Fix three errors

Sandbox level 3 would prevent most GPU drivers from loading
because it prevented write accesst to /dev.

Xorg connection failed when no display is present, now falls
back to 'none' WSI when this happens.

--presentation cmd line parameter was typo'ed during parsing.

Author: per-mathisen-arm

src/replay.cpp

@@ -116,11 +116,7 @@ static void replay_thread(int thread_id)
 
 static void run_multithreaded()
 {
-	if (p__sandbox_level >= 3)
-	{
-		const char* err = sandbox_level_three();
-		if (err) WLOG("Warning: Failed to increase sandbox to level three: %s", err);
-	}
+	if (p__sandbox_level >= 3) sandbox_level_three();
 
 	for (unsigned i = 0; i < replayer.threads.size(); i++)
 	{
@@ -143,11 +139,7 @@ int main(int argc, char **argv)
 	bool infodump = false;
 	std::string wsi;
 
-	if (p__sandbox_level >= 1)
-	{
-		const char* err = sandbox_level_one();
-		if (err) WLOG("Warning: Failed to increase sandbox to level one: %s", err);
-	}
+	if (p__sandbox_level >= 1) sandbox_level_one();
 
 	// override defaults
 	//p__allow_stalls = get_env_bool("LAVATUBE_ALLOW_STALLS", false);
@@ -186,7 +178,7 @@ int main(int argc, char **argv)
 			else if (val == "offscreen") p__noscreen = 1;
 			else ABORT("Bad --swapchain mode");
 		}
-		else if (match(argv[i], nullptr, "--presentationmode", remaining))
+		else if (match(argv[i], nullptr, "--presentation", remaining))
 		{
 			if (remaining < 1) usage();
 			std::string val = get_str(argv[++i], remaining);
@@ -306,11 +298,7 @@ int main(int argc, char **argv)
 	if (wsi.empty()) wsi_initialize(nullptr);
 	else wsi_initialize(wsi.c_str());
 
-	if (p__sandbox_level >= 2)
-	{
-		const char* err = sandbox_level_two();
-		if (err) WLOG("Warning: Failed to increase sandbox to level two: %s", err);
-	}
+	if (p__sandbox_level >= 2) sandbox_level_two();
 
 	if (filename.empty())
 	{

src/sandbox.cpp

@@ -23,6 +23,7 @@
 #include <stdbool.h>
 
 #include "sandbox.h"
+#include "util.h"
 
 #ifndef landlock_create_ruleset
 static inline int
@@ -51,20 +52,19 @@ static inline int landlock_restrict_self(const int ruleset_fd,
 }
 #endif
 
-const char* sandbox_level_one()
+void sandbox_level_one()
 {
-	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) { return "Failed to restrict root privileges"; }
-	return nullptr;
+	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) ABORT("Failed to restrict root privileges");
 }
 
-const char* sandbox_level_two()
+void sandbox_level_two()
 {
 	int abi = landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
 	if (abi < 0)
 	{
-		if (errno == ENOSYS) return "Landlock sandbox is not supported by the current kernel";
-		else if (errno == EOPNOTSUPP) return "Landlock sandbox is currently disabled";
-		else return "Landlock sandboxing not supported by your system for unknown reason";
+		if (errno == ENOSYS) ABORT("Landlock sandbox is not supported by the current kernel");
+		else if (errno == EOPNOTSUPP) ABORT("Landlock sandbox is currently disabled");
+		else ABORT("Landlock sandboxing not supported by your system: %s", strerror(errno));
 	}
 	struct landlock_ruleset_attr ruleset_attr = {};
 	// Prohibit things we never need to do:
@@ -73,43 +73,37 @@ const char* sandbox_level_two()
 	ruleset_attr.handled_access_net = LANDLOCK_ACCESS_NET_BIND_TCP | LANDLOCK_ACCESS_NET_CONNECT_TCP;
 #endif
 	int ruleset_fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
-	if (ruleset_fd < 0) return "Failed to create landlock ruleset";
-	if (landlock_restrict_self(ruleset_fd, 0)) { close(ruleset_fd); return "Failed to enforce landlock ruleset"; }
+	if (ruleset_fd < 0) ABORT("Failed to create landlock ruleset: %s", strerror(errno));
+	if (landlock_restrict_self(ruleset_fd, 0) != 0) ABORT("Failed to enforce landlock ruleset: %s", strerror(errno));
 	close(ruleset_fd);
+}
 
-	return nullptr;
+static void sandbox_except_path(int ruleset_fd, const char* path, int access_flags)
+{
+	struct landlock_path_beneath_attr path_beneath = {};
+	path_beneath.allowed_access = access_flags;
+	path_beneath.parent_fd = open(path, O_PATH | O_CLOEXEC);
+	if (path_beneath.parent_fd < 0) ABORT("Failed to add exception for an app path from sandbox restrictions: %s", strerror(errno));
+	if (landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, &path_beneath, 0) != 0) ABORT("Failed to add path exception to landlock sandbox ruleset: %s", strerror(errno));
+	close(path_beneath.parent_fd);
 }
 
