsonnetTransaction(std::string in_file, std::string out_file) 26 | : sapi::Transaction( 27 | std::make_unique(in_file, out_file)), 28 | in_file_(in_file), 29 | out_file_(out_file) { 30 | sapi::Transaction::set_retry_count(0); // Try once, no retries 31 | sapi::Transaction::SetTimeLimit(0); // Infinite time limit 32 | } 33 | 34 | private: 35 | std::string in_file_; 36 | std::string out_file_; 37 | 38 | absl::Status Main() override; 39 | }; 40 | 41 | #endif // CONTRIB_JSNONNET_BASE_TRANSACTION_H_ 42 | -------------------------------------------------------------------------------- /contrib/libidn2/tests/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(libidn2_sapi_test 16 | libidn2_sapi_test.cc 17 | ) 18 | target_link_libraries(libidn2_sapi_test PRIVATE 19 | sapi_contrib::libidn2 20 | sapi::test_main 21 | ) 22 | gtest_discover_tests(libidn2_sapi_test) 23 | -------------------------------------------------------------------------------- /contrib/libraw/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_minilibraw 16 | main.cc 17 | ../utils/utils_libraw.cc 18 | ) 19 | target_link_libraries(sapi_minilibraw PRIVATE 20 | absl::die_if_null 21 | absl::flags 22 | absl::flags_parse 23 | absl::log_globals 24 | absl::log_initialize 25 | absl::strings 26 | sapi_contrib::libraw 27 | sapi::sapi 28 | ) 29 | -------------------------------------------------------------------------------- /contrib/libraw/files/img.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/libraw/files/img.raw -------------------------------------------------------------------------------- /contrib/libraw/raw.gen.h.in: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_LIBRAW_RAW_GEN_H 16 | #define CONTRIB_LIBRAW_RAW_GEN_H 17 | 18 | #include 19 | 20 | #define __time_t uint64_t 21 | #define time_t uint64_t 22 | 23 | #include "${libraw_SOURCE_DIR}/libraw/libraw.h" 24 | 25 | #endif // CONTRIB_LIBRAW_RAW_GEN_H 26 | -------------------------------------------------------------------------------- /contrib/libraw/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_libraw_test 16 | libraw_test.cc 17 | ../utils/utils_libraw.cc 18 | ) 19 | target_link_libraries(sapi_libraw_test PRIVATE 20 | absl::strings 21 | sapi_contrib::libraw 22 | sapi::test_main 23 | sapi::temp_file 24 | ) 25 | 26 | gtest_discover_tests(sapi_libraw_test PROPERTIES 27 | ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files" 28 | ) 29 | -------------------------------------------------------------------------------- /contrib/libtiff/README.md: -------------------------------------------------------------------------------- 1 | # sapi-libtiff 2 | 3 | This library was sandboxed as part of Google's summer 2020 internship program 4 | ([blog post](https://security.googleblog.com/2020/12/improving-open-source-security-during.html)). 5 | 6 | Copyright 2020 Google LLC. 7 | 8 | ## Usage 9 | 10 | #### build: 11 | 12 | ```bash 13 | mkdir -p build && cd build && cmake .. \ 14 | -DSAPI_ROOT=$HOME/sapi_root \ 15 | -DBUILD_SHARED_LIBS=OFF 16 | make -j 8 17 | ``` 18 | 19 | #### to run the sandboxed example: 20 | 21 | `./example/sandboxed absolute/path/to/project/dir` 22 | 23 | #### to run tests: 24 | 25 | `./test/tests` 26 | 27 | you also can use sandbox flags `sandbox2_danger_danger_permit_all` and 28 | `sandbox2_danger_danger_permit_all_and_log` for debugging. 29 | -------------------------------------------------------------------------------- /contrib/libtiff/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sandboxed 16 | main_sandboxed.cc 17 | ../sandboxed.h 18 | ) 19 | 20 | target_link_libraries(sandboxed PRIVATE 21 | absl::flags 22 | absl::flags_parse 23 | absl::log_globals 24 | absl::log_initialize 25 | sapi::sapi 26 | sapi_contrib::libtiff 27 | sapi::temp_file 28 | ) 29 | -------------------------------------------------------------------------------- /contrib/libtiff/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(tests 16 | check_tag.h 17 | check_tag.cc 18 | defer_strile_writing.cc 19 | long_tag.cc 20 | raw_decode.cc 21 | short_tag.cc 22 | helper.h 23 | helper.cc 24 | ) 25 | target_link_libraries(tests 26 | PRIVATE sapi::base 27 | sapi::sapi 28 | sapi::temp_file 29 | sapi_contrib::libtiff 30 | gmock 31 | gtest_main 32 | ) 33 | 34 | gtest_discover_tests(tests PROPERTIES 35 | ENVIRONMENT "TEST_SRCDIR=${PROJECT_SOURCE_DIR}" 36 | ) 37 | -------------------------------------------------------------------------------- /contrib/libtiff/test/check_tag.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_LIBTIFF_TEST_CHECK_TAG_H_ 16 | #define CONTRIB_LIBTIFF_TEST_CHECK_TAG_H_ 17 | 18 | #include 19 | 20 | #include "helper.h" // NOLINT(build/include) 21 | #include "tiffio.h" // NOLINT(build/include) 22 | 23 | void CheckShortField(TiffApi&, sapi::v::RemotePtr& tif, const ttag_t field, 24 | const uint16_t value); 25 | void CheckShortPairedField(TiffApi& api, sapi::v::RemotePtr& tif, 26 | const ttag_t field, 27 | const std::array& values); 28 | void CheckLongField(TiffApi&, sapi::v::RemotePtr& tif, const ttag_t field, 29 | const uint32_t value); 30 | 31 | #endif // CONTRIB_LIBTIFF_TEST_CHECK_TAG_H_ 32 | -------------------------------------------------------------------------------- /contrib/libtiff/test/helper.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "helper.h" // NOLINT(build/include) 16 | 17 | #include 18 | 19 | std::string GetFilePath(const std::string& filename) { 20 | const char* test_srcdir = std::getenv("TEST_SRCDIR"); 21 | 22 | return sapi::file::JoinPath( 23 | test_srcdir == nullptr ? sapi::file_util::fileops::GetCWD() : test_srcdir, 24 | filename); 25 | } 26 | -------------------------------------------------------------------------------- /contrib/libtiff/test/helper.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_LIBTIFF_TEST_HELPER_H_ 16 | #define CONTRIB_LIBTIFF_TEST_HELPER_H_ 17 | 18 | #include 19 | 20 | #include "../sandboxed.h" // NOLINT(build/include) 21 | #include "gtest/gtest.h" 22 | #include "sandboxed_api/testing.h" 23 | #include "sandboxed_api/util/fileops.h" 24 | #include "sandboxed_api/util/path.h" 25 | #include "sandboxed_api/util/temp_file.h" 26 | 27 | std::string GetFilePath(const std::string& filename); 28 | 29 | #endif // CONTRIB_LIBTIFF_TEST_HELPER_H_ 30 | -------------------------------------------------------------------------------- /contrib/libtiff/test/images/quad-tile.jpg.tiff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/libtiff/test/images/quad-tile.jpg.tiff -------------------------------------------------------------------------------- /contrib/libtiff/wrapper/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_library(wrapped_tiff STATIC 16 | func.h 17 | func.cc 18 | ) 19 | target_link_libraries(wrapped_tiff PRIVATE 20 | sapi::temp_file 21 | sapi::sapi 22 | tiff 23 | ) 24 | -------------------------------------------------------------------------------- /contrib/libxls/README.md: -------------------------------------------------------------------------------- 1 | # libxls Sandboxed API 2 | 3 | This directory contains a ready-made sandbox for the 4 | [libxls](https://github.com/libxls/libxls) library. 5 | 6 | The libxls library uses Autotools and a special macro package for its 7 | configuration. This means that on Debian based systems, the package 8 | `autoconf-archive` needs to be installed or the configuration phase 9 | will fail with the following error: 10 | 11 | ``` 12 | ./configure: line 16126: syntax error near unexpected token `,' 13 | ./configure: line 16126: `AX_CXX_COMPILE_STDCXX_11(, optional)' 14 | ``` 15 | -------------------------------------------------------------------------------- /contrib/libxls/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_minixls 16 | main.cc 17 | ../utils/utils_libxls.cc 18 | ../utils/utils_libxls.h 19 | ) 20 | 21 | target_link_libraries(sapi_minixls PRIVATE 22 | absl::die_if_null 23 | absl::flags 24 | absl::flags_parse 25 | absl::log_globals 26 | absl::log_initialize 27 | sapi_contrib::libxls 28 | sapi::sapi 29 | ) 30 | -------------------------------------------------------------------------------- /contrib/libxls/files/t1.xls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/libxls/files/t1.xls -------------------------------------------------------------------------------- /contrib/libxls/files/t2.xls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/libxls/files/t2.xls -------------------------------------------------------------------------------- /contrib/libxls/files/t3.xls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/libxls/files/t3.xls -------------------------------------------------------------------------------- /contrib/libxls/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable(sapi_libxls_test 18 | libxls_test.cc 19 | ../utils/utils_libxls.cc 20 | ) 21 | 22 | target_link_libraries(sapi_libxls_test 23 | PRIVATE sapi_libxls 24 | sapi::temp_file 25 | sapi::test_main 26 | ) 27 | 28 | gtest_discover_tests(sapi_libxls_test PROPERTIES 29 | ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files" 30 | ) 31 | -------------------------------------------------------------------------------- /contrib/libxls/xls.gen.h.in: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_LIBXLS_XLS_GEN_H_ 16 | #define CONTRIB_LIBXLS_XLS_GEN_H_ 17 | 18 | // Workaround for libclang based interface generator 19 | #define FILE void 20 | #undef __cplusplus 21 | extern "C" { 22 | #include "${libxls_SOURCE_DIR}/include/xls.h" 23 | } 24 | #define __cplusplus 25 | #undef FILE 26 | 27 | #endif // CONTRIB_LIBXLS_XLS_GEN_H_ 28 | -------------------------------------------------------------------------------- /contrib/libzip/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_minizip 16 | main.cc 17 | ) 18 | target_link_libraries(sapi_minizip PRIVATE 19 | absl::flags 20 | absl::flags_parse 21 | absl::log_globals 22 | absl::log_initialize 23 | sapi_contrib::libzip 24 | sapi::sapi 25 | ) 26 | -------------------------------------------------------------------------------- /contrib/libzip/files/binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/libzip/files/binary -------------------------------------------------------------------------------- /contrib/libzip/files/zip.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/libzip/files/zip.zip -------------------------------------------------------------------------------- /contrib/libzip/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_zip_test 16 | test_zip.cc 17 | ) 18 | target_link_libraries(sapi_zip_test PRIVATE 19 | sapi_contrib::libzip 20 | sapi::temp_file 21 | sapi::test_main 22 | ) 23 | 24 | gtest_discover_tests(sapi_zip_test PROPERTIES 25 | ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files" 26 | ) 27 | -------------------------------------------------------------------------------- /contrib/libzip/wrapper/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Directly compile the wrapper sources as part of the libzip archive 16 | target_sources(zip PRIVATE 17 | wrapper_zip.cc 18 | wrapper_zip.h 19 | ) 20 | target_link_libraries(zip PRIVATE 21 | absl::cleanup 22 | sapi::sapi 23 | ) 24 | -------------------------------------------------------------------------------- /contrib/libzip/wrapper/wrapper_zip.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_LIBZIP_WRAPPER_WRAPPER_ZIP_H_ 16 | #define CONTRIB_LIBZIP_WRAPPER_WRAPPER_ZIP_H_ 17 | 18 | #include 19 | #include 20 | 21 | extern "C" { 22 | 23 | // TODO(cblichmann): zip_source_t used as return value is converted to int. 24 | void* zip_source_filefd(zip_t* archive, int fd, const char* flags, 25 | zip_uint64_t start, zip_int64_t len); 26 | void* zip_source_filefd_create(int fd, const char* flags, zip_uint64_t start, 27 | zip_int64_t len, zip_error_t* ze); 28 | void* zip_read_fd_to_source(int fd, zip_error_t* ze); 29 | bool zip_source_to_fd(zip_source_t* src, int fd); 30 | } 31 | 32 | #endif // CONTRIB_ZIP_WRAPPER_WRAPPER_ZIP_H_ 33 | -------------------------------------------------------------------------------- /contrib/lodepng/examples/helpers.