Delete all reference monitor residues

CONTRIBUTING.md

@@ -120,8 +120,7 @@ One can run tests manually:
 ```sh
 PYTHONPATH=path/to/graphene/Scripts
 PAL_LOADER=path/to/pal-Linux
-PAL_SEC=path/to/pal_sec-Linux
-export PYTHONPATH PAL_LOADER PAL_SEC
+export PYTHONPATH PAL_LOADER
 python3 -m pytest -v -rs test.py
 ```
 

LibOS/glibc-liblibos.patch

@@ -99,11 +99,10 @@ new file mode 100644
 index 0000000..3211637
 --- /dev/null
 +++ b/libos/Versions
-@@ -0,0 +1,8 @@
+@@ -0,0 +1,7 @@
 +liblibos {
 +  GLIBC_2.12 {
 +    checkpoint;
-+    sandbox_create; sandbox_attach; sandbox_current;
 +    msgpersist;
 +    benchmark_rpc; send_rpc; recv_rpc;
 +  }
@@ -113,7 +112,7 @@ new file mode 100644
 index 0000000..8785629
 --- /dev/null
 +++ b/libos/wrapper.c
-@@ -0,0 +1,62 @@
+@@ -0,0 +1,41 @@
 +#include <errno.h>
 +#include <kernel-features.h>
 +#include <shim_unistd.h>
@@ -128,27 +127,6 @@ index 0000000..8785629
 +}
 +#endif
 +
-+#ifdef __NR_sandbox_create
-+long sandbox_create(int flags, const char *fs_sb, struct net_sb *net_sb)
-+{
-+	return INLINE_SYSCALL (sandbox_create, 3, flags, fs_sb, net_sb);
-+}
-+#endif
-+
-+#ifdef __NR_sandbox_attach
-+int sandbox_attach(unsigned int sbid)
-+{
-+	return INLINE_SYSCALL (sandbox_attach, 1, sbid);
-+}
-+#endif
-+
-+#ifdef __NR_sandbox_current
-+long sandbox_current(void)
-+{
-+	return INLINE_SYSCALL (sandbox_current, 0);
-+}
-+#endif
-+
 +#ifdef __NR_msgpersist
 +int msgpersist (int msqid, int cmd)
 +{

LibOS/shim/include/shim_table.h

@@ -317,9 +317,6 @@ long __shim_setns (long, long);
 long __shim_getcpu (long, long, long);
 
 /* libos call entries */
-long __shim_sandbox_create (long, long, long);
-long __shim_sandbox_attach (long);
-long __shim_sandbox_current (void);
 long __shim_msgpersist (long, long);
 long __shim_benchmark_rpc (long, long, long, long);
 long __shim_send_rpc (long, long, long);
@@ -506,10 +503,6 @@ int shim_do_prlimit64(pid_t pid, int resource, const struct __kernel_rlimit64* n
 ssize_t shim_do_sendmmsg (int sockfd, struct mmsghdr * msg, size_t vlen, int flags);
 
 /* libos call implementation */
-long shim_do_sandbox_create (int flags, const char * fs_sb,
-                             struct net_sb * net_sb);
-int shim_do_sandbox_attach (unsigned int sbid);
-long shim_do_sandbox_current (void);
 int shim_do_msgpersist (int msqid, int cmd);
 int shim_do_benchmark_rpc (pid_t pid, int times, const void * buf, size_t size);
 size_t shim_do_send_rpc (pid_t pid, const void * buf, size_t size);
@@ -879,9 +872,6 @@ int shim_prlimit64(pid_t pid, int resource, const struct __kernel_rlimit64* new_
 ssize_t shim_sendmmsg (int sockfd, struct mmsghdr * msg, size_t vlen, int flags);
 
 /* libos call wrappers */
-long shim_sandbox_create (int flags, const char * fs_sb, struct net_sb * net_sb);
-int shim_sandbox_attach (unsigned int sbid);
-long shim_sandbox_current (void);
 int shim_msgpersist (int msqid, int cmd);
 int shim_benchmark_rpc (pid_t pid, int times, const void * buf, size_t size);
 size_t shim_send_rpc (pid_t pid, const void * buf, size_t size);

