Add support for symbol lookup in PassthroughBackend.

Sandboxed API Team · copybara-github · commit 916fbc39def4 · 2026-04-09T08:24:36.000-07:00
This change extends PassthroughBackend and PassthroughRPCChannel to handle symbol lookup requests. A new SymbolFunctionT type is introduced, and the constructors are updated to accept and store a function for handling these symbol messages. The code generation for passthrough sandboxes is also updated to provide the newly introduced HandleSymbolMsg function.

PiperOrigin-RevId: 897124952
Change-Id: I4358eb87f14014b459aeb568670bba96f43a85bc
diff --git a/sandboxed_api/passthrough_backend.h b/sandboxed_api/passthrough_backend.h
@@ -31,10 +31,12 @@ class SandboxBase;
 class PassthroughBackend {
  public:
   using CallFunctionT = PassthroughRPCChannel::CallFunctionT;
-  PassthroughBackend(SandboxConfig config, CallFunctionT call_function)
-      : rpc_channel_(
-            std::make_unique<PassthroughRPCChannel>(std::move(call_function))) {
-  }
+  using SymbolFunctionT = PassthroughRPCChannel::SymbolFunctionT;
+
+  PassthroughBackend(SandboxConfig config, CallFunctionT call_function,
+                     SymbolFunctionT symbol_function)
+      : rpc_channel_(std::make_unique<PassthroughRPCChannel>(
+            std::move(call_function), std::move(symbol_function))) {}
 
   // Initializes a new sandboxing session.
   absl::Status Init() { return absl::OkStatus(); }
diff --git a/sandboxed_api/passthrough_rpcchannel.cc b/sandboxed_api/passthrough_rpcchannel.cc
@@ -25,6 +25,7 @@
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/types/span.h"
+#include "sandboxed_api/call.h"
 
 namespace sapi {
 
@@ -67,11 +68,13 @@ absl::StatusOr<size_t> PassthroughRPCChannel::CopyToSandbox(
 }
 
 absl::Status PassthroughRPCChannel::Symbol(const char* symname, void** addr) {
-  *addr = dlsym(RTLD_DEFAULT, symname);
-  if (!*addr) {
-    return absl::ErrnoToStatus(errno,
-                               "PassthroughRPCChannel::Symbol: dlsym failed");
+  FuncRet ret{};
+  symbol_function_(symname, &ret);
+  if (!ret.success) {
+    return absl::InternalError(
+        "PassthroughRPCChannel::Symbol: symbol not found");
   }
+  *addr = reinterpret_cast<void*>(ret.int_val);
   return absl::OkStatus();
 }
 
diff --git a/sandboxed_api/passthrough_rpcchannel.h b/sandboxed_api/passthrough_rpcchannel.h
@@ -38,8 +38,13 @@ class PassthroughRPCChannel : public RPCChannel {
  public:
   using CallFunctionT =
       absl::AnyInvocable<void(const FuncCall& call, FuncRet* ret) const>;
-  explicit PassthroughRPCChannel(CallFunctionT call_function)
-      : call_function_(std::move(call_function)) {}
+  using SymbolFunctionT =
+      absl::AnyInvocable<void(const char* symname, FuncRet* ret) const>;
+
+  explicit PassthroughRPCChannel(CallFunctionT call_function,
+                                 SymbolFunctionT symbol_function)
+      : call_function_(std::move(call_function)),
+        symbol_function_(std::move(symbol_function)) {}
 
   absl::Status Allocate(size_t size, void** addr,
                         bool disable_shared_memory) override;
@@ -78,6 +83,7 @@ class PassthroughRPCChannel : public RPCChannel {
 
  private:
   CallFunctionT call_function_;
+  SymbolFunctionT symbol_function_;
 };
 
 }  // namespace sapi
diff --git a/sandboxed_api/tools/clang_generator/emitter.cc b/sandboxed_api/tools/clang_generator/emitter.cc
@@ -142,7 +142,7 @@ class %1$s : public ::sapi::Sandbox<::sapi::PassthroughBackend> {
   %1$s()
       : %1$s(::sapi::SandboxConfig{}) {}
   %1$s(::sapi::SandboxConfig config)
-      : %1$s(::sapi::PassthroughBackend(std::move(config), %2$s)) {}
+      : %1$s(::sapi::PassthroughBackend(std::move(config), %2$s, %3$s)) {}
   %1$s(::sapi::PassthroughBackend backend)
       : ::sapi::Sandbox<::sapi::PassthroughBackend>(std::move(backend)) {}
 };
@@ -617,7 +617,9 @@ absl::StatusOr<std::string> Emitter::DoEmitHeader() {
     case SandboxMode::kPassthrough: {
       absl::StrAppendFormat(
           &out, kPassthroughClassTemplate, sandbox_class_name,
-          absl::StrCat("::sapi::client::", handle_msg_prefix, "HandleCallMsg"));
+          absl::StrCat("::sapi::client::", handle_msg_prefix, "HandleCallMsg"),
+          absl::StrCat("::sapi::client::", handle_msg_prefix,
+                       "HandleSymbolMsg"));
       break;
     }
   }