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "helpers.h" // NOLINT(build/include) 16 | 17 | #include "absl/log/check.h" 18 | #include "absl/status/statusor.h" 19 | #include "sandboxed_api/util/temp_file.h" 20 | 21 | std::vector GenerateValues() { 22 | std::vector image; 23 | image.reserve(kImgLen); 24 | 25 | for (int y = 0; y < kHeight; ++y) { 26 | for (int x = 0; x < kWidth; ++x) { 27 | image.push_back(255 * !(x & y)); 28 | image.push_back(x ^ y); 29 | image.push_back(x | y); 30 | image.push_back(255); 31 | } 32 | } 33 | 34 | return image; 35 | } 36 | 37 | std::string CreateTempDirAtCWD() { 38 | std::string cwd = sapi::file_util::fileops::GetCWD(); 39 | CHECK(!cwd.empty()) << "Could not get current working directory"; 40 | cwd.append("/"); 41 | 42 | absl::StatusOr result = sapi::CreateTempDir(cwd); 43 | CHECK_OK(result) << "Could not create temporary directory"; 44 | return result.value(); 45 | } 46 | -------------------------------------------------------------------------------- /contrib/lodepng/examples/helpers.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_LODEPNG_EXAMPLES_HELPERS_H_ 16 | #define CONTRIB_LODEPNG_EXAMPLES_HELPERS_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include "absl/log/log.h" 22 | #include "sandboxed_api/util/fileops.h" 23 | #include "sandboxed_api/util/temp_file.h" 24 | 25 | inline constexpr size_t kWidth = 512; 26 | inline constexpr size_t kHeight = 512; 27 | inline constexpr size_t kImgLen = kWidth * kHeight * 4; 28 | 29 | // Returns a vector that contains values used for testing. 30 | // This part of code is taken from 31 | // https://github.com/lvandeve/lodepng/blob/master/examples/example_encode.c#L96-L104. 32 | // The generated image contains square fractals. 33 | std::vector GenerateValues(); 34 | 35 | // Creates a temporary directory in the current working directory and returns 36 | // the path. 37 | std::string CreateTempDirAtCWD(); 38 | 39 | #endif // CONTRIB_LODEPNG_EXAMPLES_HELPERS_H_ 40 | -------------------------------------------------------------------------------- /contrib/lodepng/lodepng.gen.h.in: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_LODEPNG_LODEPNG_GEN_H_ 16 | #define CONTRIB_LODEPNG_LODEPNG_GEN_H_ 17 | 18 | extern "C" { 19 | 20 | #include "${lodepng_SOURCE_DIR}/lodepng.h" 21 | 22 | } 23 | 24 | #endif // CONTRIB_LODEPNG_LODEPNG_GEN_H_ 25 | -------------------------------------------------------------------------------- /contrib/turbojpeg/tests/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable(turbojpeg_sapi_test 18 | turbojpeg_sapi_test.cc 19 | ) 20 | 21 | target_link_libraries(turbojpeg_sapi_test PRIVATE 22 | sapi_contrib::turbojpeg 23 | sapi::test_main 24 | ) 25 | 26 | gtest_discover_tests(turbojpeg_sapi_test PROPERTIES 27 | ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/tests" 28 | ) 29 | -------------------------------------------------------------------------------- /contrib/turbojpeg/tests/sample.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/turbojpeg/tests/sample.jpeg -------------------------------------------------------------------------------- /contrib/turbojpeg/tests/sample.rgb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/turbojpeg/tests/sample.rgb -------------------------------------------------------------------------------- /contrib/turbojpeg/turbojpeg_sapi.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_ 16 | #define CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_ 17 | 18 | #include 19 | 20 | #include "sandboxed_api/util/fileops.h" 21 | #include "turbojpeg_sapi.sapi.h" // NOLINT(build/include) 22 | class TurboJpegSapiSandbox : public turbojpeg_sapi::TurboJPEGSandbox { 23 | public: 24 | std::unique_ptr ModifyPolicy( 25 | sandbox2::PolicyBuilder*) override { 26 | return sandbox2::PolicyBuilder() 27 | .AllowSystemMalloc() 28 | .AllowRead() 29 | .AllowStat() 30 | .AllowWrite() 31 | .AllowExit() 32 | .AllowSyscalls({ 33 | __NR_futex, 34 | __NR_close, 35 | __NR_lseek, 36 | __NR_getpid, 37 | __NR_clock_gettime, 38 | }) 39 | .AllowLlvmSanitizers() 40 | .BuildOrDie(); 41 | } 42 | }; 43 | 44 | #endif // CONTRIB_TURBOJPEG_TURBOJPEG_SAPI_H_ 45 | -------------------------------------------------------------------------------- /contrib/uriparser/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_miniuriparser 16 | main.cc 17 | ../utils/utils_uriparser.cc 18 | ) 19 | 20 | target_link_libraries(sapi_miniuriparser PRIVATE 21 | absl::die_if_null 22 | absl::flags 23 | absl::flags_parse 24 | absl::log_globals 25 | absl::log_initialize 26 | sapi_contrib::uriparser 27 | sapi::sapi 28 | ) 29 | -------------------------------------------------------------------------------- /contrib/uriparser/sandboxed.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_URIPARSER_SANDBOXED_H_ 16 | #define CONTRIB_URIPARSER_SANDBOXED_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include 22 | 23 | #include "sapi_uriparser.sapi.h" // NOLINT(build/include) 24 | #include "sandboxed_api/sandbox2/allowlists/map_exec.h" 25 | 26 | class UriparserSapiSandbox : public UriparserSandbox { 27 | public: 28 | std::unique_ptr ModifyPolicy( 29 | sandbox2::PolicyBuilder*) override { 30 | return sandbox2::PolicyBuilder() 31 | .AllowDynamicStartup(sandbox2::MapExec()) 32 | .AllowRead() 33 | .AllowWrite() 34 | .AllowSystemMalloc() 35 | .AllowExit() 36 | .BuildOrDie(); 37 | } 38 | }; 39 | 40 | #endif // CONTRIB_URIPARSER_SANDBOXED_H_ 41 | -------------------------------------------------------------------------------- /contrib/uriparser/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable( 18 | sapi_uriparser_test 19 | 20 | test_uriparser.cc 21 | ../utils/utils_uriparser.cc 22 | ) 23 | 24 | 25 | target_link_libraries( 26 | sapi_uriparser_test PRIVATE 27 | 28 | sapi_uriparser 29 | sapi::test_main 30 | ) 31 | 32 | gtest_discover_tests(sapi_uriparser_test) 33 | -------------------------------------------------------------------------------- /contrib/uriparser/uri.gen.h.in: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // This header ensure that we are getting ascii structures. The generator 16 | // dosen't handle redefined macros like URI_TYPE well. 17 | 18 | #define URI_PASS_ANSI 19 | #define URI_ENABLE_ANSI 20 | #include "${uriparser_SOURCE_DIR}/include/uriparser/Uri.h" 21 | -------------------------------------------------------------------------------- /contrib/woff2/testdata/Roboto-Regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/woff2/testdata/Roboto-Regular.ttf -------------------------------------------------------------------------------- /contrib/woff2/testdata/Roboto-Regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/woff2/testdata/Roboto-Regular.woff2 -------------------------------------------------------------------------------- /contrib/woff2/woff2_wrapper.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_WOFF2_WOFF2_WRAPPER_H_ 16 | #define CONTRIB_WOFF2_WOFF2_WRAPPER_H_ 17 | 18 | #include 19 | #include 20 | #include 21 | 22 | extern "C" { 23 | 24 | bool WOFF2_ConvertWOFF2ToTTF(const uint8_t* data, size_t length, 25 | uint8_t** result, size_t* result_length, 26 | size_t max_size); 27 | bool WOFF2_ConvertTTFToWOFF2(const uint8_t* data, size_t length, 28 | uint8_t** result, size_t* result_length); 29 | void WOFF2_Free(uint8_t* data); 30 | } 31 | 32 | #endif // CONTRIB_WOFF2_WOFF2_WRAPPER_H_ 33 | -------------------------------------------------------------------------------- /contrib/zopfli/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_minizopfli 16 | main.cc 17 | ../utils/utils_zopfli.cc 18 | ) 19 | target_link_libraries(sapi_minizopfli PRIVATE 20 | absl::flags 21 | absl::flags_parse 22 | absl::log_globals 23 | absl::log_initialize 24 | sapi_contrib::zopfli 25 | sapi::sapi 26 | ) 27 | -------------------------------------------------------------------------------- /contrib/zopfli/files/binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/zopfli/files/binary -------------------------------------------------------------------------------- /contrib/zopfli/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable(sapi_zopfli_test 18 | zopfli_test.cc 19 | ../utils/utils_zopfli.cc 20 | ) 21 | target_link_libraries(sapi_zopfli_test PRIVATE 22 | sapi_contrib::zopfli 23 | sapi::temp_file 24 | sapi::test_main 25 | ) 26 | gtest_discover_tests(sapi_zopfli_test PROPERTIES 27 | ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files" 28 | ) 29 | -------------------------------------------------------------------------------- /contrib/zopfli/utils/utils_zopfli.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_ZOPFLI_UTILS_UTILS_ZOPFLI_H_ 16 | #define CONTRIB_ZOPFLI_UTILS_UTILS_ZOPFLI_H_ 17 | 18 | #include 19 | 20 | #include "absl/status/status.h" 21 | #include "contrib/zopfli/sandboxed.h" 22 | 23 | absl::Status Compress(ZopfliApi& api, std::ifstream& instream, 24 | std::ofstream& outstream, ZopfliFormat format); 25 | 26 | absl::Status CompressFD(ZopfliApi& api, sapi::v::Fd& infd, sapi::v::Fd& outfd, 27 | ZopfliFormat format); 28 | 29 | #endif // CONTRIB_ZOPFLI_UTILS_UTILS_ZOPFLI_H_ 30 | -------------------------------------------------------------------------------- /contrib/zopfli/wrapper/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_library( 16 | wrapper_zopfli STATIC 17 | 18 | wrapper_zopfli.cc 19 | ) 20 | 21 | target_link_libraries(wrapper_zopfli PUBLIC 22 | Zopfli::libzopfli 23 | ) 24 | 25 | target_include_directories(wrapper_zopfli PUBLIC 26 | ${SAPI_SOURCE_DIR} 27 | ${libzopfli_SOURCE_DIR}/src/zopfli 28 | ) 29 | -------------------------------------------------------------------------------- /contrib/zopfli/wrapper/wrapper_zopfli.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "contrib/zopfli/wrapper/wrapper_zopfli.h" 16 | 17 | #include 18 | #include 19 | 20 | #include 21 | #include 22 | #include 23 | 24 | int ZopfliCompressFD(const ZopfliOptions* options, ZopfliFormat output_type, 25 | int infd, int outfd) { 26 | off_t insize = lseek(infd, 0, SEEK_END); 27 | if (insize < 0) { 28 | return -1; 29 | } 30 | if (lseek(infd, 0, SEEK_SET) < 0) { 31 | return -1; 32 | } 33 | 34 | auto inbuf = std::make_unique(insize); 35 | if (read(infd, inbuf.get(), insize) != insize) { 36 | return -1; 37 | } 38 | 39 | size_t outsize = 0; 40 | uint8_t* outbuf = nullptr; 41 | ZopfliCompress(options, output_type, inbuf.get(), insize, &outbuf, &outsize); 42 | size_t retsize = write(outfd, outbuf, outsize); 43 | free(outbuf); 44 | 45 | if (outsize != retsize) { 46 | return -1; 47 | } 48 | 49 | return 0; 50 | } 51 | -------------------------------------------------------------------------------- /contrib/zopfli/wrapper/wrapper_zopfli.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_ 16 | #define CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_ 17 | 18 | #include "zopfli.h" // NOLINT(build/include) 19 | 20 | extern "C" { 21 | int ZopfliCompressFD(const ZopfliOptions* options, ZopfliFormat output_type, 22 | int infd, int outfd); 23 | }; 24 | 25 | #endif // CONTRIB_ZOPFLI_WRAPPER_WRAPPER_ZOPFLI_H_ 26 | -------------------------------------------------------------------------------- /contrib/zstd/example/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(sapi_minizstd 16 | main.cc 17 | ../utils/utils_zstd.cc 18 | ) 19 | 20 | target_link_libraries(sapi_minizstd PRIVATE 21 | absl::flags 22 | absl::flags_parse 23 | absl::log_globals 24 | absl::log_initialize 25 | sapi_contrib::zstd 26 | sapi::sapi 27 | ) 28 | -------------------------------------------------------------------------------- /contrib/zstd/files/text.blob.zstd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/zstd/files/text.blob.zstd -------------------------------------------------------------------------------- /contrib/zstd/files/text.stream.zstd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/contrib/zstd/files/text.stream.zstd -------------------------------------------------------------------------------- /contrib/zstd/sandboxed.