1 // Copyright 2023 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // The sandbox2::Monitor class is responsible for tracking the processes, and 16 // displaying their current statuses (syscalls, states, violations). 17 18 #ifndef SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_ 19 #define SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_ 20 21 #include <sys/resource.h> 22 #include <sys/types.h> 23 24 #include <cstdint> 25 #include <cstdio> 26 #include <memory> 27 #include <string> 28 #include <vector> 29 30 #include "absl/status/status.h" 31 #include "absl/status/statusor.h" 32 #include "absl/synchronization/notification.h" 33 #include "absl/time/time.h" 34 #include "sandboxed_api/sandbox2/comms.h" 35 #include "sandboxed_api/sandbox2/executor.h" 36 #include "sandboxed_api/sandbox2/fork_client.h" 37 #include "sandboxed_api/sandbox2/forkserver.pb.h" 38 #include "sandboxed_api/sandbox2/ipc.h" 39 #include "sandboxed_api/sandbox2/network_proxy/server.h" 40 #include "sandboxed_api/sandbox2/notify.h" 41 #include "sandboxed_api/sandbox2/policy.h" 42 #include "sandboxed_api/sandbox2/regs.h" 43 #include "sandboxed_api/sandbox2/result.h" 44 #include "sandboxed_api/sandbox2/syscall.h" 45 #include "sandboxed_api/util/thread.h" 46 47 namespace sandbox2 { 48 49 class MonitorBase { 50 public: 51 // executor, policy and notify are not owned by the Monitor 52 MonitorBase(Executor* executor, Policy* policy, Notify* notify); 53 54 MonitorBase(const MonitorBase&) = delete; 55 MonitorBase& operator=(const MonitorBase&) = delete; 56 57 virtual ~MonitorBase(); 58 59 // Starts the Monitor. 60 void Launch(); 61 62 // Getters for private fields. IsDone()63 bool IsDone() const { return done_notification_.HasBeenNotified(); } 64 65 // Enable network proxy server, this will start a thread in the sandbox 66 // that waits for connection requests from the sandboxee. 67 void EnableNetworkProxyServer(); 68 69 // Notifies the monitor that a network violation occurred. 70 virtual void NotifyNetworkViolation() = 0; 71 pid()72 pid_t pid() const { return process_.main_pid; } 73 result()74 const Result& result() const { return result_; } 75 76 absl::StatusOr<Result> AwaitResultWithTimeout(absl::Duration timeout); 77 78 virtual void Kill() = 0; 79 virtual void DumpStackTrace() = 0; 80 virtual void SetWallTimeLimit(absl::Duration limit) = 0; 81 82 protected: 83 void OnDone(); 84 // Sets basic info status and reason code in the result object. 85 void SetExitStatusCode(Result::StatusEnum final_status, 86 uintptr_t reason_code); 87 // Logs a SANDBOX VIOLATION message based on the registers and additional 88 // explanation for the reason of the violation. 89 void LogSyscallViolation(const Syscall& syscall) const; 90 91 // Tells if collecting stack trace is at all possible. 92 bool StackTraceCollectionPossible() const; 93 94 // Whether a stack trace should be collected given the current status 95 bool ShouldCollectStackTrace(Result::StatusEnum status) const; 96 97 // Gets stack trace. 98 absl::StatusOr<std::vector<std::string>> GetStackTrace(const Regs* regs); 99 100 // Gets and logs stack trace. 101 absl::StatusOr<std::vector<std::string>> GetAndLogStackTrace( 102 const Regs* regs); 103 104 // Internal objects, owned by the Sandbox2 object. 105 Executor* executor_; 106 Notify* notify_; 107 Policy* policy_; 108 // The sandboxee process. 109 SandboxeeProcess process_; 110 Result result_; 111 // Comms channel ptr, copied from the Executor object for convenience. 112 Comms* comms_; 113 // Log file specified by 114 // --sandbox_danger_danger_permit_all_and_log flag. 115 FILE* log_file_ = nullptr; 116 // Handle to the class responsible for proxying and validating connect() 117 // requests. 118 std::unique_ptr<NetworkProxyServer> network_proxy_server_; 119 // Monitor type 120 MonitorType type_ = FORKSERVER_MONITOR_PTRACE; 121 122 protected: 123 // Sends Policy to the Client. 124 // Can be overridden by subclasses to save/modify policy before sending. 125 // Returns success/failure status. 126 virtual absl::Status SendPolicy(const std::vector<sock_filter>& policy); 127 128 private: 129 // Instantiates and sends Policy to the Client. 130 // Returns success/failure status. 131 bool InitSendPolicy(); 132 133 // Waits for the SandboxReady signal from the client. 134 // Returns success/failure status. 135 bool WaitForSandboxReady(); 136 137 // Sends information about data exchange channels. 138 bool InitSendIPC(); 139 140 // Sends information about the current working directory. 141 bool InitSendCwd(); 142 143 // Applies limits on the sandboxee. 144 bool InitApplyLimits(); 145 146 // Applies individual limit on the sandboxee. 147 bool InitApplyLimit(pid_t pid, int resource, const rlimit64& rlim) const; 148 149 // Logs an additional explanation for the possible reason of the violation 150 // based on the registers. 151 void LogSyscallViolationExplanation(const Syscall& syscall) const; 152 153 virtual void RunInternal() = 0; 154 virtual void Join() = 0; 155 156 // IPC ptr, used for exchanging data with the sandboxee. 157 IPC* ipc_; 158 159 // The field indicates whether the sandboxing task has been completed (either 160 // successfully or with error). 161 absl::Notification done_notification_; 162 163 // Empty temp file used for mapping the comms fd when the Tomoyo LSM is 164 // active. 165 std::string comms_fd_dev_; 166 167 sapi::Thread network_proxy_thread_; 168 169 // Is the sandboxee forked from a custom forkserver? 170 bool uses_custom_forkserver_; 171 }; 172 173 } // namespace sandbox2 174 175 #endif // SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_ 176