RLBox
Public Member Functions | List of all members
rlbox::tainted_base_impl< T_Wrap, T, T_Sbx > Class Template Reference

Public Member Functions

auto & impl ()
 
auto & impl () const
 
auto UNSAFE_unverified ()
 Unwrap a tainted value without verification. This is an unsafe operation and should be used with care.
 
auto UNSAFE_unverified () const
 
auto UNSAFE_sandboxed (rlbox_sandbox< T_Sbx > &sandbox)
 Like UNSAFE_unverified, but get the underlying sandbox representation. More...
 
auto UNSAFE_sandboxed (rlbox_sandbox< T_Sbx > &sandbox) const
 
 rlbox_detail_member_and_const (template< size_t N > inline auto unverified_safe_because(const char(&reason)[N]), { RLBOX_UNUSED(reason);static_assert(!std::is_pointer_v< T >, "unverified_safe_because does not support pointers. Use " "unverified_safe_pointer_because.");return UNSAFE_unverified();})
 Unwrap a tainted value without verification. This function should be used when unwrapping is safe. More...
 
 rlbox_detail_member_and_const (template< size_t N > inline auto unverified_safe_pointer_because(size_t count, const char(&reason)[N]), { RLBOX_UNUSED(reason);static_assert(std::is_pointer_v< T >, "Expected pointer type");using T_Pointed=std::remove_pointer_t< T >;if_constexpr_named(cond1, std::is_pointer_v< T_Pointed >) { rlbox_detail_static_fail_because(cond1, "There is no way to use unverified_safe_pointer_because for " "'pointers to pointers' safely. Use copy_and_verify instead.");return nullptr;} auto ret=UNSAFE_unverified();if(ret !=nullptr) { size_t bytes=sizeof(T) *count;detail::check_range_doesnt_cross_app_sbx_boundary< T_Sbx >(ret, bytes);} return ret;})
 
auto INTERNAL_unverified_safe ()
 
auto INTERNAL_unverified_safe () const
 
 BinaryOpValAndPtr (+)
 
 BinaryOpValAndPtr (-)
 
BinaryOp * BinaryOp (/);BinaryOp(%
 
BinaryOp^ BinaryOp (&);BinaryOp(|
 
 BinaryOp (<<)
 
 BinaryOp (>>)
 
 CompoundAssignmentOp (+)
 
 CompoundAssignmentOp (-)
 
CompoundAssignmentOp * CompoundAssignmentOp (/);CompoundAssignmentOp(%
 
CompoundAssignmentOp^ CompoundAssignmentOp (&);CompoundAssignmentOp(|
 
 CompoundAssignmentOp (<<)
 
 CompoundAssignmentOp (>>)
 
 PreIncDecOps (+)
 
 PreIncDecOps (-)
 
 PostIncDecOps (+)
 
 PostIncDecOps (-)
 
BooleanBinaryOp && BooleanBinaryOp (||);#define UnaryOp(opSymbol) UnaryOp(-
 
 UnaryOp (~)
 
 CompareOp (==, true)
 
 CompareOp (!=, true)
 
 CompareOp (<, false)
 
 CompareOp (<=, false)
 
 CompareOp (>, false)
 
 CompareOp (>=, false)
 
template<typename T_Rhs >
const T_OpSubscriptArrRet & operator[] (T_Rhs &&rhs) const
 
template<typename T_Rhs >
T_OpSubscriptArrRet & operator[] (T_Rhs &&rhs)
 
T_OpDerefRetoperator* () const
 
T_OpDerefRetoperator* ()
 
auto operator-> () const
 
auto operator-> ()
 
auto operator! ()
 
template<typename T_Func >
auto copy_and_verify (T_Func verifier) const
 Copy tainted value from sandbox and verify it. More...
 
template<typename T_Func >
auto copy_and_verify_range (T_Func verifier, std::size_t count) const
 Copy a range of tainted values from sandbox and verify them. More...
 
template<typename T_Func >
auto copy_and_verify_string (T_Func verifier) const
 Copy a tainted string from sandbox and verify it. More...
 
template<typename T_Func >
auto copy_and_verify_address (T_Func verifier)
 Copy a tainted pointer from sandbox and verify the address. More...
 
template<typename T_Func >
auto copy_and_verify_buffer_address (T_Func verifier, std::size_t size)
 Copy a tainted pointer to a buffer from sandbox and verify the address. More...
 