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_ZSTD_SANDBOXED_H_ 16 | #define CONTRIB_ZSTD_SANDBOXED_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include 22 | 23 | #include "sapi_zstd.sapi.h" // NOLINT(build/include) 24 | #include "sandboxed_api/sandbox2/allowlists/map_exec.h" 25 | 26 | class ZstdSapiSandbox : public ZstdSandbox { 27 | public: 28 | std::unique_ptr ModifyPolicy( 29 | sandbox2::PolicyBuilder*) override { 30 | return sandbox2::PolicyBuilder() 31 | .AllowDynamicStartup(sandbox2::MapExec()) 32 | .AllowRead() 33 | .AllowWrite() 34 | .AllowSystemMalloc() 35 | .AllowExit() 36 | .AllowSyscalls({__NR_recvmsg}) 37 | .BuildOrDie(); 38 | } 39 | }; 40 | 41 | #endif // CONTRIB_ZSTD_SANDBOXED_H_ 42 | -------------------------------------------------------------------------------- /contrib/zstd/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable( 18 | sapi_zstd_test 19 | 20 | zstd_test.cc 21 | ../utils/utils_zstd.cc 22 | ) 23 | 24 | 25 | target_link_libraries( 26 | sapi_zstd_test PRIVATE 27 | 28 | sapi_zstd 29 | sapi::test_main 30 | sapi::temp_file 31 | ) 32 | 33 | gtest_discover_tests(sapi_zstd_test PROPERTIES ENVIRONMENT "TEST_FILES_DIR=${PROJECT_SOURCE_DIR}/files") 34 | -------------------------------------------------------------------------------- /contrib/zstd/wrapper/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_library(wrapper_zstd STATIC 16 | wrapper_zstd.cc 17 | ) 18 | target_link_libraries(wrapper_zstd PUBLIC 19 | libzstd_static 20 | ) 21 | target_include_directories(wrapper_zstd PUBLIC 22 | "${SAPI_SOURCE_DIR}" 23 | "${libzstd_INCLUDE_DIR}" 24 | ) 25 | -------------------------------------------------------------------------------- /contrib/zstd/wrapper/wrapper_zstd.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_ 16 | #define CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_ 17 | 18 | #include 19 | 20 | extern "C" { 21 | int ZSTD_compress_fd(int fdin, int fdout, int level); 22 | int ZSTD_compressStream_fd(ZSTD_CCtx* cctx, int fdin, int fdout); 23 | 24 | int ZSTD_decompress_fd(int fdin, int fdout); 25 | int ZSTD_decompressStream_fd(ZSTD_DCtx* dctx, int fdin, int fdout); 26 | }; 27 | 28 | #endif // CONTRIB_ZSTD_WRAPPER_WRAPPER_ZSTD_H_ 29 | -------------------------------------------------------------------------------- /oss-internship-2020/README.md: -------------------------------------------------------------------------------- 1 | # Sandboxing OSS Internship 2020 2 | 3 | With Google offices closed due to the pandemic, this year's interns will be 4 | doing their internship at Google fully remote (see the 5 | [blog post](https://blog.google/inside-google/working-google/google-internships-go-virtual-help-open-source/)). 6 | 7 | In addition, most of them are working on open-source projects and develop in the 8 | open. 9 | 10 | As part of this effort, the Sandboxed API team decided to host interns as well 11 | in order to provide reusable sandboxes for open-source libraries. 12 | 13 | This directory collects our interns' contributions prior to upstreaming. For 14 | projects where this is not feasible, we will eventually move the finished 15 | project into the `contrib` folder directly. 16 | -------------------------------------------------------------------------------- /oss-internship-2020/curl/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | -------------------------------------------------------------------------------- /oss-internship-2020/curl/callbacks/callbacks.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "callbacks.h" // NOLINT(build/include) 16 | 17 | #include 18 | #include 19 | 20 | #include "sandboxed_api/vars.h" 21 | 22 | size_t WriteToMemory(char* contents, size_t size, size_t num_bytes, 23 | void* userp) { 24 | size_t real_size = size * num_bytes; 25 | auto* mem = static_cast(userp); 26 | 27 | char* ptr = static_cast(realloc(mem->data, mem->size + real_size + 1)); 28 | if (ptr == nullptr) return 0; 29 | 30 | mem->data = ptr; 31 | auto data = static_cast(mem->data); 32 | memcpy(&(data[mem->size]), contents, real_size); 33 | mem->size += real_size; 34 | data[mem->size] = 0; 35 | 36 | return real_size; 37 | } 38 | -------------------------------------------------------------------------------- /oss-internship-2020/curl/callbacks/callbacks.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CALLBACKS_H_ 16 | #define CALLBACKS_H_ 17 | 18 | #include 19 | 20 | // Append contents to the string stored by userp, which is a sapi::LenValStruct* 21 | extern "C" size_t WriteToMemory(char* contents, size_t size, size_t num_bytes, 22 | void* userp); 23 | 24 | #endif // CALLBACKS_H_ 25 | -------------------------------------------------------------------------------- /oss-internship-2020/curl/curl_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "curl_util.h" // NOLINT(build/include) 16 | 17 | #include "absl/status/statusor.h" 18 | #include "absl/strings/str_cat.h" 19 | 20 | namespace curl { 21 | 22 | std::string StrError(curl::CurlApi* api, int curl_error) { 23 | absl::StatusOr remote_error_message = 24 | api->curl_easy_strerror(static_cast(curl_error)); 25 | if (!remote_error_message.ok()) { 26 | return absl::StrCat("Code ", curl_error, " (curl_easy_strerror failed)"); 27 | } 28 | 29 | absl::StatusOr error_message = 30 | api->sandbox()->GetCString(sapi::v::RemotePtr(*remote_error_message)); 31 | if (!error_message.ok()) { 32 | return absl::StrCat("Code ", curl_error, " (error getting error message)"); 33 | } 34 | return *error_message; 35 | } 36 | 37 | } // namespace curl 38 | -------------------------------------------------------------------------------- /oss-internship-2020/curl/curl_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CURL_UTIL_H_ 16 | #define CURL_UTIL_H_ 17 | 18 | #include 19 | 20 | #include "curl_sapi.sapi.h" // NOLINT(build/include) 21 | 22 | namespace curl { 23 | 24 | // Calls into the sandbox to retrieve the error message for the curl error code 25 | // in curl_error. 26 | std::string StrError(curl::CurlApi* api, int curl_error); 27 | 28 | } // namespace curl 29 | 30 | #endif // CURL_UTIL_H_ 31 | -------------------------------------------------------------------------------- /oss-internship-2020/curl/curl_wrapper/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Wrapper library including curl, wrappers for some methods and callbacks 16 | # The CURL_SAPI_CALLBACKS variable should contain the absolute paths of 17 | # all the files implementing the callbacks 18 | add_library(curl_wrapper_and_callbacks OBJECT 19 | curl_wrapper.h 20 | curl_wrapper.cc 21 | "${CURL_SAPI_CALLBACKS}" 22 | ) 23 | set_target_properties(curl_wrapper_and_callbacks 24 | PROPERTIES LINKER_LANGUAGE C 25 | ) 26 | 27 | # Flags needed to build curl statically 28 | set(CURL_HIDDEN_SYMBOLS OFF) 29 | set(BUILD_SHARED_LIBS OFF) 30 | 31 | # Link the wrapper to the original curl library (testing is disabled in curl) 32 | set(BUILD_TESTING OFF) 33 | add_subdirectory(curl) 34 | target_link_libraries(curl_wrapper_and_callbacks 35 | CURL::libcurl 36 | sapi::sapi 37 | ) 38 | -------------------------------------------------------------------------------- /oss-internship-2020/curl/tests/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable(tests 18 | test_utils.h 19 | test_utils.cc 20 | tests.cc 21 | ) 22 | 23 | target_link_libraries(tests 24 | curl_sapi sapi::sapi 25 | gtest gmock gtest_main 26 | ) 27 | 28 | gtest_discover_tests(tests) 29 | -------------------------------------------------------------------------------- /oss-internship-2020/gdal/CANYrelief1-geo.tif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/gdal/CANYrelief1-geo.tif -------------------------------------------------------------------------------- /oss-internship-2020/gdal/raster_to_gtiff/gtiff_converter.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef RASTER_TO_GTIFF_GTIFF_CONVERTER_H_ 16 | #define RASTER_TO_GTIFF_GTIFF_CONVERTER_H_ 17 | 18 | #include 19 | 20 | #include "gdal_sandbox.h" // NOLINT(build/include) 21 | #include "get_raster_data.h" // NOLINT(build/include) 22 | #include "sandboxed_api/transaction.h" 23 | 24 | namespace gdal::sandbox { 25 | 26 | class RasterToGTiffProcessor : public sapi::Transaction { 27 | public: 28 | RasterToGTiffProcessor(std::string out_file_full_path, 29 | std::string proj_db_path, parser::RasterDataset data, 30 | int retry_count = 0); 31 | 32 | private: 33 | absl::Status Main() final; 34 | 35 | const std::string out_file_full_path_; 36 | parser::RasterDataset data_; 37 | }; 38 | 39 | } // namespace gdal::sandbox 40 | 41 | #endif // RASTER_TO_GTIFF_GTIFF_CONVERTER_H_ 42 | -------------------------------------------------------------------------------- /oss-internship-2020/gdal/raster_to_gtiff/testdata/SP27GTIF.tif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/gdal/raster_to_gtiff/testdata/SP27GTIF.tif -------------------------------------------------------------------------------- /oss-internship-2020/gdal/raster_to_gtiff/testdata/cea.tif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/gdal/raster_to_gtiff/testdata/cea.tif -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/.bazelrc: -------------------------------------------------------------------------------- 1 | # Build in C++17 mode without a custom CROSSTOOL 2 | build --cxxopt=-std=c++17 3 | -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/external/butteraugli.BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | licenses(["notice"]) 16 | 17 | cc_library( 18 | name = "butteraugli", 19 | srcs = [ 20 | "butteraugli/butteraugli.cc", 21 | "butteraugli/butteraugli.h", 22 | ], 23 | hdrs = [ 24 | "butteraugli/butteraugli.h", 25 | ], 26 | copts = ["-Wno-sign-compare"], 27 | visibility = ["//visibility:public"], 28 | ) 29 | -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/external/guetzli.BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | licenses(["notice"]) 16 | 17 | cc_library( 18 | name = "guetzli_lib", 19 | srcs = glob( 20 | [ 21 | "guetzli/*.h", 22 | "guetzli/*.cc", 23 | "guetzli/*.inc", 24 | ], 25 | exclude = ["guetzli/guetzli.cc"], 26 | ), 27 | copts = [ "-Wno-sign-compare" ], 28 | visibility= [ "//visibility:public" ], 29 | deps = [ 30 | "@butteraugli//:butteraugli", 31 | ], 32 | ) 33 | -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/external/png.BUILD: -------------------------------------------------------------------------------- 1 | # Description: 2 | # libpng is the official PNG reference library. 3 | 4 | licenses(["notice"]) # BSD/MIT-like license 5 | 6 | cc_library( 7 | name = "png", 8 | srcs = [ 9 | "png.c", 10 | "pngerror.c", 11 | "pngget.c", 12 | "pngmem.c", 13 | "pngpread.c", 14 | "pngread.c", 15 | "pngrio.c", 16 | "pngrtran.c", 17 | "pngrutil.c", 18 | "pngset.c", 19 | "pngtrans.c", 20 | "pngwio.c", 21 | "pngwrite.c", 22 | "pngwtran.c", 23 | "pngwutil.c", 24 | ], 25 | hdrs = [ 26 | "png.h", 27 | "pngconf.h", 28 | ], 29 | includes = ["."], 30 | linkopts = ["-lm"], 31 | visibility = ["//visibility:public"], 32 | deps = ["@net_zlib//:zlib"], 33 | ) 34 | -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/guetzli_entry_points.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef GUETZLI_SANDBOXED_GUETZLI_ENTRY_POINTS_H_ 16 | #define GUETZLI_SANDBOXED_GUETZLI_ENTRY_POINTS_H_ 17 | 18 | #include "guetzli/processor.h" 19 | #include "sandboxed_api/lenval_core.h" 20 | #include "sandboxed_api/vars.h" 21 | 22 | struct ProcessingParams { 23 | int remote_fd = -1; 24 | int verbose = 0; 25 | int quality = 0; 26 | int memlimit_mb = 0; 27 | }; 28 | 29 | extern "C" bool ProcessJpeg(const ProcessingParams* processing_params, 30 | sapi::LenValStruct* output); 31 | extern "C" bool ProcessRgb(const ProcessingParams* processing_params, 32 | sapi::LenValStruct* output); 33 | extern "C" bool WriteDataToFd(int fd, sapi::LenValStruct* data); 34 | 35 | #endif // GUETZLI_SANDBOXED_GUETZLI_ENTRY_POINTS_H_ 36 | -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/guetzli_sandbox.