Skip to content

Commit 5a55fc0

Browse files
Sandboxed API Teamcopybara-github
Sandboxed API Team
authored and
copybara-github
committed
Introduce shared memory comms in Sandbox2.
This change adds a new communication channel based on shared memory (memfd) between the sandboxer and the sandboxee. When this feature is enabled, a memfd is created and passed to the sandboxee via the forkserver. The Comms object in both the sandboxer and sandboxee can then be initialized with this shared memory buffer, allowing for potentially faster data transfer. PiperOrigin-RevId: 912036443 Change-Id: I3a1fd96f1f17a72d6c98e071b2df657cdd4e37e1
1 parent 71c412d commit 5a55fc0

29 files changed

Lines changed: 48 additions & 448 deletions

sandboxed_api/sandbox2/BUILD

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -836,7 +836,6 @@ cc_library(
836836
deps = [
837837
":util",
838838
"//sandboxed_api/util:fileops",
839-
"//sandboxed_api/util:status",
840839
"@abseil-cpp//absl/base:core_headers",
841840
"@abseil-cpp//absl/memory",
842841
"@abseil-cpp//absl/status",
@@ -882,18 +881,13 @@ cc_library(
882881
copts = sapi_platform_copts(),
883882
visibility = ["//visibility:public"],
884883
deps = [
885-
":buffer",
886884
":util",
887-
"//sandboxed_api/sandbox2/util:asynchronous_byte_transport",
888-
"//sandboxed_api/sandbox2/util:potentially_blocking_region",
889885
"//sandboxed_api/util:fileops",
890886
"//sandboxed_api/util:raw_logging",
891887
"//sandboxed_api/util:status",
892888
"//sandboxed_api/util:status_cc_proto",
893-
"//sandboxed_api/util:thread",
894889
"@abseil-cpp//absl/base:core_headers",
895890
"@abseil-cpp//absl/base:dynamic_annotations",
896-
"@abseil-cpp//absl/log",
897891
"@abseil-cpp//absl/status",
898892
"@abseil-cpp//absl/status:statusor",
899893
"@abseil-cpp//absl/strings",

sandboxed_api/sandbox2/CMakeLists.txt

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -773,7 +773,6 @@ target_link_libraries(sandbox2_buffer
773773
absl::status
774774
absl::strings
775775
sapi::base
776-
sapi::status
777776
sandbox2::util
778777
PUBLIC absl::core_headers
779778
absl::statusor
@@ -816,13 +815,10 @@ add_library(sandbox2_comms ${SAPI_LIB_TYPE}
816815
)
817816
add_library(sandbox2::comms ALIAS sandbox2_comms)
818817
target_link_libraries(sandbox2_comms
819-
PRIVATE absl::log
820-
absl::status
818+
PRIVATE absl::status
821819
absl::statusor
822820
absl::str_format
823821
absl::strings
824-
sandbox2::asynchronous_byte_transport
825-
sandbox2::potentially_blocking_region
826822
sandbox2::util
827823
sapi::base
828824
sapi::raw_logging

sandboxed_api/sandbox2/buffer.cc

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@
3232
#include "absl/strings/str_cat.h"
3333
#include "sandboxed_api/sandbox2/util.h"
3434
#include "sandboxed_api/util/fileops.h"
35-
#include "sandboxed_api/util/status_macros.h"
3635

3736
namespace sandbox2 {
3837

@@ -98,8 +97,14 @@ absl::StatusOr<std::unique_ptr<Buffer>> Buffer::Expand(
9897
// will be immediately deleted.
9998
absl::StatusOr<std::unique_ptr<Buffer>> Buffer::CreateWithSize(
10099
size_t size, const char* name) {
101-
SAPI_ASSIGN_OR_RETURN(FDCloser fd, util::CreateMemFdWithSize(size, name));
102-
return CreateFromFd(std::move(fd), size);
100+
absl::StatusOr<FDCloser> fd = util::CreateMemFd(name);
101+
if (!fd.ok()) {
102+
return fd.status();
103+
}
104+
if (ftruncate(fd->get(), size) != 0) {
105+
return absl::ErrnoToStatus(errno, "Could not extend buffer fd");
106+
}
107+
return CreateFromFd(*std::move(fd), size);
103108
}
104109

105110
std::string Buffer::GetName() const {

sandboxed_api/sandbox2/client.cc

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -198,14 +198,8 @@ void Client::EnableSandbox() {
198198
ApplyPolicyAndBecomeTracee();
199199
}
200200

201-
void Client::ReceiveCommsUpgrade() {
202-
auto status = comms_->RecvSharedMemUpgrade();
203-
SAPI_RAW_CHECK(status.ok(), "receiving comms upgrade");
204-
}
205-
206201
void Client::SandboxMeHere() {
207202
PrepareEnvironment();
208-
ReceiveCommsUpgrade();
209203
EnableSandbox();
210204
}
211205

sandboxed_api/sandbox2/client.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,6 @@ class Client {
135135

136136
void PrepareEnvironment(int* preserved_fd = nullptr);
137137
void EnableSandbox();
138-
void ReceiveCommsUpgrade();
139138
};
140139

141140
} // namespace sandbox2

0 commit comments

Comments
 (0)