LibOS/shim/include/shim_unistd.h

@@ -7,41 +7,15 @@
 #include <unistd.h>
 #endif
 
-#define __NR_sandbox_create     (LIBOS_SYSCALL_BASE + 1)
-#define __NR_sandbox_attach     (LIBOS_SYSCALL_BASE + 2)
-#define __NR_sandbox_current    (LIBOS_SYSCALL_BASE + 3)
-
-#define SANDBOX_RPC      0x001
-#define SANDBOX_FS       0x002
-#define SANDBOX_NET      0x004
-
-struct sockaddr;
-
-struct net_sb_rule {
-    int l_addrlen;
-    struct sockaddr * l_addr;
-    int r_addrlen;
-    struct sockaddr * r_addr;
-};
-
-struct net_sb {
-    int nrules;
-    struct net_sb_rule * rules;
-};
-
-long sandbox_create (int flags, const char * fs_sb, struct net_sb * net_sb);
-int sandbox_attach (unsigned int sbid);
-long sandbox_current (void);
-
-#define __NR_msgpersist         (LIBOS_SYSCALL_BASE + 4)
+#define __NR_msgpersist         (LIBOS_SYSCALL_BASE + 1)
 
 #define MSGPERSIST_STORE    0
 #define MSGPERSIST_LOAD     1
 int msgpersist (int msqid, int cmd);
 
-#define __NR_benchmark_rpc      (LIBOS_SYSCALL_BASE + 5)
-#define __NR_send_rpc           (LIBOS_SYSCALL_BASE + 6)
-#define __NR_recv_rpc           (LIBOS_SYSCALL_BASE + 7)
+#define __NR_benchmark_rpc      (LIBOS_SYSCALL_BASE + 2)
+#define __NR_send_rpc           (LIBOS_SYSCALL_BASE + 3)
+#define __NR_recv_rpc           (LIBOS_SYSCALL_BASE + 4)
 
 int benchmark_rpc (pid_t pid, int times, const void * buf, size_t size);
 
@@ -55,7 +29,7 @@ struct nameinfo {
      size_t servlen;
 };
 
-#define __NR_checkpoint         (LIBOS_SYSCALL_BASE + 8)
+#define __NR_checkpoint         (LIBOS_SYSCALL_BASE + 5)
 
 int checkpoint (const char * filename);
 

LibOS/shim/src/shim_parser.c

@@ -395,9 +395,6 @@ struct parser_table {
 
     { .slow = 1, .parser = { NULL } }, /* checkpoint */
     { .slow = 1, .parser = { NULL } }, /* restore */
-    { .slow = 1, .parser = { NULL } }, /* sandbox_create */
-    { .slow = 0, .parser = { NULL } }, /* sandbox_attach */
-    { .slow = 0, .parser = { NULL } }, /* sandbox_current */
     { .slow = 1, .parser = { NULL } }, /* msgpersist */
     { .slow = 1, .parser = { NULL } }, /* benchmark_ipc */
     { .slow = 1, .parser = { NULL } }, /* send_rpc */

LibOS/shim/src/shim_syscalls.c

@@ -1168,14 +1168,6 @@ SHIM_SYSCALL_PASSTHROUGH (getcpu, 3, int, unsigned *, cpu, unsigned *, node,
 
 /* libos calls */
 
-DEFINE_SHIM_SYSCALL (sandbox_create, 3, shim_do_sandbox_create, long,
-                     int, flags, const char *, fs_sb, struct net_sb *, net_sb)
-
-DEFINE_SHIM_SYSCALL (sandbox_attach, 1, shim_do_sandbox_attach, int,
-                     unsigned int, sandboxid)
-
-DEFINE_SHIM_SYSCALL (sandbox_current, 0, shim_do_sandbox_current, long)
-
 DEFINE_SHIM_SYSCALL (msgpersist, 2, shim_do_msgpersist, int, int, msqid,
                      int, cmd)
 

LibOS/shim/src/shim_table.c

@@ -341,12 +341,9 @@ shim_fp shim_table [LIBOS_SYSCALL_BOUND] = {
 
     [LIBOS_SYSCALL_BASE] = (shim_fp) NULL,
 
-    (shim_fp) __shim_sandbox_create,    /* 303 */
-    (shim_fp) __shim_sandbox_attach,    /* 304 */
-    (shim_fp) __shim_sandbox_current,   /* 305 */
-    (shim_fp) __shim_msgpersist,        /* 306 */
-    (shim_fp) __shim_benchmark_rpc,     /* 307 */
-    (shim_fp) __shim_send_rpc,          /* 308 */
-    (shim_fp) __shim_recv_rpc,          /* 309 */
-    (shim_fp) __shim_checkpoint,        /* 310 */
+    (shim_fp) __shim_msgpersist,
+    (shim_fp) __shim_benchmark_rpc,
+    (shim_fp) __shim_send_rpc,
+    (shim_fp) __shim_recv_rpc,
+    (shim_fp) __shim_checkpoint,
 };