Member Function Documentation

◆ copy_and_verify()

template<template< typename, typename > typename T_Wrap, typename T , typename T_Sbx >
template<typename T_Func >
auto rlbox::tainted_base_impl< T_Wrap, T, T_Sbx >::copy_and_verify ( T_Func  verifier) const
inline

Copy tainted value from sandbox and verify it.

Parameters
veriferFunction used to verify the copied value.
Template Parameters
T_Functhe type of the verifier.
Returns
Whatever the verifier function returns.

◆ copy_and_verify_address()

template<template< typename, typename > typename T_Wrap, typename T , typename T_Sbx >
template<typename T_Func >
auto rlbox::tainted_base_impl< T_Wrap, T, T_Sbx >::copy_and_verify_address ( T_Func  verifier)
inline

Copy a tainted pointer from sandbox and verify the address.

This function is useful if you need to verify physical bits representing the address of a pointer. Other APIs such as copy_and_verify performs a deep copy and changes the address bits.

Parameters
verifierFunction used to verify the copied value.
Template Parameters
T_Functhe type of the verifier T_Ret(*)(uintptr_t)
Returns
Whatever the verifier function returns.

◆ copy_and_verify_buffer_address()

template<template< typename, typename > typename T_Wrap, typename T , typename T_Sbx >
template<typename T_Func >
auto rlbox::tainted_base_impl< T_Wrap, T, T_Sbx >::copy_and_verify_buffer_address ( T_Func  verifier,
std::size_t  size 
)
inline

Copy a tainted pointer to a buffer from sandbox and verify the address.

This function is useful if you need to verify physical bits representing the address of a buffer. Other APIs such as copy_and_verify performs a deep copy and changes the address bits.

Parameters
verifierFunction used to verify the copied value.
sizeSize of the buffer. Buffer with length size is expected to fit inside sandbox memory.
Template Parameters
T_Functhe type of the verifier T_Ret(*)(uintptr_t)
Returns
Whatever the verifier function returns.

◆ copy_and_verify_range()

template<template< typename, typename > typename T_Wrap, typename T , typename T_Sbx >
template<typename T_Func >
auto rlbox::tainted_base_impl< T_Wrap, T, T_Sbx >::copy_and_verify_range ( T_Func  verifier,
std::size_t  count 
) const
inline

Copy a range of tainted values from sandbox and verify them.

Parameters
veriferFunction used to verify the copied value.
countNumber of elements to copy.
Template Parameters
T_Functhe type of the verifier. If the tainted type is int* then T_Func = T_Ret(*)(unique_ptr<int[]>).
Returns
Whatever the verifier function returns.

◆ copy_and_verify_string()

template<template< typename, typename > typename T_Wrap, typename T , typename T_Sbx >
template<typename T_Func >
auto rlbox::tainted_base_impl< T_Wrap, T, T_Sbx >::copy_and_verify_string ( T_Func  verifier) const
inline

Copy a tainted string from sandbox and verify it.

Parameters
veriferFunction used to verify the copied value.
Template Parameters
T_Functhe type of the verifier T_Ret(*)(unique_ptr<char[]>)
Returns
Whatever the verifier function returns.

◆ rlbox_detail_member_and_const()

template<template< typename, typename > typename T_Wrap, typename T , typename T_Sbx >
rlbox::tainted_base_impl< T_Wrap, T, T_Sbx >::rlbox_detail_member_and_const ( template< size_t N > inline auto   unverified_safe_becauseconst char(&reason)[N],
{ RLBOX_UNUSED(reason);static_assert(!std::is_pointer_v< T >, "unverified_safe_because does not support pointers. Use " "unverified_safe_pointer_because.");return UNSAFE_unverified();}   
)

Unwrap a tainted value without verification. This function should be used when unwrapping is safe.

Parameters
reasonAn explanation why the unverified unwrapping is safe.

◆ UNSAFE_sandboxed()

template<template< typename, typename > typename T_Wrap, typename T , typename T_Sbx >
auto rlbox::tainted_base_impl< T_Wrap, T, T_Sbx >::UNSAFE_sandboxed ( rlbox_sandbox< T_Sbx > &  sandbox)
inline

Like UNSAFE_unverified, but get the underlying sandbox representation.

Parameters
sandboxReference to sandbox.

For the Wasm-based sandbox, this function additionally validates the unwrapped value against the machine model of the sandbox (LP32).


The documentation for this class was generated from the following file: