allowlists: Create allowlist for DisableNamespaces.

This allows to control who is able to disable Linux namespaces via the policybuilder.

Namespaces are a core element of Sandbox2's security posture. We're therefore implementing a similar mechanism as existing for allowing to call all syscalls.

We also introduce a new location for all allowlist tokens to better manage the
code concerned with this functionality.

PiperOrigin-RevId: 721816939
Change-Id: Ic00b1ff9754afc779c4c5155d1ec3c059c3ff5c9

Author: okunz

sandboxed_api/sandbox2/BUILD

@@ -631,6 +631,7 @@ cc_library(
         "@com_google_absl//absl/types:optional",
         "@com_google_absl//absl/types:span",
         "@com_google_sandboxed_api//sandboxed_api:config",
+        "@com_google_sandboxed_api//sandboxed_api/sandbox2/allowlists:namespaces",
         "@com_google_sandboxed_api//sandboxed_api/sandbox2/network_proxy:filtering",
         "@com_google_sandboxed_api//sandboxed_api/sandbox2/util:bpf_helper",
         "@com_google_sandboxed_api//sandboxed_api/util:file_base",

sandboxed_api/sandbox2/CMakeLists.txt

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+add_subdirectory(allowlists)
 add_subdirectory(examples)
 add_subdirectory(unwind)
 add_subdirectory(util)
@@ -559,6 +560,7 @@ target_link_libraries(sandbox2_policybuilder
           sandbox2::bpf_helper
           sandbox2::namespace
           sandbox2::syscall
+          sandbox2::allowlists_namespaces
           sapi::file_base
           sapi::fileops
           sapi::status

sandboxed_api/sandbox2/allowlists/BUILD

@@ -0,0 +1,27 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Description: Collection of allowlist tokens that are used to visibility
+# restrict features in Sandbox2.
+
+load("@com_google_sandboxed_api//sandboxed_api/bazel:build_defs.bzl", "sapi_platform_copts")
+
+licenses(["notice"])
+
+cc_library(
+    name = "namespaces",
+    hdrs = ["namespaces.h"],
+    copts = sapi_platform_copts(),
+    visibility = ["//visibility:public"],
+)

sandboxed_api/sandbox2/allowlists/CMakeLists.txt

@@ -0,0 +1,25 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Description: Collection of allowlist tokens that are used to visibility
+# restrict features in Sandbox2.
+
+# sandboxed_api/sandbox2/allowlists:namespaces
+add_library(sandbox2_allowlists_namespaces ${SAPI_LIB_TYPE}
+  namespaces.h
+)
+add_library(sandbox2::allowlists_namespaces ALIAS sandbox2_allowlists_namespaces)
+target_link_libraries(sandbox2_allowlists_namespaces PRIVATE
+  sapi::base
+)

sandboxed_api/sandbox2/allowlists/namespaces.h

@@ -0,0 +1,27 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef SANDBOXED_API_SANDBOX2_ALLOWLISTS_NAMESPACES_H_
+#define SANDBOXED_API_SANDBOX2_ALLOWLISTS_NAMESPACES_H_
+
+namespace sandbox2 {
+
+class NamespacesToken {
+ public:
+  explicit NamespacesToken() = default;
+};
+
+}  // namespace sandbox2
+
+#endif  // SANDBOXED_API_SANDBOX2_ALLOWLISTS_NAMESPACES_H_

sandboxed_api/sandbox2/policybuilder.cc

@@ -59,6 +59,7 @@
 #include "sandboxed_api/sandbox2/allow_all_syscalls.h"
 #include "sandboxed_api/sandbox2/allow_seccomp_speculation.h"
 #include "sandboxed_api/sandbox2/allow_unrestricted_networking.h"
+#include "sandboxed_api/sandbox2/allowlists/namespaces.h"
 #include "sandboxed_api/sandbox2/forkserver.pb.h"
 #include "sandboxed_api/sandbox2/namespace.h"
 #include "sandboxed_api/sandbox2/network_proxy/filtering.h"
@@ -165,6 +166,23 @@ bool IsOnReadOnlyDev(const std::string& path) {
 
 }  // namespace
 
+PolicyBuilder& PolicyBuilder::DisableNamespaces(NamespacesToken) {
+  if (requires_namespaces_) {
+    SetError(absl::FailedPreconditionError(
+        "Namespaces cannot be both disabled and enabled. You're probably "
+        "using features that implicitly enable namespaces (SetHostname, "
+        "AddFile, AddDirectory, AddDataDependency, AddLibrariesForBinary "
+        "or similar)"));
+    return *this;
+  }
+  use_namespaces_ = false;
+  return *this;
+}
+
+PolicyBuilder& PolicyBuilder::DisableNamespaces() {
+  return DisableNamespaces(NamespacesToken());
+}
+
 PolicyBuilder& PolicyBuilder::Allow(MapExec) {
   allow_map_exec_ = true;
   return *this;

sandboxed_api/sandbox2/policybuilder.h

@@ -46,6 +46,7 @@ struct bpf_labels;
 namespace sandbox2 {
 
 class AllowAllSyscalls;
+class NamespacesToken;
 class LoadUserBpfCodeFromFile;
 class MapExec;
 class SeccompSpeculation;
@@ -155,6 +156,20 @@ class PolicyBuilder final {
     return (Allow(tags), ...);
   }
 
+  // Disables the use of namespaces.
+  //
+  // The default security posture of Sandbox2 depends on the use of namespaces
+  // and syscall filters. By disabling namespaces, the default security posture
+  // is weakened.
+  //
+  // The consequence of disabling namespaces is that the sandboxee will be able
+  // to access the host's file system, network, and other resources if the
+  // appropriate syscalls are also allowed.
+  //
+  // Disabling namespaces is not recommended and should only be done if
+  // absolutely necessary.
+  PolicyBuilder& DisableNamespaces(NamespacesToken);
+
   // Allows the use of memory mappings that are marked as executable.
   //
   // This applies to the mmap and mprotect syscalls and by default, mapped
@@ -845,18 +860,8 @@ class PolicyBuilder final {
   // This will disable *all* namespaces.
   //
   // IMPORTANT: This is not recommended.
-  PolicyBuilder& DisableNamespaces() {
-    if (requires_namespaces_) {
-      SetError(absl::FailedPreconditionError(
-          "Namespaces cannot be both disabled and enabled. You're probably "
-          "using features that implicitly enable namespaces (SetHostname, "
-          "AddFile, AddDirectory, AddDataDependency, AddLibrariesForBinary "
-          "or similar)"));
-      return *this;
-    }
-    use_namespaces_ = false;
-    return *this;
-  }
+  ABSL_DEPRECATED("Use DisableNamespaces(NamespacesToken()) instead.")
+  PolicyBuilder& DisableNamespaces();
 
   // Set hostname in the network namespace.
   //