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef GUETZLI_SANDBOXED_GUETZLI_SANDBOX_H_ 16 | #define GUETZLI_SANDBOXED_GUETZLI_SANDBOX_H_ 17 | 18 | #include 19 | 20 | #include "guetzli_sapi.sapi.h" // NOLINT(build/include) 21 | 22 | namespace guetzli::sandbox { 23 | 24 | class GuetzliSapiSandbox : public GuetzliSandbox { 25 | public: 26 | std::unique_ptr ModifyPolicy( 27 | sandbox2::PolicyBuilder*) override { 28 | return sandbox2::PolicyBuilder() 29 | .AllowStaticStartup() 30 | .AllowRead() 31 | .AllowSystemMalloc() 32 | .AllowWrite() 33 | .AllowExit() 34 | .AllowStat() 35 | .AllowSyscalls({ 36 | __NR_futex, __NR_close, 37 | __NR_recvmsg // To work with remote fd 38 | }) 39 | .BuildOrDie(); 40 | } 41 | }; 42 | 43 | } // namespace guetzli::sandbox 44 | 45 | #endif // GUETZLI_SANDBOXED_GUETZLI_SANDBOX_H_ 46 | -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/testdata/bees.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/guetzli/testdata/bees.png -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/testdata/bees_reference.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/guetzli/testdata/bees_reference.jpg -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/testdata/nature.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/guetzli/testdata/nature.jpg -------------------------------------------------------------------------------- /oss-internship-2020/guetzli/testdata/nature_reference.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/guetzli/testdata/nature_reference.jpg -------------------------------------------------------------------------------- /oss-internship-2020/libarchive/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | .cache 3 | .vscode 4 | -------------------------------------------------------------------------------- /oss-internship-2020/libarchive/examples/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_library(sapi_minitar_lib STATIC 16 | sapi_minitar.cc 17 | sapi_minitar.h 18 | sandbox.h 19 | ) 20 | 21 | target_link_libraries(sapi_minitar_lib PUBLIC 22 | absl::log 23 | libarchive_sapi 24 | sandbox2::executor 25 | sapi::fileops 26 | sapi::file_base 27 | sandbox2::util 28 | sapi::temp_file 29 | sapi::sapi 30 | ) 31 | 32 | target_include_directories(sapi_minitar_lib INTERFACE 33 | "${PROJECT_SOURCE_DIR}/examples" 34 | ) 35 | 36 | add_executable(sapi_minitar 37 | sapi_minitar_main.cc 38 | ) 39 | 40 | target_link_libraries(sapi_minitar PRIVATE 41 | sapi_minitar_lib 42 | ) 43 | 44 | -------------------------------------------------------------------------------- /oss-internship-2020/libarchive/functions_to_sandbox.txt: -------------------------------------------------------------------------------- 1 | archive_entry_free 2 | archive_entry_new 3 | archive_entry_pathname 4 | archive_entry_sourcepath 5 | archive_error_string 6 | archive_read_close 7 | archive_read_data_block 8 | archive_read_disk_descend 9 | archive_read_disk_new 10 | archive_read_disk_open 11 | archive_read_disk_set_standard_lookup 12 | archive_read_free 13 | archive_read_new 14 | archive_read_next_header 15 | archive_read_next_header2 16 | archive_read_open_filename 17 | archive_read_support_filter_bzip2 18 | archive_read_support_filter_compress 19 | archive_read_support_filter_gzip 20 | archive_read_support_format_cpio 21 | archive_read_support_format_tar 22 | archive_write_add_filter_bzip2 23 | archive_write_add_filter_compress 24 | archive_write_add_filter_gzip 25 | archive_write_add_filter_none 26 | archive_write_close 27 | archive_write_data 28 | archive_write_data_block 29 | archive_write_disk_new 30 | archive_write_disk_set_options 31 | archive_write_disk_set_standard_lookup 32 | archive_write_free 33 | archive_write_header 34 | archive_write_new 35 | archive_write_open_filename 36 | archive_write_set_format_ustar 37 | archive_entry_set_pathname 38 | -------------------------------------------------------------------------------- /oss-internship-2020/libarchive/patches/archive_virtual.patch: -------------------------------------------------------------------------------- 1 | --- archive_virtual.c 2020-09-11 16:39:07.158014139 +0000 2 | +++ archive_virtual2.c 2020-09-11 16:39:50.842107856 +0000 3 | @@ -124,13 +124,13 @@ 4 | return ((a->vtable->archive_write_finish_entry)(a)); 5 | } 6 | 7 | -la_ssize_t 8 | +int 9 | archive_write_data(struct archive *a, const void *buff, size_t s) 10 | { 11 | return ((a->vtable->archive_write_data)(a, buff, s)); 12 | } 13 | 14 | -la_ssize_t 15 | +int 16 | archive_write_data_block(struct archive *a, const void *buff, size_t s, 17 | la_int64_t o) 18 | { 19 | -------------------------------------------------------------------------------- /oss-internship-2020/libarchive/patches/header.patch: -------------------------------------------------------------------------------- 1 | --- archive.h 2020-09-11 14:23:21.758842500 +0000 2 | +++ archive2.h 2020-09-11 14:20:27.310494460 +0000 3 | @@ -840,11 +840,11 @@ 4 | */ 5 | __LA_DECL int archive_write_header(struct archive *, 6 | struct archive_entry *); 7 | -__LA_DECL la_ssize_t archive_write_data(struct archive *, 8 | +__LA_DECL int archive_write_data(struct archive *, 9 | const void *, size_t); 10 | 11 | /* This interface is currently only available for archive_write_disk handles. */ 12 | -__LA_DECL la_ssize_t archive_write_data_block(struct archive *, 13 | +__LA_DECL int archive_write_data_block(struct archive *, 14 | const void *, size_t, la_int64_t); 15 | 16 | __LA_DECL int archive_write_finish_entry(struct archive *); 17 | -------------------------------------------------------------------------------- /oss-internship-2020/libarchive/test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | enable_testing() 17 | 18 | add_executable(sapi_minitar_test 19 | minitar_test.cc 20 | ) 21 | 22 | target_link_libraries(sapi_minitar_test PRIVATE 23 | sapi_minitar_lib 24 | gtest 25 | sapi::test_main 26 | ) 27 | 28 | gtest_discover_tests(sapi_minitar_test) 29 | 30 | -------------------------------------------------------------------------------- /oss-internship-2020/libpng/README.md: -------------------------------------------------------------------------------- 1 | # sandboxed LibPNG 2 | Copyright 2020 Google LLC. 3 | 4 | ## Start use 5 | You should make sure the libtiff submodule is cloned. 6 | 7 | `git clone --recursive https://github.com/google/sandboxed-api` 8 | 9 | ## Usage 10 | 11 | #### Build: 12 | ``` 13 | mkdir -p build && cd build 14 | cmake .. -DSAPI_ROOT=/path/to/sapi_root 15 | make -j8 16 | ``` 17 | 18 | #### Example: 19 | You should add `-DLIBPNG_SAPI_BUILD_EXAMPLES=ON` to use the example.\ 20 | run PNG to PNG: 21 | ``` 22 | ./examples/pngtopng /absolute/path/to/input/image.png /absolute/path/to/output/image.png 23 | ``` 24 | run RGB to BGR: 25 | ``` 26 | ./examples/rgbtobgr /absolute/path/to/input/image.png /absolute/path/to/output/image.png 27 | ``` 28 | 29 | Examples of input and output can be found in `images`. 30 | 31 | PNG to PNG: \ 32 | input: `images/pngtest.png`\ 33 | output:` images/pngtopng_pngtest.png` 34 | 35 | RGB to BGR: \ 36 | input: `images/red_ball.png`\ 37 | output: `images/rgbtobgr_red_ball.png` 38 | 39 | 40 | #### Tests: 41 | You should add `-DLIBPNG_SAPI_BUILD_TESTING=ON` to use tests and do: 42 | ``` 43 | cd tests 44 | ctest . 45 | ``` 46 | -------------------------------------------------------------------------------- /oss-internship-2020/libpng/examples/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(pngtopng 16 | example1.cc 17 | ../tests/libpng.h 18 | ../sandboxed.h 19 | ) 20 | 21 | find_package(PNG REQUIRED) 22 | 23 | target_link_libraries(pngtopng PRIVATE 24 | sapi::sapi 25 | sapi::temp_file 26 | libpng_sapi 27 | "${PNG_LIBRARY}" 28 | ) 29 | 30 | target_include_directories(pngtopng INTERFACE 31 | "${PNG_INCLUDE_DIR}" 32 | ) 33 | 34 | 35 | add_executable(rgbtobgr 36 | example2.cc 37 | ../tests/libpng.h 38 | ../sandboxed.h 39 | ) 40 | 41 | target_link_libraries(rgbtobgr PRIVATE 42 | sapi::sapi 43 | sapi::temp_file 44 | libpng_sapi 45 | "${PNG_LIBRARY}" 46 | ) 47 | 48 | target_include_directories(rgbtobgr INTERFACE 49 | "${PNG_INCLUDE_DIR}" 50 | ) 51 | 52 | -------------------------------------------------------------------------------- /oss-internship-2020/libpng/images/pngtest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/libpng/images/pngtest.png -------------------------------------------------------------------------------- /oss-internship-2020/libpng/images/pngtopng_pngtest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/libpng/images/pngtopng_pngtest.png -------------------------------------------------------------------------------- /oss-internship-2020/libpng/images/red_ball.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/libpng/images/red_ball.png -------------------------------------------------------------------------------- /oss-internship-2020/libpng/images/rgbtobgr_red_ball.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/libpng/images/rgbtobgr_red_ball.png -------------------------------------------------------------------------------- /oss-internship-2020/libpng/images/test_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/oss-internship-2020/libpng/images/test_output.png -------------------------------------------------------------------------------- /oss-internship-2020/libpng/tests/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | enable_testing() 17 | 18 | add_executable(tests 19 | basic_test.cc 20 | extended_test.cc 21 | helper.h 22 | helper.cc 23 | libpng.h 24 | ) 25 | 26 | target_link_libraries(tests PRIVATE 27 | gmock 28 | gtest 29 | gtest_main 30 | libpng_sapi 31 | sapi::temp_file 32 | sapi::sapi 33 | ) 34 | 35 | gtest_discover_tests(tests PROPERTIES ENVIRONMENT "TEST_SRCDIR=${PROJECT_SOURCE_DIR}") 36 | -------------------------------------------------------------------------------- /oss-internship-2020/libpng/tests/helper.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "helper.h" // NOLINT(build/include) 16 | 17 | #include "../sandboxed.h" // NOLINT(build/include) 18 | #include "sandboxed_api/util/path.h" 19 | 20 | std::string GetSourcePath() { return getenv("TEST_SRCDIR"); } 21 | 22 | std::string GetFilePath(absl::string_view filename) { 23 | return sandbox2::file::JoinPath(GetSourcePath(), "images", filename); 24 | } 25 | -------------------------------------------------------------------------------- /oss-internship-2020/libpng/tests/helper.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef LIBPNG_TESTS_HELPER_H_ 16 | #define LIBPNG_TESTS_HELPER_H_ 17 | 18 | #include 19 | 20 | #include "absl/strings/str_view.h" 21 | 22 | std::string GetFilePath(absl::string_view filename); 23 | 24 | #endif // LIBPNG_TESTS_HELPER_H_ 25 | -------------------------------------------------------------------------------- /oss-internship-2020/libpng/wrapper/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_library(wrapper OBJECT 16 | func.h 17 | func.cc 18 | ) 19 | 20 | set_target_properties(wrapper 21 | PROPERTIES LINKER_LANGUAGE C 22 | ) 23 | 24 | target_link_libraries(wrapper 25 | PNG::PNG 26 | sapi::temp_file 27 | sapi::sapi 28 | ) 29 | -------------------------------------------------------------------------------- /oss-internship-2020/libuv/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | -------------------------------------------------------------------------------- /oss-internship-2020/libuv/callbacks/callbacks.