LibOS/shim/src/sys/shim_sandbox.c

@@ -1,399 +0,0 @@
-/* Copyright (C) 2014 Stony Brook University
-   This file is part of Graphene Library OS.
-
-   Graphene Library OS is free software: you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public License
-   as published by the Free Software Foundation, either version 3 of the
-   License, or (at your option) any later version.
-
-   Graphene Library OS is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
-
-/*
- * shim_sandbox.c
- */
-
-#include <shim_internal.h>
-#include <shim_table.h>
-#include <shim_fs.h>
-#include <shim_checkpoint.h>
-#include <shim_ipc.h>
-
-#include <pal.h>
-#include <pal_error.h>
-
-#include <errno.h>
-
-struct shim_sandbox {
-    unsigned int   sbid;
-    unsigned int   parent_sbid;
-    IDTYPE         parent_vmid;
-};
-
-static struct shim_sandbox sandbox_info __attribute_migratable;
-
-static inline void append_uri (char * uri, int prefix_len, char * append,
-                               int append_len)
-{
-    if (prefix_len && uri[prefix_len - 1] == ':') {
-        if (append[0] == '/')
-            memcpy(uri + prefix_len, append + 1, append_len);
-        else
-            memcpy(uri + prefix_len, append, append_len + 1);
-    } else {
-        if (append[0] != '/')
-            uri[prefix_len++] = '/';
-        memcpy(uri + prefix_len, append, append_len + 1);
-    }
-}
-
-static int isolate_fs (struct config_store * cfg, const char * path)
-{
-    struct shim_dentry * dent = NULL;
-    int ret = 0;
-
-    if ((ret = path_lookupat(NULL, path, LOOKUP_OPEN, &dent, NULL)) < 0)
-        return ret;
-
-    if (!(dent->state & DENTRY_ISDIRECTORY)) {
-        put_dentry(dent);
-        return -ENOTDIR;
-    }
-
-    size_t dpath_len = 0;
-    char * dpath = dentry_get_path(dent, true, &dpath_len);
-    bool root_created = false;
-    char t[CONFIG_MAX], u[CONFIG_MAX];
-    ssize_t prefix_len;
-
-    int nkeys;
-    ssize_t keybuf_size;
-    keybuf_size = get_config_entries_size(cfg, "fs.mount.other");
-    if (keybuf_size <= 0)
-        goto root;
-
-    char * keybuf = __alloca(keybuf_size);
-    nkeys = get_config_entries(cfg, "fs.mount.other", keybuf, keybuf_size);
-
-    if (nkeys <= 0)
-        goto root;
-
-    char k[CONFIG_MAX], p[CONFIG_MAX];
-    char * tmp = strcpy_static(k, "fs.mount.other.", CONFIG_MAX);
-    const char * key = keybuf, * next = NULL;
-
-    for (int n = 0 ; n < nkeys ; key = next, n++) {
-        for (next = key ; *next ; next++);
-        next++;
-        size_t key_len = next - key - 1;
-        memcpy(tmp, key, key_len);
-        char * kp = tmp + key_len;
-        ssize_t ulen, plen;
-        bool is_chroot = false;
-
-        /* Skip FS that are not chroot */
-        strcpy_static(kp, ".type", (size_t) ((k + CONFIG_MAX) - kp));
-        if (get_config(cfg, k, t, CONFIG_MAX) <= 0)
-            continue;
-        if (strpartcmp_static(t, "chroot"))
-            is_chroot = true;
-
-        strcpy_static(kp, ".uri",  (size_t) ((k + CONFIG_MAX) - kp));
-        if ((ulen = get_config(cfg, k, u, CONFIG_MAX)) <= 0)
-            continue;
-
-        strcpy_static(kp, ".path", (size_t) ((k + CONFIG_MAX) - kp));
-        if ((plen = get_config(cfg, k, p, CONFIG_MAX)) <= 0)
-            continue;
-
-        if ((size_t) plen >= dpath_len) {
-            if (!memcmp(p, dpath, dpath_len)) {
-                if (!p[dpath_len]) {
-                    root_created = true;
-                    debug("kept file rule: %s => %s\n", p, u);
-                    continue;
-                }
-                if (p[dpath_len] != '/')
-                    goto remove;
-                /* keep this FS */
-                continue;
-            } else {
-remove:
-                if (!is_chroot) {
-                    debug("kept file rule: %s => %s\n", p, u);
-                    continue;
-                }
-                set_config(cfg, k, NULL);