-const char* sandbox_level_three()
+void sandbox_level_three()
 {
-	char path[255];
-	memset(path, 0, sizeof(path));
-	const char* exception_path = getcwd(path, sizeof(path));
-	// Error would have been spammed during init, do not need to repeat it; if we got here, we decided to ignore it
-	if (landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION) < 0) return nullptr;
 	// Prohibit things we don't need during replay
 	struct landlock_ruleset_attr ruleset_attr = {};
 	ruleset_attr.handled_access_fs = LANDLOCK_ACCESS_FS_MAKE_SYM | LANDLOCK_ACCESS_FS_MAKE_DIR | LANDLOCK_ACCESS_FS_MAKE_REG | LANDLOCK_ACCESS_FS_REMOVE_DIR | LANDLOCK_ACCESS_FS_REMOVE_FILE | LANDLOCK_ACCESS_FS_WRITE_FILE;
 	int ruleset_fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
-	if (ruleset_fd < 0) return "Failed to create landlock ruleset";
+	if (ruleset_fd < 0) ABORT("Failed to create landlock ruleset: %s", strerror(errno));
+
 	// Set up exception path from current working directory
-	if (exception_path)
-	{
-		struct landlock_path_beneath_attr path_beneath = {};
-		path_beneath.allowed_access = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_REMOVE_FILE | LANDLOCK_ACCESS_FS_MAKE_DIR | LANDLOCK_ACCESS_FS_REMOVE_DIR;
-		path_beneath.parent_fd = open(exception_path, O_PATH | O_CLOEXEC);
-		if (path_beneath.parent_fd < 0) { close(ruleset_fd); return "Failed to open app path"; }
-		int err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, &path_beneath, 0);
-		if (err)
-		{
-			printf("1: %s\n", strerror(errno));
-			close(ruleset_fd);
-			close(path_beneath.parent_fd);
-			return "Failed to add path exception to landlock sandbox ruleset";
-		}
-		close(path_beneath.parent_fd);
-	}
-	if (landlock_restrict_self(ruleset_fd, 0)) { close(ruleset_fd); return "Failed to enforce landlock ruleset"; }
+	char path[255];
+	memset(path, 0, sizeof(path));
+	const char* exception_path = getcwd(path, sizeof(path));
+	sandbox_except_path(ruleset_fd, exception_path, LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_REMOVE_FILE | LANDLOCK_ACCESS_FS_MAKE_DIR | LANDLOCK_ACCESS_FS_REMOVE_DIR);
+	sandbox_except_path(ruleset_fd, "/dev", LANDLOCK_ACCESS_FS_WRITE_FILE);
+
+	if (landlock_restrict_self(ruleset_fd, 0) != 0) ABORT("Failed to enforce landlock ruleset: %s", strerror(errno));
+
 	close(ruleset_fd);
-	return nullptr;
 }

src/sandbox.h

@@ -1,14 +1,11 @@
 #pragma once
 
 /// Basic sandboxing that you always want. Call this immediately upon program start.
-const char* sandbox_level_one();
+void sandbox_level_one();
 
 /// Run at the program start after evaluating command-line arguments. It will limit certain policies that we never need.
-/// Returns null on success, or an error string on failure. Initialize the window system integration before calling this.
-const char* sandbox_level_two();
+/// Initialize the window system integration before calling this.
+void sandbox_level_two();
 
-/// You need to open all files prior to starting this, eg if you want to dump results into a JSON, open the output file first.
-/// Returns null on success, or an error string on failure. Note that this applies to an individual thread and its children,
-/// so use before spawning or apply to it to each child and the parent thread, and make sure child threads cannot race the
-/// parent setting its policy.
-const char* sandbox_level_three();
+/// Run right before starting parsing untrusted data, after setting up all internal state and connections.
+void sandbox_level_three();

src/tool.cpp

@@ -73,11 +73,7 @@ static std::string get_str(const char* in, int& remaining)
 
 static void replay_thread(lava_reader* replayer, int thread_id)
 {
-	if (p__sandbox_level >= 2)
-	{
-		const char* err = sandbox_level_three();
-		if (err) WLOG("Warning: Failed to increase sandbox to level three: %s", err);
-	}
+	if (p__sandbox_level >= 2) sandbox_level_three();
 	lava_file_reader& t = replayer->file_reader(thread_id);
 	uint8_t instrtype;
 	assert(t.run == false);
@@ -163,11 +159,7 @@ int main(int argc, char **argv)
 	std::string filename_output;
 	bool validate_remap = false;
 
-	if (p__sandbox_level >= 1)
-	{
-		const char* err = sandbox_level_one();
-		if (err) WLOG("Warning: Failed to increase sandbox to level one: %s", err);
-	}
+	if (p__sandbox_level >= 1) sandbox_level_one();
 
 	for (int i = 1; i < argc; i++)
 	{
@@ -248,11 +240,7 @@ int main(int argc, char **argv)
 
 	if (!filename_output.empty()) DIE("Output file support still to be done!");
 
-	if (p__sandbox_level >= 3)
-	{
-		const char* err = sandbox_level_two();
-		if (err) WLOG("Warning: Failed to increase sandbox to level two: %s", err);
-	}
+	if (p__sandbox_level >= 3) sandbox_level_two();
 
 	std::list<address_rewrite> rewrite_queue_copy;
 

src/window.cpp

@@ -119,10 +119,17 @@ void wsi_initialize(const char* name)
 		int scr = 0;
 		context.xcb.connection = xcb_connect(nullptr, &scr);
 		int err = xcb_connection_has_error(context.xcb.connection);
-		if (err)
+		if (err && name)
 		{
 			ABORT("Failed to connect to XCB server: %s (%d)", lavaxcb_strerror(err), err);
 		}
+		else if (err) // graceful fallback
+		{
+			ILOG("Failed to connect to XCB server (%s) -- falling back to \"none\" WSI ", lavaxcb_strerror(err));
+			context.winsys = "none";
+			p__noscreen = 1;
+			return;
+		}
 		const xcb_setup_t *setup = xcb_get_setup(context.xcb.connection);
 		if (!setup) ABORT("Failed to setup XCB connection");
 		xcb_screen_iterator_t iter = xcb_setup_roots_iterator(setup);