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef CALLBACKS_H_ 16 | #define CALLBACKS_H_ 17 | 18 | #include 19 | 20 | extern "C" { 21 | 22 | // idle-basic 23 | void IdleCallback(uv_idle_t* handle); 24 | 25 | // uvcat 26 | uv_fs_t open_req; 27 | uv_fs_t read_req; 28 | uv_fs_t write_req; 29 | void OnWrite(uv_fs_t* req); 30 | void OnRead(uv_fs_t* req); 31 | void OnOpen(uv_fs_t* req); 32 | 33 | // test_callback 34 | void TimerCallback(uv_timer_t* handle); 35 | 36 | } // extern "C" 37 | 38 | #endif // CALLBACKS_H_ 39 | -------------------------------------------------------------------------------- /oss-internship-2020/libuv/examples/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | add_executable(helloworld 16 | helloworld.cc 17 | ) 18 | target_link_libraries(helloworld 19 | uv_a 20 | uv_sapi 21 | sapi::sapi 22 | ) 23 | 24 | add_executable(idle-basic 25 | idle-basic.cc 26 | ) 27 | target_link_libraries(idle-basic 28 | uv_a 29 | uv_sapi 30 | sapi::sapi 31 | ) 32 | 33 | add_executable(uvcat 34 | uvcat.cc 35 | ) 36 | target_link_libraries(uvcat 37 | uv_a 38 | uv_sapi 39 | sapi::sapi 40 | ) 41 | -------------------------------------------------------------------------------- /oss-internship-2020/libuv/examples/README.md: -------------------------------------------------------------------------------- 1 | # LibUV Sandbox Examples 2 | 3 | Each example in this folder is the sandboxed version of a code snippet from 4 | [LibUV's User Guide](https://docs.libuv.org/en/v1.x/guide.html). These examples 5 | perform some basic tasks using LibUV, and can be useful both to understand how 6 | to use LibUV Sandbox, but also to get an idea of how regular and sandboxed code 7 | compare to each other. 8 | 9 | This is the list of examples: 10 | 11 | - **helloworld.cc**: sandboxed version of 12 | [helloworld/main.c](https://docs.libuv.org/en/v1.x/guide/basics.html#hello-world). 13 | It simply starts a loop that exits immediately. It shows how to run a simple 14 | loop in LibUV Sandbox. 15 | - **idle-basic.cc**: sandboxed version of 16 | [idle-basic/main.c](https://docs.libuv.org/en/v1.x/guide/basics.html#handles-and-requests). 17 | Creates an idle watcher that stops the loop after a certain number of 18 | iterations. It shows how a simple callback can be used in LibUV Sandbox. 19 | - **uvcat.cc**: sandboxed version of 20 | [uvcat/main.c](http://docs.libuv.org/en/v1.x/guide/filesystem.html#reading-writing-files). 21 | Takes a single argument, the absolute path of a file, and prints its contents 22 | (it is a simplified version of the command line tootl `cat`). It shows how to 23 | manage various complex callbacks for opening, reading and writing files. 24 | -------------------------------------------------------------------------------- /oss-internship-2020/libuv/tests/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include(GoogleTest) 16 | 17 | add_executable(tests 18 | test_array.cc 19 | test_callback.cc 20 | test_error.cc 21 | test_loop.cc 22 | test_os.cc 23 | ) 24 | 25 | target_link_libraries(tests 26 | gmock 27 | gtest 28 | gtest_main 29 | uv_a 30 | uv_sapi 31 | sapi::sapi 32 | sandbox2::allowlists_namespaces 33 | ) 34 | 35 | gtest_discover_tests(tests) 36 | -------------------------------------------------------------------------------- /oss-internship-2020/openjpeg/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | -------------------------------------------------------------------------------- /oss-internship-2020/openjpeg/README.md: -------------------------------------------------------------------------------- 1 | # OpenJPEG Sandboxed API 2 | 3 | This library provides sandboxed version of the [OpenJPEG](https://github.com/uclouvain/openjpeg) library. 4 | 5 | ## Examples 6 | 7 | The examples are sandboxed and simplified version of the main tools provided by the OpenJPEG library, namely (for now) `opj_decompress` from [here](https://github.com/uclouvain/openjpeg/blob/master/src/bin/jp2/opj_decompress.c). 8 | 9 | In `decompress_example.cc` the library's sandboxed API is used to convert the _.jp2_ to _.pnm_ image format. 10 | 11 | ## Build 12 | 13 | To build this example, after cloning the whole Sandbox API project, you also need to run 14 | 15 | ``` 16 | git submodule update --init --recursive 17 | ``` 18 | anywhere in the project tree in order to clone the `openjpeg` submodule. 19 | Then in the `sandboxed-api/oss-internship-2020/openjpeg` run 20 | ``` 21 | mkdir build && cd build 22 | cmake -G Ninja 23 | ninja 24 | ``` 25 | To run `decompress_sandboxed`: 26 | ``` 27 | cd examples 28 | ./decompress_sandboxed absolute/path/to/the/file.jp2 absolute/path/to/the/file.pnm 29 | ``` 30 | -------------------------------------------------------------------------------- /sandboxed_api/bazel/build_defs.bzl: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """General build definitions useful for the whole project.""" 16 | 17 | _SAPI_LINUX_COPTS = [ 18 | "-Wno-deprecated-declarations", 19 | "-Wno-narrowing", 20 | "-Wno-sign-compare", 21 | "-Wunused-result", 22 | ] 23 | 24 | def sapi_platform_copts(copts = []): 25 | """Returns the default compiler options for the current platform. 26 | 27 | Args: 28 | copts: additional compiler options to include. 29 | """ 30 | 31 | # Linux only for now. 32 | return _SAPI_LINUX_COPTS + copts 33 | -------------------------------------------------------------------------------- /sandboxed_api/config.cc: -------------------------------------------------------------------------------- 1 | #include "sandboxed_api/config.h" 2 | 3 | #include 4 | 5 | namespace sapi { 6 | 7 | bool IsCoverageRun() { 8 | return getenv("COVERAGE") != nullptr; 9 | } 10 | 11 | } // namespace sapi 12 | -------------------------------------------------------------------------------- /sandboxed_api/docs/getting-started.md: -------------------------------------------------------------------------------- 1 | # Getting started with SAPI 2 | 3 | Detailed developer documentation is available on the Google Developers site for 4 | [Sandboxed API](https://developers.google.com/code-sandboxing/sandboxed-api). 5 | 6 | Visit the 7 | [Getting Started](https://developers.google.com/code-sandboxing/sandboxed-api/getting-started) 8 | guide. 9 | 10 | -------------------------------------------------------------------------------- /sandboxed_api/docs/images/sapi-lockup-vertical.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/sandboxed_api/docs/images/sapi-lockup-vertical.png -------------------------------------------------------------------------------- /sandboxed_api/examples/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | if((SAPI_BUILD_EXAMPLES OR SAPI_BUILD_TESTING) AND NOT CMAKE_CROSSCOMPILING) 16 | # TODO(cblichmann): These are depended on by sapi::sapi_test 17 | add_subdirectory(stringop) 18 | add_subdirectory(sum) 19 | endif() 20 | 21 | if(SAPI_BUILD_EXAMPLES AND SAPI_DOWNLOAD_ZLIB) 22 | add_subdirectory(zlib) 23 | endif() 24 | -------------------------------------------------------------------------------- /sandboxed_api/examples/hello_sapi/.bazelrc: -------------------------------------------------------------------------------- 1 | # Migration to Bzlmod is not ready yet 2 | common --noenable_bzlmod 3 | 4 | # Build in C++17 mode without a custom CROSSTOOL 5 | build --cxxopt=-std=c++17 --host_cxxopt=-std=c++17 6 | -------------------------------------------------------------------------------- /sandboxed_api/examples/hello_sapi/hello_lib.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Adds two integer values and returns the result, serving as an example 16 | // function that will be sandboxed. 17 | extern "C" int AddTwoIntegers(int a, int b) { return a + b; } 18 | -------------------------------------------------------------------------------- /sandboxed_api/examples/hello_sapi/hello_main.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A minimal "hello world" style example of how to use Sandboxed API. This 16 | // example does not include any error handling and will simply abort if 17 | // something goes wrong. 18 | // As the library function that is being called into is pure computation (i.e. 19 | // does not issue any syscalls), the restricted default sandbox policy is being 20 | // used. 21 | 22 | #include 23 | #include 24 | 25 | // Generated header 26 | #include "sandboxed_api/examples/hello_sapi/hello_sapi.sapi.h" 27 | 28 | int main() { 29 | std::cout << "Calling into a sandboxee to add two numbers...\n"; 30 | 31 | HelloSandbox sandbox; 32 | sandbox.Init().IgnoreError(); 33 | 34 | HelloApi api(&sandbox); 35 | std::cout << " 1000 + 337 = " << api.AddTwoIntegers(1000, 337).value() 36 | << "\n"; 37 | 38 | return EXIT_SUCCESS; 39 | } 40 | -------------------------------------------------------------------------------- /sandboxed_api/examples/stringop/stringop_params.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package stringop; 18 | 19 | message StringReverse { 20 | oneof payload { 21 | string input = 1; 22 | string output = 2; 23 | } 24 | } 25 | 26 | message StringDuplication { 27 | oneof payload { 28 | string input = 1; 29 | string output = 2; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /sandboxed_api/examples/sum/main_sum_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Unit test for main_sum example. 18 | 19 | [[ -n "$COVERAGE" ]] && exit 0 20 | 21 | BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/examples/sum/main_sum 22 | 23 | "$BIN" || die 'FAILED: it should have exited with 0' 24 | 25 | echo 'PASS' 26 | 27 | -------------------------------------------------------------------------------- /sandboxed_api/examples/sum/sum_cpp.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "absl/log/log.h" 16 | #include "sandboxed_api/examples/sum/sum_params.pb.h" 17 | 18 | extern "C" int sumproto(const sumsapi::SumParamsProto* params) { 19 | LOG(INFO) << "Param is " << *params; 20 | return params->a() + params->b() + params->c(); 21 | } 22 | -------------------------------------------------------------------------------- /sandboxed_api/examples/sum/sum_params.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package sumsapi; 18 | 19 | message SumParamsProto { 20 | optional int32 a = 1; 21 | optional int32 b = 2; 22 | optional int32 c = 3; 23 | } 24 | -------------------------------------------------------------------------------- /sandboxed_api/examples/zlib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # sandboxed_api/examples/zlib:zlib-sapi 16 | add_sapi_library(zlib-sapi 17 | FUNCTIONS deflateInit_ 18 | deflate 19 | deflateEnd 20 | INPUTS "${ZLIB_INCLUDE_DIRS}/zlib.h" 21 | LIBRARY ZLIB::ZLIB 22 | LIBRARY_NAME Zlib 23 | NAMESPACE "sapi::zlib" 24 | ) 25 | add_library(sapi::zlib_sapi ALIAS zlib-sapi) 26 | target_link_libraries(zlib-sapi PRIVATE 27 | ZLIB::ZLIB 28 | ) 29 | 30 | # sandboxed_api/examples/zlib:main_zlib 31 | add_executable(sapi_main_zlib 32 | main_zlib.cc 33 | ) 34 | set_target_properties(sapi_main_zlib PROPERTIES OUTPUT_NAME main_zlib) 35 | target_link_libraries(sapi_main_zlib PRIVATE 36 | sapi::base 37 | absl::flags_parse 38 | absl::log 39 | absl::log_initialize 40 | absl::log_severity 41 | absl::status 42 | absl::statusor 43 | sapi::sapi 44 | sapi::status 45 | sapi::zlib_sapi 46 | ) 47 | -------------------------------------------------------------------------------- /sandboxed_api/examples/zlib/main_zlib_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Unit test for main_zlib example. 18 | 19 | die() { 20 | echo "$1" 1>&2 21 | exit 1 22 | } 23 | 24 | [[ -n "$COVERAGE" ]] && exit 0 25 | 26 | BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/examples/zlib/main_zlib 27 | TESTDATA="$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/examples/zlib/testdata" 28 | 29 | echo "aaaa" | "$BIN" || die 'FAILED: it should have exited with 0' 30 | 31 | echo "This is a test string" | "$BIN" | \ 32 | sha256sum --status -c \ 33 | <(echo 'fce569e9578b5aa56d9543866fea0beaed83c4959c898dbe4c31a543cd3ffe2b -') || \ 34 | die 'FAILED: it should match the golden SHA256' 35 | 36 | echo 'PASS' 37 | -------------------------------------------------------------------------------- /sandboxed_api/file_toc.