-                strcpy_static(kp, ".type", (size_t) ((k + CONFIG_MAX) - kp));
-                set_config(cfg, k, NULL);
-                strcpy_static(kp, ".uri",  (size_t) ((k + CONFIG_MAX) - kp));
-                set_config(cfg, k, NULL);
-                debug("deleted file rule: %s => %s\n", p, u);
-            }
-        } else {
-            if (memcmp(p, dpath, plen))
-                goto remove;
-
-            assert(dpath[plen]);
-            if (dpath[plen] != '/')
-                goto remove;
-            if (!is_chroot) {
-                root_created = true;
-                debug("kept file rule: %s => %s\n", p, u);
-                continue;
-            }
-
-            append_uri(u, ulen, dpath + plen, dpath_len - plen);
-            set_config(cfg, k, dpath);
-            strcpy_static(kp, "uri", (size_t) ((k + CONFIG_MAX) - kp));
-            set_config(cfg, k, u);
-            root_created = true;
-            debug("added file rule: %s => %s\n", dpath, u);
-        }
-    }
-
-root:
-    if ((prefix_len = get_config(cfg, "fs.mount.root.uri", u, CONFIG_MAX)) > 0) {
-        if (get_config(cfg, "fs.mount.root.type", t, CONFIG_MAX) > 0 &&
-            strcmp_static(t, "chroot")) {
-            /* remove the root FS */
-            set_config(cfg, "fs.mount.root.uri",  NULL);
-            set_config(cfg, "fs.mount.root.type", NULL);
-            debug("deleted file rule: root\n");
-
-
-            /* add another FS as part of the original root FS */
-            if (!root_created) {
-                append_uri(u, prefix_len, dpath, dpath_len);
-                set_config(cfg, "fs.mount.other.root.path", dpath);
-                set_config(cfg, "fs.mount.other.root.uri",  u);
-                set_config(cfg, "fs.mount.other.root.type", "chroot");
-                debug("added file rule: %s => %s\n", dpath, u);
-            }
-        }
-    }
-
-    return 0;
-}
-
-static int isolate_net (struct config_store * cfg, struct net_sb * sb)
-{
-    int nkeys;
-    ssize_t keybuf_size;
-    char k[CONFIG_MAX], * keybuf;
-
-    keybuf_size = get_config_entries_size(cfg, "net.rules");
-    if (keybuf_size <= 0)
-        goto add;
-
-    keybuf = __alloca(keybuf_size);
-    nkeys = get_config_entries(cfg, "net.rules", keybuf, keybuf_size);
-
-    if (nkeys <= 0)
-        goto add;
-
-    const char * key = keybuf, * next = NULL;
-    memcpy(k, "net.rules.", 10);
-
-    for (int n = 0 ; n < nkeys ; key = next, n++) {
-        for (next = key ; *next ; next++);
-        next++;
-        int key_len = next - key - 1;
-        memcpy(k + 10, key, key_len);
-        k[10 + key_len] = 0;
-
-        set_config(cfg, k, NULL);
-    }
-
-add:
-    if (!sb)
-        return 0;
-
-    for (int i = 0 ; i < sb->nrules ; i++) {
-        struct net_sb_rule * r = &sb->rules[i];
-        char u[CONFIG_MAX];
-        int ulen;
-        int family = -1;
-
-undo:
-        ulen = 0;
-        for (int turn = 0 ; turn < 2 ; turn++) {
-            struct sockaddr * addr = turn ? r->r_addr : r->l_addr;
-
-            if (turn)
-                u[ulen++] = ':';
-
-            if (!addr) {
-                if (family == -1 || family == AF_INET)
-                    ulen += snprintf(u + ulen, CONFIG_MAX - ulen,
-                                     "0.0.0.0:0-65535");
-                else
-                    ulen += snprintf(u + ulen, CONFIG_MAX - ulen,
-                                     "[0:0:0:0:0:0:0:0]:0-65535]");
-            } else {
-                if (addr->sa_family == AF_INET) {
-                    if (family == AF_INET6)
-                        goto next;
-                    family = AF_INET;
-                    struct sockaddr_in * saddr = (void *) addr;
-                    unsigned char * a = (void *) &saddr->sin_addr.s_addr;
-                    ulen += snprintf(u + ulen, CONFIG_MAX - ulen,
-                                     "%d.%d.%d.%d:%u",
