The open-source Sandboxed API (SAPI) project builds on top of Google's Sandbox2 open-source project and aims to make sandboxing of C/C++ libraries less burdensome.
Sandboxed API provides three main benefits:
Instead of sandboxing entire programs or having to change source code to be able to sandbox a part of a program as with Sandbox2, with SAPI you can sandbox individual C/C++ libraries. As a result, with SAPI the main program is isolated from code execution vulnerabilities in the C/C++ library.
Our working motto is: Sandbox once, use anywhere. Libraries sandboxed with Sandboxed API can be easily reused, which removes the burden for future projects. Before Sandboxed API, sandboxes available for use at Google required additional implementation work with each new instance of a project which was intended to be sandboxed, even if it reused the same software library. Sandbox2 policies and other restrictions applied to the sandboxed process had to be reimplemented each time, and data exchange mechanisms between trusted and untrusted parts of the code had to be designed from scratch.
Each SAPI library utilizes a tightly defined security policy, in contrast to the typical sandboxed project, where security policies must cover the total syscall/resource footprint of all utilized libraries.
The SAPI project has been designed, developed, and is maintained by members of the Google Sandbox Team. It also uses our field-tested Sandbox2. Currently, many internal projects are using SAPI to isolate their production workloads.
To get up and running with Sandboxed API, follow these steps:
- Install the required dependencies (this assumes you are running Debian 10 Buster):
$ echo "deb http://storage.googleapis.com/bazel-apt stable jdk1.8" |
sudo tee /etc/apt/sources.list.d/bazel.list $ wget -qO - https://bazel.build/bazel-release.pub.gpg | sudo apt-key add - $ sudo apt-get update $ sudo apt-get install -qy build-essential linux-libc-dev bazel python3
python3-pip libclang-7-dev $ pip3 install clang
- Clone and run the build:
$ git clone https://github.com/google/sandboxed-api && cd sandboxed-api $ bazel build …
- Try out one of the examples:
$ bazel run //sandboxed_api/examples/stringop:main_stringop
More information on Sandboxed API is available here:
Sandboxed API Explained — Describes Sandboxed API (SAPI) and its core concepts.
Getting Started — Provides guidance helping you create your own SAPI sandboxed version of an API.
Build Rules — Explains how to use the sapi_library() build rule to build your SAPI Library.
Variables — Discusses the use of SAPI Types which are needed when passing pointers to simple types and memory blocks.
Transactions — Explains how to use the SAPI Transaction module to monitor function calls.
|Sandbox2||Google open-source project which provides the sandboxing layer in SAPI.|
|Sandboxee||The binary executing in the Sandbox2 sandbox, see the Sandbox2 documentation. In the context of SAPI, this is the sandboxed C/C++ library.|
|SAPI||Sandboxed API, Google open-source project which provides the functionality to build Sandboxed Libraries.|
|SAPI Library||Library generated by SAPI, containing Sandboxed Library, Sandbox2 code, and SAPI runtime code.|
|SAPI Object||C++ object, included in the Host Code, providing an interface to the Sandboxed Library using SAPI Types instead of the original ones.|
|SAPI Types||SAPI provides special types needed when passing pointers to simple types and memory blocks.|
|SAPI Transaction||A module used to manage the sandbox status of the Sandboxed Library between runs.|
|RPC Stub||Remote Procedure Call (RPC) communication stub wrapped in Sandbox2 and used to pass data between SAPI Object and Sandboxed Library.|
|Host Code||The code which uses the Sandboxed Library and includes the SAPI Object.|
Contributing to Sandboxed API
If you want to contribute, please read CONTRIBUTING.md and send us pull requests.You can also report bugs or file feature requests.
If you'd like to talk to the developers or get notified about major product updates, you may want to join our Google Group: sandboxed-api-users.