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // This file defines the structure of the table-of-contents elements 16 | // produced by sapi_cc_embed_data rules. 17 | // Its canonical definition is here, but a copy of it appears in each file 18 | // generated by //sandboxed_api/bazel:filewrapper. 19 | 20 | #ifndef SANDBOXED_API_FILE_TOC_H_ 21 | #define SANDBOXED_API_FILE_TOC_H_ 22 | 23 | #include 24 | 25 | #include 26 | 27 | struct FileToc { 28 | const char* name; 29 | const char* data; 30 | size_t size; 31 | unsigned char md5digest[16]; // Not used, kept for compatibility 32 | }; 33 | 34 | #endif // SANDBOXED_API_FILE_TOC_H_ 35 | -------------------------------------------------------------------------------- /sandboxed_api/lenval_core.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Contains the inner structure used by var_lenval. It will be allocated in the 16 | // sandboxee's memory and is used for sharing buffers with varying sizes. 17 | #ifndef SANDBOXED_API_LENVAL_CORE_H_ 18 | #define SANDBOXED_API_LENVAL_CORE_H_ 19 | 20 | #include 21 | 22 | namespace sapi { 23 | 24 | struct LenValStruct { 25 | LenValStruct(uint64_t size, void* data) : size(size), data(data) {} 26 | 27 | LenValStruct() : LenValStruct(0, nullptr) {} 28 | 29 | uint64_t size; 30 | void* data; 31 | }; 32 | 33 | } // namespace sapi 34 | 35 | #endif // SANDBOXED_API_LENVAL_CORE_H_ 36 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/README.md: -------------------------------------------------------------------------------- 1 | # Sandbox2 2 | 3 | Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted 4 | programs or portions of programs in confined environments. The idea is that the 5 | runtime environment is so restricted that security bugs such as buffer overflows 6 | in the protected region cause no harm. 7 | 8 | ## Documentation 9 | 10 | Detailed developer documentation is available on the Google Developers site for Sandboxed API under 11 | [Sandbox2](https://developers.google.com/code-sandboxing/sandbox2). 12 | 13 | There is also a 14 | [Getting Started](https://developers.google.com/code-sandboxing/sandbox2/getting-started) 15 | guide for Sandbox2. 16 | 17 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allow_all_syscalls.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOW_ALL_SYSCALLS_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOW_ALL_SYSCALLS_H_ 17 | 18 | #include "sandboxed_api/sandbox2/allowlists/all_syscalls.h" // IWYU pragma: export 19 | 20 | #endif // SANDBOXED_API_SANDBOX2_ALLOW_ALL_SYSCALLS_H_ 21 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allow_map_exec.h: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOW_MAP_EXEC_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOW_MAP_EXEC_H_ 17 | 18 | #include "sandboxed_api/sandbox2/allowlists/map_exec.h" // IWYU pragma: export 19 | 20 | #endif // SANDBOXED_API_SANDBOX2_ALLOW_MAP_EXEC_H_ 21 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allow_seccomp_speculation.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOW_SECCOMP_SPECULATION_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOW_SECCOMP_SPECULATION_H_ 17 | 18 | #include "sandboxed_api/sandbox2/allowlists/seccomp_speculation.h" // IWYU pragma: export 19 | 20 | #endif // SANDBOXED_API_SANDBOX2_ALLOW_SECCOMP_SPECULATION_H_ 21 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allow_unrestricted_networking.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOW_UNRESTRICTED_NETWORKING_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOW_UNRESTRICTED_NETWORKING_H_ 17 | 18 | #include "sandboxed_api/sandbox2/allowlists/unrestricted_networking.h" // IWYU pragma: export 19 | 20 | #endif // SANDBOXED_API_SANDBOX2_ALLOW_UNRESTRICTED_NETWORKING_H_ 21 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allowlists/all_syscalls.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOWLISTS_ALL_SYSCALLS_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOWLISTS_ALL_SYSCALLS_H_ 17 | 18 | namespace sandbox2 { 19 | 20 | class AllowAllSyscalls { 21 | public: 22 | explicit AllowAllSyscalls() = default; 23 | }; 24 | 25 | } // namespace sandbox2 26 | 27 | #endif // SANDBOXED_API_SANDBOX2_ALLOWLISTS_ALL_SYSCALLS_H_ 28 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allowlists/map_exec.h: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOWLISTS_MAP_EXEC_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOWLISTS_MAP_EXEC_H_ 17 | 18 | namespace sandbox2 { 19 | 20 | class MapExec { 21 | public: 22 | explicit MapExec() = default; 23 | }; 24 | 25 | } // namespace sandbox2 26 | 27 | #endif // SANDBOXED_API_SANDBOX2_ALLOWLISTS_MAP_EXEC_H_ 28 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allowlists/namespaces.h: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOWLISTS_NAMESPACES_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOWLISTS_NAMESPACES_H_ 17 | 18 | namespace sandbox2 { 19 | 20 | class NamespacesToken { 21 | public: 22 | explicit NamespacesToken() = default; 23 | }; 24 | 25 | } // namespace sandbox2 26 | 27 | #endif // SANDBOXED_API_SANDBOX2_ALLOWLISTS_NAMESPACES_H_ 28 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allowlists/seccomp_speculation.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOWLISTS_SECCOMP_SPECULATION_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOWLISTS_SECCOMP_SPECULATION_H_ 17 | 18 | namespace sandbox2 { 19 | 20 | class SeccompSpeculation { 21 | public: 22 | explicit SeccompSpeculation() = default; 23 | }; 24 | 25 | } // namespace sandbox2 26 | 27 | #endif // SANDBOXED_API_SANDBOX2_ALLOWLISTS_SECCOMP_SPECULATION_H_ 28 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allowlists/trace_all_syscalls.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOWLISTS_TRACE_ALL_SYSCALLS_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOWLISTS_TRACE_ALL_SYSCALLS_H_ 17 | 18 | namespace sandbox2 { 19 | 20 | class TraceAllSyscalls { 21 | public: 22 | explicit TraceAllSyscalls() = default; 23 | }; 24 | 25 | } // namespace sandbox2 26 | 27 | #endif // SANDBOXED_API_SANDBOX2_ALLOWLISTS_ALLOW_ALL_SYSCALLS_H_ 28 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/allowlists/unrestricted_networking.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_ALLOWLISTS_UNRESTRICTED_NETWORKING_H_ 16 | #define SANDBOXED_API_SANDBOX2_ALLOWLISTS_UNRESTRICTED_NETWORKING_H_ 17 | 18 | namespace sandbox2 { 19 | 20 | class UnrestrictedNetworking { 21 | public: 22 | explicit UnrestrictedNetworking() = default; 23 | }; 24 | 25 | } // namespace sandbox2 26 | 27 | #endif // SANDBOXED_API_SANDBOX2_ALLOWLISTS_UNRESTRICTED_NETWORKING_H_ 28 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/bpf_evaluator.h: -------------------------------------------------------------------------------- 1 | #ifndef SANDBOXED_API_SANDBOX2_BPF_EVALUATOR_H_ 2 | #define SANDBOXED_API_SANDBOX2_BPF_EVALUATOR_H_ 3 | 4 | #include 5 | #include 6 | 7 | #include 8 | 9 | #include "absl/status/statusor.h" 10 | #include "absl/types/span.h" 11 | 12 | namespace sandbox2::bpf { 13 | 14 | // Evaluates a BPF program against a given seccomp_data. 15 | // 16 | // Returns the return value of the BPF program. 17 | absl::StatusOr Evaluate(absl::Span prog, 18 | const struct seccomp_data& data); 19 | 20 | } // namespace sandbox2::bpf 21 | 22 | #endif // SANDBOXED_API_SANDBOX2_BPF_EVALUATOR_H_ 23 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/bpfdisassembler.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_BPFDISASSEMBLER_H_ 16 | #define SANDBOXED_API_SANDBOX2_BPFDISASSEMBLER_H_ 17 | 18 | #include 19 | 20 | #include "absl/types/span.h" 21 | 22 | struct sock_filter; 23 | 24 | namespace sandbox2 { 25 | namespace bpf { 26 | 27 | // Decodes a BPF instruction into textual representation. 28 | std::string DecodeInstruction(const sock_filter& inst, int pc); 29 | 30 | // Disassembles a BPF program. 31 | // Returns a human-readable textual represenation. 32 | std::string Disasm(absl::Span prog); 33 | 34 | } // namespace bpf 35 | } // namespace sandbox2 36 | 37 | #endif // SANDBOXED_API_SANDBOX2_BPFDISASSEMBLER_H_ 38 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/comms_test.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A proto for comms_test 16 | 17 | syntax = "proto3"; 18 | package sandbox2; 19 | 20 | message CommsTestMsg { 21 | repeated string value = 1; 22 | }; 23 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/examples/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | if(SAPI_BUILD_EXAMPLES) 16 | add_subdirectory(crc4) 17 | add_subdirectory(custom_fork) 18 | add_subdirectory(network) 19 | add_subdirectory(network_proxy) 20 | add_subdirectory(static) 21 | add_subdirectory(tool) 22 | add_subdirectory(zlib) 23 | endif() 24 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Unit test for the custom_fork_sandbox example. 18 | 19 | die() { 20 | echo "$1" 1>&2 21 | exit 1 22 | } 23 | 24 | [[ -n "$COVERAGE" ]] && exit 0 25 | 26 | BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox 27 | 28 | "$BIN" || die 'FAILED: it should have exited with 0' 29 | 30 | echo 'PASS' 31 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/examples/network/network_sandbox_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | die() { 18 | echo "$1" 1>&2 19 | exit 1 20 | } 21 | 22 | [[ -n "$COVERAGE" ]] && exit 0 23 | 24 | # Find input files 25 | BINDIR=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2 26 | EXE=$BINDIR/examples/network/network_sandbox 27 | 28 | # test it 29 | ls "${EXE}" || exit 2 30 | 31 | "${EXE}" || die 'FAILED: it should have exited with 0' 32 | 33 | exit 0 34 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | die() { 18 | echo "$1" 1>&2 19 | exit 1 20 | } 21 | 22 | [[ -n "$COVERAGE" ]] && exit 0 23 | 24 | # Find input files 25 | BINDIR=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2 26 | EXE=$BINDIR/examples/network_proxy/networkproxy_sandbox 27 | 28 | # test it 29 | ls "${EXE}" || exit 2 30 | 31 | "${EXE}" --connect_with_handler || die 'TEST1 FAILED: it should have exited with 0' 32 | "${EXE}" --noconnect_with_handler || \ 33 | die 'TEST2 FAILED: it should have exited with 0' 34 | 35 | exit 0 36 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/examples/static/static_sandbox_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Unit test for static_sandbox example. 18 | 19 | die() { 20 | echo "$1" 1>&2 21 | exit 1 22 | } 23 | 24 | [[ -n "$COVERAGE" ]] && exit 0 25 | 26 | BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2/examples/static/static_sandbox 27 | 28 | "$BIN" || die 'FAILED: it should have exited with 0' 29 | 30 | echo 'PASS' 31 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/examples/tool/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # sandboxed_api/sandbox2/examples/tools:sandbox2tool 16 | add_executable(sandbox2_sandbox2tool 17 | sandbox2tool.cc 18 | ) 19 | set_target_properties(sandbox2_sandbox2tool PROPERTIES OUTPUT_NAME sandbox2tool) 20 | add_executable(sandbox2::sandbox2tool ALIAS sandbox2_sandbox2tool) 21 | target_link_libraries(sandbox2_sandbox2tool PRIVATE 22 | absl::check 23 | absl::flags 24 | absl::flags_parse 25 | absl::flags_usage 26 | absl::log 27 | absl::log_globals 28 | absl::log_initialize 29 | absl::log_severity 30 | absl::strings 31 | absl::time 32 | sandbox2::allowlists_all_syscalls 33 | sandbox2::allowlists_unrestricted_networking 34 | sandbox2::bpf_helper 35 | sandbox2::sandbox2 36 | sandbox2::util 37 | sapi::base 38 | ) 39 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/global_forkclient_lib_ctor.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | 17 | #include "absl/base/attributes.h" 18 | #include "sandboxed_api/sandbox2/fork_client.h" 19 | #include "sandboxed_api/sandbox2/global_forkclient.h" 20 | 21 | namespace sandbox2 { 22 | void StartGlobalForkserverFromLibCtor() { 23 | if (!getenv(sandbox2::kForkServerDisableEnv)) { 24 | GlobalForkClient::ForceStart(); 25 | } 26 | } 27 | } // namespace sandbox2 28 | 29 | // Run the ForkServer from the constructor, when no other threads are present. 