• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2024 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 // A binary that tries to detect if it is running under sandbox2.
16 
17 #include <cstdio>
18 #include <cstdlib>
19 #include <string>
20 
21 #include "absl/status/statusor.h"
22 #include "sandboxed_api/sandbox2/client.h"
23 #include "sandboxed_api/sandbox2/comms.h"
24 #include "sandboxed_api/sandbox2/util.h"
25 
26 namespace {
27 
TestSandboxSyscall()28 int TestSandboxSyscall() {
29   absl::StatusOr<bool> is_running_under_sandbox2 =
30       sandbox2::util::IsRunningInSandbox2();
31   if (!is_running_under_sandbox2.ok()) {
32     printf("Failed to check if running under sandbox2: %s\n",
33            std::string(is_running_under_sandbox2.status().message()).c_str());
34     return EXIT_FAILURE;
35   }
36   if (*is_running_under_sandbox2) {
37     printf("Failed to correctly detect not running under sandbox2\n");
38     return EXIT_FAILURE;
39   }
40 
41   // Activate the sandbox and call the util::kMagicSyscallNo syscall again.
42   auto comms = sandbox2::Comms(sandbox2::Comms::kSandbox2ClientCommsFD);
43   sandbox2::Client client(&comms);
44   client.SandboxMeHere();
45   is_running_under_sandbox2 = sandbox2::util::IsRunningInSandbox2();
46   if (!is_running_under_sandbox2.ok()) {
47     printf("Failed to check if running under sandbox2: %s\n",
48            std::string(is_running_under_sandbox2.status().message()).c_str());
49     return EXIT_FAILURE;
50   }
51   if (!*is_running_under_sandbox2) {
52     printf("Failed to correctly detect not running under sandbox2\n");
53     return EXIT_FAILURE;
54   }
55 
56   return EXIT_SUCCESS;
57 }
58 
59 }  // namespace
60 
main(int argc,char * argv[])61 int main(int argc, char* argv[]) {
62   // Disable buffering.
63   setbuf(stdin, nullptr);
64   setbuf(stdout, nullptr);
65   setbuf(stderr, nullptr);
66 
67   return TestSandboxSyscall();
68 }
69