30 | // Because it's possible to start thread-inducing initializers before 31 | // RunInitializers() (base/googleinit.h) it's not enough to just register 32 | // a 0000_ initializer instead. 33 | ABSL_ATTRIBUTE_UNUSED 34 | __attribute__((constructor)) static void StartSandbox2Forkserver() { 35 | sandbox2::StartGlobalForkserverFromLibCtor(); 36 | } 37 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/logserver.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_LOGSERVER_H_ 16 | #define SANDBOXED_API_SANDBOX2_LOGSERVER_H_ 17 | 18 | #include "sandboxed_api/sandbox2/comms.h" 19 | 20 | namespace sandbox2 { 21 | 22 | // The LogServer waits for messages from the sandboxee on a given file 23 | // descriptor and logs them using the standard logging facilities. 24 | class LogServer { 25 | public: 26 | explicit LogServer(int fd); 27 | 28 | LogServer(const LogServer&) = delete; 29 | LogServer& operator=(const LogServer&) = delete; 30 | 31 | // Starts handling incoming log messages. 32 | void Run(); 33 | 34 | private: 35 | Comms comms_; 36 | }; 37 | 38 | } // namespace sandbox2 39 | 40 | #endif // SANDBOXED_API_SANDBOX2_LOGSERVER_H_ 41 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/logserver.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package sandbox2; 18 | 19 | message LogMessage { 20 | optional int32 severity = 1; 21 | optional string path = 2; 22 | optional int32 line = 3; 23 | optional bytes message = 4; 24 | optional int32 pid = 5; 25 | } 26 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/abort.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A binary that immediately raises SIGABRT. 16 | // It is used to check raising of a signal and its handling. 17 | 18 | #include 19 | 20 | #include "sandboxed_api/util/raw_logging.h" 21 | 22 | int main(int argc, char* argv[]) { 23 | SAPI_RAW_LOG(ERROR, "Raising SIGABRT"); 24 | abort(); 25 | return EXIT_SUCCESS; // Not reached 26 | } 27 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/add_policy_on_syscalls.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A binary that tests a lot of syscalls, to test the AddPolicyOnSyscall 16 | // functionality. 17 | 18 | #include 19 | #include 20 | 21 | #include 22 | 23 | int main() { 24 | unsigned int r, e, s; 25 | char buf[1]; 26 | // 1000 is the UID/GID we use inside the namespaces. 27 | if (getuid() != 1000) return 1; 28 | if (getgid() != 1000) return 2; 29 | if (geteuid() != 1000) return 3; 30 | if (getegid() != 1000) return 4; 31 | if (getresuid(&r, &e, &s) != -1 || errno != 42) return 5; 32 | if (getresgid(&r, &e, &s) != -1 || errno != 42) return 6; 33 | if (write(1, buf, 1) != -1 || errno != 43) return 8; 34 | 35 | // Trigger a violation. 36 | umask(0); 37 | return 0; 38 | } 39 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/buffer.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A binary that uses a buffer from its executor. 16 | 17 | #include "sandboxed_api/sandbox2/buffer.h" 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | int main(int argc, char* argv[]) { 24 | auto buffer_or = 25 | sandbox2::Buffer::CreateFromFd(sapi::file_util::fileops::FDCloser(3)); 26 | if (!buffer_or.ok()) { 27 | return EXIT_FAILURE; 28 | } 29 | auto buffer = std::move(buffer_or).value(); 30 | uint8_t* buf = buffer->data(); 31 | // Test that we can read data from the executor. 32 | if (buf[0] != 'A') { 33 | return EXIT_FAILURE; 34 | } 35 | // Test that we can write data to the executor. 36 | buf[buffer->size() - 1] = 'B'; 37 | return EXIT_SUCCESS; 38 | } 39 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/close_fds.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include 5 | 6 | #include "absl/container/flat_hash_set.h" 7 | #include "absl/log/check.h" 8 | #include "absl/status/status.h" 9 | #include "absl/strings/numbers.h" 10 | #include "sandboxed_api/sandbox2/sanitizer.h" 11 | 12 | bool IsFdOpen(int fd) { 13 | int ret = fcntl(fd, F_GETFD); 14 | if (ret == -1) { 15 | CHECK(errno == EBADF); 16 | return false; 17 | } 18 | return true; 19 | } 20 | 21 | int main(int argc, char* argv[]) { 22 | absl::flat_hash_set exceptions; 23 | for (int i = 0; i < argc; ++i) { 24 | int fd; 25 | CHECK(absl::SimpleAtoi(argv[i], &fd)); 26 | exceptions.insert(fd); 27 | } 28 | CHECK(sandbox2::sanitizer::CloseAllFDsExcept(exceptions).ok()); 29 | for (int i = 0; i < INR_OPEN_MAX; i++) { 30 | CHECK_EQ(IsFdOpen(i), exceptions.find(i) != exceptions.end()); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/custom_fork.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "sandboxed_api/sandbox2/comms.h" 16 | #include "sandboxed_api/sandbox2/forkingclient.h" 17 | #include "sandboxed_api/util/raw_logging.h" 18 | 19 | int main(int argc, char* argv[]) { 20 | sandbox2::Comms comms(sandbox2::Comms::kDefaultConnection); 21 | sandbox2::ForkingClient s2client(&comms); 22 | 23 | for (;;) { 24 | pid_t pid = s2client.WaitAndFork(); 25 | if (pid == -1) { 26 | SAPI_RAW_LOG(FATAL, "Could not spawn a new sandboxee"); 27 | } 28 | if (pid == 0) { 29 | // Start sandboxing here 30 | s2client.SandboxMeHere(); 31 | return 0; 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/execveat.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | #include 17 | 18 | #include 19 | #include 20 | #include 21 | 22 | #include "sandboxed_api/sandbox2/client.h" 23 | #include "sandboxed_api/sandbox2/comms.h" 24 | #include "sandboxed_api/sandbox2/util.h" 25 | 26 | int main(int argc, char** argv) { 27 | int testno = atoi(argv[1]); // NOLINT 28 | if (testno == 1) { 29 | sandbox2::Comms comms(sandbox2::Comms::kSandbox2ClientCommsFD); 30 | sandbox2::Client client(&comms); 31 | client.SandboxMeHere(); 32 | } 33 | int result = 34 | sandbox2::util::Syscall(__NR_execveat, AT_EMPTY_PATH, 0, 0, 0, 0); 35 | if (result != -1 || errno != EPERM) { 36 | printf("System call should have been blocked\n"); 37 | return EXIT_FAILURE; 38 | } 39 | return EXIT_SUCCESS; 40 | } 41 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/minimal.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A binary doing nothing and returning 0 or 1. 16 | // It is used to find the minimal syscall policy to allow. 17 | 18 | int main(int argc, char* argv[]) { 19 | if (argc <= 1) { 20 | return 0; 21 | } 22 | return 1; 23 | } 24 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/personality.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A binary that calls the unusual personality syscall with arguments. 16 | // It is to test seccomp trace, notify API and checking of arguments. 17 | 18 | #include 19 | #include 20 | 21 | #include 22 | 23 | int main(int argc, char* argv[]) { 24 | syscall(__NR_personality, uintptr_t{1}, uintptr_t{2}, uintptr_t{3}, 25 | uintptr_t{4}, uintptr_t{5}, uintptr_t{6}); 26 | return 22; 27 | } 28 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/pidcomms.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A binary that communicates with comms before being sandboxed. 16 | 17 | #include "sandboxed_api/sandbox2/client.h" 18 | #include "sandboxed_api/sandbox2/comms.h" 19 | #include "sandboxed_api/util/raw_logging.h" 20 | 21 | int main(int argc, char* argv[]) { 22 | sandbox2::Comms comms(sandbox2::Comms::kDefaultConnection); 23 | 24 | // Exchange data with sandbox sandbox (parent) before sandboxing is enabled. 25 | SAPI_RAW_CHECK(comms.SendBool(true), "Sending data to the executor"); 26 | 27 | sandbox2::Client client(&comms); 28 | client.SandboxMeHere(); 29 | 30 | return 33; 31 | } 32 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/sleep.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | 17 | int main(int argc, char* argv[]) { 18 | sleep(10); 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/symbolize_lib.cc: -------------------------------------------------------------------------------- 1 | #include "sandboxed_api/sandbox2/testcases/symbolize_lib.h" 2 | 3 | #include "absl/base/attributes.h" 4 | 5 | ABSL_ATTRIBUTE_NOINLINE 6 | ABSL_ATTRIBUTE_NO_TAIL_CALL 7 | void LibRecurseA(void (*cb)(int), int data, int n); 8 | 9 | ABSL_ATTRIBUTE_NOINLINE 10 | ABSL_ATTRIBUTE_NO_TAIL_CALL 11 | void LibCallCallback(void (*cb)(int), int data) { cb(data); } 12 | 13 | ABSL_ATTRIBUTE_NOINLINE 14 | ABSL_ATTRIBUTE_NO_TAIL_CALL 15 | void LibRecurseB(void (*cb)(int), int data, int n) { 16 | if (n > 1) { 17 | return LibRecurseA(cb, data, n - 1); 18 | } 19 | return LibCallCallback(cb, data); 20 | } 21 | 22 | void LibRecurseA(void (*cb)(int), int data, int n) { 23 | if (n > 1) { 24 | return LibRecurseB(cb, data, n - 1); 25 | } 26 | return LibCallCallback(cb, data); 27 | } 28 | 29 | void LibRecurse(void (*cb)(int), int data, int n) { LibRecurseA(cb, data, n); } 30 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/symbolize_lib.h: -------------------------------------------------------------------------------- 1 | #ifndef SANDBOXED_API_SANDBOX2_TESTCASES_SYMBOLIZE_LIB_H_ 2 | #define SANDBOXED_API_SANDBOX2_TESTCASES_SYMBOLIZE_LIB_H_ 3 | 4 | #include "absl/base/attributes.h" 5 | 6 | ABSL_ATTRIBUTE_NOINLINE 7 | ABSL_ATTRIBUTE_NO_TAIL_CALL 8 | void LibRecurse(void (*cb)(int), int data, int n); 9 | 10 | #endif // SANDBOXED_API_SANDBOX2_TESTCASES_SYMBOLIZE_LIB_H_ 11 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testcases/util_communicate.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // A binary to test util::Communicate. 16 | 17 | #include 18 | 19 | int main(int argc, char* argv[], const char* env[]) { 20 | std::cout << argc << '\n'; 21 | for (int i = 1; i < argc; ++i) { 22 | std::cout << argv[i] << '\n'; 23 | } 24 | for (const char** envp = env; *envp; ++envp) { 25 | std::cout << *envp << '\n'; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/testing.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_TESTING_H_ 16 | #define SANDBOXED_API_SANDBOX2_TESTING_H_ 17 | 18 | // IWYU pragma: private, include "third_party/sandboxed_api/testing.h" 19 | #include "sandboxed_api/testing.h" // IWYU pragma: export 20 | 21 | #endif // SANDBOXED_API_SANDBOX2_TESTING_H_ 22 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/trace_all_syscalls.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_TRACE_ALL_SYSCALLS_H_ 16 | #define SANDBOXED_API_SANDBOX2_TRACE_ALL_SYSCALLS_H_ 17 | 18 | #include "sandboxed_api/sandbox2/allowlists/trace_all_syscalls.h" // IWYU pragma: export 19 | 20 | #endif // SANDBOXED_API_SANDBOX2_ALLOW_ALL_SYSCALLS_H_ 21 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/unwind/ptrace_hook.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_UNWIND_PTRACE_HOOK_H_ 16 | #define SANDBOXED_API_SANDBOX2_UNWIND_PTRACE_HOOK_H_ 17 | 18 | #include 19 | 20 | #include "absl/strings/string_view.h" 21 | 22 | namespace sandbox2 { 23 | 24 | // Sets the register values that the ptrace emulation will return. 25 | void EnablePtraceEmulationWithUserRegs(pid_t pid, absl::string_view regs, 26 | int mem_fd); 27 | 28 | } // namespace sandbox2 29 | 30 | #endif // SANDBOXED_API_SANDBOX2_UNWIND_PTRACE_HOOK_H_ 31 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/unwind/unwind.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Proto for the communication between executor and sandboxed libunwind 16 | syntax = "proto3"; 17 | 18 | package sandbox2; 19 | 20 | message UnwindSetup { 21 | // Process ID of the process to unwind. Required. 22 | uint64 pid = 1; 23 | // Register content for the process to unwind 24 | bytes regs = 2; 25 | // Optional 26 | // Maximum number of stack frames to unwind 27 | uint64 default_max_frames = 3; 28 | } 29 | 30 | message UnwindResult { 31 | // Readable stacktrace, symbolized, one frame per line 32 | repeated string stacktrace = 1; 33 | reserved 2; 34 | } 35 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/util/maps_parser.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_SANDBOX2_UTIL_MAPS_PARSER_H_ 16 | #define SANDBOXED_API_SANDBOX2_UTIL_MAPS_PARSER_H_ 17 | 18 | #include 19 | #include 20 | #include 21 | 22 | #include "absl/status/statusor.h" 23 | 24 | namespace sandbox2 { 25 | 26 | struct MapsEntry { 27 | uint64_t start; 28 | uint64_t end; 29 | bool is_readable; 30 | bool is_writable; 31 | bool is_executable; 32 | bool is_shared; 33 | uint64_t pgoff; 34 | int major; 35 | int minor; 36 | uint64_t inode; 37 | std::string path; 38 | }; 39 | 40 | absl::StatusOr> ParseProcMaps( 41 | const std::string& contents); 42 | 43 | } // namespace sandbox2 44 | 45 | #endif // SANDBOXED_API_SANDBOX2_UTIL_MAPS_PARSER_H_ 46 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/util/testdata/chrome_grte_header: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/sandboxed_api/sandbox2/util/testdata/chrome_grte_header -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/util/testdata/hello_world: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/sandboxed_api/sandbox2/util/testdata/hello_world -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/util_c.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "sandboxed_api/sandbox2/util_c.h" 16 | 17 | #include "absl/log/log.h" 18 | #include "absl/status/statusor.h" 19 | #include "sandboxed_api/sandbox2/util.h" 20 | 21 | // Returns true if the current process is running inside Sandbox2. 22 | bool IsRunningInSandbox2() { 23 | absl::StatusOr result = sandbox2::util::IsRunningInSandbox2(); 24 | if (!result.ok()) { 25 | LOG(ERROR) << result.status(); 26 | return false; 27 | } 28 | return *result; 29 | } 30 | -------------------------------------------------------------------------------- /sandboxed_api/sandbox2/util_c.h: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // This header provides a C-wrapper for sandbox2::util functions that may be 16 | // useful in C hostcode. 17 | 18 | #ifndef SANDBOXED_API_SANDBOX2_UTIL_C_H_ 19 | #define SANDBOXED_API_SANDBOX2_UTIL_C_H_ 20 | 21 | #include 22 | 23 | #if defined(__cplusplus) 24 | extern "C" { 25 | #endif 26 | 27 | // Returns true if the current process is running inside Sandbox2. 28 | bool IsRunningInSandbox2(); 29 | 30 | #if defined(__cplusplus) 31 | } // extern "C" 32 | #endif 33 | 34 | #endif // SANDBOXED_API_SANDBOX2_UTIL_C_H_ 35 | -------------------------------------------------------------------------------- /sandboxed_api/tools/clang_generator/testdata/simple_functions.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // This file is used to test the generator's handling of simple functions. 16 | // 17 | // We expect that the generator will emit either the specifically requested 18 | // function, or all functions otherwise. 19 | 20 | extern "C" void ExposedFunction() {} 21 | 22 | extern "C" void OtherFunction() {} 23 | -------------------------------------------------------------------------------- /sandboxed_api/tools/filewrapper/testdata/filewrapper_embedded.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/sandboxed-api/7c730a5de39a550d2c5037ae930147a7232c5240/sandboxed_api/tools/filewrapper/testdata/filewrapper_embedded.bin -------------------------------------------------------------------------------- /sandboxed_api/tools/python_generator/build_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Code generation test. 18 | # It fails whenever generated code of test dependencies does not compile. 19 | 20 | echo 'PASS' 21 | 22 | -------------------------------------------------------------------------------- /sandboxed_api/tools/python_generator/testdata/main.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "sandboxed_api/tools/python_generator/tests_sapi_generator.sapi.h" 16 | 17 | int main() { 18 | sapi::tests::struct_t a; 19 | a.d = 1337; 20 | 21 | return a.d - 1337; 22 | } 23 | -------------------------------------------------------------------------------- /sandboxed_api/tools/python_generator/testdata/tests.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_TOOLS_PYTHON_GENERATOR_TESTDATA_TESTS_H_ 16 | #define SANDBOXED_API_TOOLS_PYTHON_GENERATOR_TESTDATA_TESTS_H_ 17 | 18 | #endif // SANDBOXED_API_TOOLS_PYTHON_GENERATOR_TESTDATA_TESTS_H_ 19 | -------------------------------------------------------------------------------- /sandboxed_api/tools/python_generator/testdata/tests2.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "sandboxed_api/tools/python_generator/testdata/tests.h" // IWYU pragma: keep 16 | 17 | // This compilation unit should have this structure partially defined 18 | struct struct_2* function_returning_struct_ptr() { 19 | return static_cast(nullptr); 20 | } 21 | -------------------------------------------------------------------------------- /sandboxed_api/util/file_helpers.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_UTIL_FILE_HELPERS_H_ 16 | #define SANDBOXED_API_UTIL_FILE_HELPERS_H_ 17 | 18 | #include 19 | 20 | #include "absl/status/status.h" 21 | #include "absl/strings/string_view.h" 22 | 23 | namespace sapi::file { 24 | 25 | // Empty Options struct for compatibility with Google File. 26 | struct Options {}; 27 | 28 | // Default constructed Options struct for compatiblity with Google File. 29 | const Options& Defaults(); 30 | 31 | absl::Status GetContents(absl::string_view path, std::string* output, 32 | const file::Options& options); 33 | 34 | absl::Status SetContents(absl::string_view path, absl::string_view content, 35 | const file::Options& options); 36 | 37 | } // namespace sapi::file 38 | 39 | #endif // SANDBOXED_API_UTIL_FILE_HELPERS_H_ 40 | -------------------------------------------------------------------------------- /sandboxed_api/util/file_helpers_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "sandboxed_api/util/file_helpers.h" 16 | 17 | #include 18 | 19 | #include "gmock/gmock.h" 20 | #include "gtest/gtest.h" 21 | #include "absl/status/status_matchers.h" 22 | 23 | namespace sandbox2 { 24 | 25 | namespace file = ::sapi::file; 26 | using ::absl_testing::IsOk; 27 | using ::testing::Not; 28 | 29 | TEST(FileHelpersTest, TestGetNonExistent) { 30 | std::string output; 31 | EXPECT_THAT(file::GetContents("/not/there", &output, file::Defaults()), 32 | Not(IsOk())); 33 | } 34 | 35 | TEST(FileHelpersTest, TestGetKnownFile) { 36 | std::string output; 37 | EXPECT_THAT(file::GetContents("/proc/self/status", &output, file::Defaults()), 38 | IsOk()); 39 | } 40 | 41 | } // namespace sandbox2 42 | -------------------------------------------------------------------------------- /sandboxed_api/util/proto_arg.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package sapi; 18 | 19 | message ProtoArg { 20 | // Fully qualified name of the protobuf that is being passed. 21 | optional string full_name = 1; 22 | // The serialized protobuf data. 23 | optional bytes protobuf_data = 2; 24 | } 25 | -------------------------------------------------------------------------------- /sandboxed_api/util/runfiles.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_UTIL_RUNFILES_H_ 16 | #define SANDBOXED_API_UTIL_RUNFILES_H_ 17 | 18 | #include 19 | 20 | #include "absl/strings/string_view.h" 21 | 22 | namespace sapi { 23 | 24 | // Returns the file path pointing to a resource file. The relative_path argument 25 | // should be relative to the runfiles directory. 26 | std::string GetDataDependencyFilePath(absl::string_view relative_path); 27 | 28 | namespace internal { 29 | 30 | // Like ::sapi::GetDataDependencyFilePath(), but prepends the location of the 31 | // Sandboxed API root runfiles path. 32 | std::string GetSapiDataDependencyFilePath(absl::string_view relative_path); 33 | 34 | } // namespace internal 35 | } // namespace sapi 36 | 37 | #endif // SANDBOXED_API_UTIL_RUNFILES_H_ 38 | -------------------------------------------------------------------------------- /sandboxed_api/util/status.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SAPI_UTIL_STATUS_H_ 16 | #define THIRD_PARTY_SAPI_UTIL_STATUS_H_ 17 | 18 | #include "absl/status/status.h" 19 | #include "sandboxed_api/util/status.pb.h" 20 | 21 | namespace sapi { 22 | 23 | void SaveStatusToProto(const absl::Status& status, StatusProto* out); 24 | absl::Status MakeStatusFromProto(const StatusProto& proto); 25 | 26 | } // namespace sapi 27 | 28 | #endif // THIRD_PARTY_SAPI_UTIL_STATUS_H_ 29 | -------------------------------------------------------------------------------- /sandboxed_api/util/status.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package sapi; 18 | 19 | message StatusProto { 20 | reserved 2, 4, 5; // For compatibility with the original StatusProto 21 | int32 code = 1; 22 | string message = 3; 23 | map payloads = 297070138; 24 | } 25 | -------------------------------------------------------------------------------- /sandboxed_api/util/strerror.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_UTIL_STRERROR_H_ 16 | #define SANDBOXED_API_UTIL_STRERROR_H_ 17 | 18 | #include 19 | #include 20 | 21 | namespace sapi { 22 | 23 | // Returns a human-readable string describing the given POSIX error code. This 24 | // is a portable and thread-safe alternative to strerror(). If the error code is 25 | // not translatable, the string will be "Unknown error nnn". errno will not be 26 | // modified by this call. This function is thread-safe. 27 | std::string StrError(int errnum); 28 | 29 | // Same as StrError but uses provided buffer (does not allocate memory). 30 | // Might use and return a static immutable buffer instead of buf. 31 | const char* RawStrError(int errnum, char* buf, size_t buflen); 32 | 33 | } // namespace sapi 34 | 35 | #endif // SANDBOXED_API_STRERROR_H_ 36 | -------------------------------------------------------------------------------- /sandboxed_api/var_type.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_TYPE_H_ 16 | #define SANDBOXED_API_TYPE_H_ 17 | 18 | #include 19 | 20 | namespace sapi::v { 21 | 22 | enum class Type { 23 | kVoid, // Void 24 | kInt, // Intergal types 25 | kFloat, // Floating-point types 26 | kPointer, // Pointer to an arbitrary data type 27 | kStruct, // Structures 28 | kArray, // Arrays, memory buffers 29 | kFd, // File descriptors/handles 30 | kProto, // Protocol buffers 31 | kLenVal, // Dynamic buffers 32 | }; 33 | 34 | inline std::ostream& operator<<(std::ostream& os, const Type& type) { 35 | return os << static_cast(type); 36 | } 37 | 38 | } // namespace sapi::v 39 | 40 | #endif // SANDBOXED_API_TYPE_H_ 41 | -------------------------------------------------------------------------------- /sandboxed_api/var_void.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_VAR_VOID_H_ 16 | #define SANDBOXED_API_VAR_VOID_H_ 17 | 18 | #include 19 | #include 20 | #include 21 | 22 | #include "sandboxed_api/var_ptr.h" 23 | #include "sandboxed_api/var_reg.h" 24 | 25 | namespace sapi::v { 26 | 27 | // Good, old void. 28 | class Void : public Callable { 29 | public: 30 | Void() = default; 31 | 32 | size_t GetSize() const final { return 0U; } 33 | Type GetType() const final { return Type::kVoid; } 34 | std::string GetTypeString() const final { return "Void"; } 35 | std::string ToString() const final { return "Void"; } 36 | 37 | const void* GetDataPtr() override { return nullptr; } 38 | void SetDataFromPtr(const void* ptr, size_t max_sz) override {} 39 | }; 40 | 41 | } // namespace sapi::v 42 | 43 | #endif // SANDBOXED_API_VAR_VOID_H_ 44 | -------------------------------------------------------------------------------- /sandboxed_api/vars.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef SANDBOXED_API_VARS_H_ 16 | #define SANDBOXED_API_VARS_H_ 17 | 18 | // IWYU pragma: begin_exports 19 | #include "sandboxed_api/var_array.h" 20 | #include "sandboxed_api/var_int.h" 21 | #include "sandboxed_api/var_lenval.h" 22 | #include "sandboxed_api/var_proto.h" 23 | #include "sandboxed_api/var_ptr.h" 24 | #include "sandboxed_api/var_struct.h" 25 | #include "sandboxed_api/var_void.h" 26 | // IWYU pragma: end_exports 27 | 28 | #endif // SANDBOXED_API_VARS_H_ 29 | --------------------------------------------------------------------------------