-                                     a[0], a[1], a[2], a[3],
-                                     __ntohs(saddr->sin_port));
-                    continue;
-                }
-
-                if (addr->sa_family == AF_INET6) {
-                    if (family == AF_INET)
-                        goto next;
-                    if (turn && family == -1) {
-                        family = AF_INET6;
-                        goto undo;
-                    }
-
-                    family = AF_INET6;
-                    struct sockaddr_in6 * saddr = (void *) addr;
-                    unsigned short * a = (void *) &saddr->sin6_addr.s6_addr;
-                    ulen += snprintf(u + ulen, CONFIG_MAX - ulen,
-                                     "[%d:%d:%d:%d:%d:%d:%d:%d]:%u",
-                                     a[0], a[1], a[2], a[3],
-                                     a[4], a[5], a[6], a[7],
-                                     __ntohs(saddr->sin6_port));
-                    continue;
-                }
-
-                goto next;
-            }
-        }
-
-        snprintf(k + 10, CONFIG_MAX - 10, "%d", i + 1);
-        set_config(cfg, k, u);
-        debug("added net rule: %s\n", u);
-next:
-        continue;
-    }
-
-    return 0;
-}
-
-static void * __malloc (size_t size)
-{
-    return malloc(size);
-}
-
-static void __free (void * mem)
-{
-    free(mem);
-}
-
-struct cfg_arg {
-    PAL_HANDLE handle;
-    int offset;
-};
-
-static int __write (void * f, void * buf, int len)
-{
-    struct cfg_arg * arg = f;
-
-    int bytes = DkStreamWrite(arg->handle, arg->offset, len, buf, NULL);
-    if (!bytes)
-        return -PAL_ERRNO;
-
-    arg->offset += bytes;
-    return bytes;
-}
-
-long shim_do_sandbox_create (int flags, const char * fs_sb,
-                             struct net_sb * net_sb)
-{
-    unsigned int sbid;
-    char uri[24];
-    PAL_HANDLE handle = NULL;
-
-    int ret = create_handle("file:sandbox-", uri, 24, &handle, &sbid);
-    if (ret < 0)
-        return ret;
-
-    debug("create manifest: %s\n", uri);
-
-    struct config_store * newcfg = __alloca(sizeof(struct config_store));
-    memset(newcfg, 0, sizeof(struct config_store));
-    newcfg->malloc = __malloc;
-    newcfg->free = __free;
-
-    if ((ret = copy_config(root_config, newcfg)) < 0) {
-        newcfg = NULL;
-        goto err;
-    }
-
-    if (flags & SANDBOX_FS)
-        if ((ret = isolate_fs(newcfg, fs_sb)) < 0)
-            goto err;
-
-    if (flags & SANDBOX_NET)
-        if ((ret = isolate_net(newcfg, net_sb)) < 0)
-            goto err;
-
-    struct cfg_arg arg;
-    arg.handle = handle;
-    arg.offset = 0;
-
-    if ((ret = write_config(&arg, __write, newcfg)) < 0)
-        goto err;
-
-    DkObjectClose(handle);
-
-    PAL_BOL success = DkProcessSandboxCreate(uri, flags & SANDBOX_RPC ?
-                                             PAL_SANDBOX_PIPE : 0);
-
-    if (!success) {
-        ret = -PAL_ERRNO;
-        goto err;
-    }
-
-    if (sandbox_info.sbid) {
-        if (!sandbox_info.parent_sbid ||
-            sandbox_info.parent_vmid != cur_process.vmid) {
-            sandbox_info.parent_sbid = sandbox_info.sbid;
-            sandbox_info.parent_vmid = cur_process.vmid;
-        }
-    }
-
-    if (flags & SANDBOX_RPC)
-        del_all_ipc_ports();
-
-    if ((ret = free_config(root_config)) < 0)
-        goto err;
-
-    handle = DkStreamOpen(uri, PAL_ACCESS_RDONLY, 0, 0, 0);
-
-    if (!handle)
-        return -PAL_ERRNO;
-
-    root_config = newcfg;
-    sandbox_info.sbid = sbid;
-    return sbid;
-
-err:
-    free_config(newcfg);
-    DkStreamDelete(handle, 0);
-    DkObjectClose(handle);
-    return ret;
-}
-
-int shim_do_sandbox_attach (unsigned int sbid)
-{
-    __UNUSED(sbid);
-    return -ENOSYS;
-}
-
-long shim_do_sandbox_current (void)
-{
-    return sandbox_info.sbid;
-}

LibOS/shim/test/apps

@@ -1 +1 @@
-Subproject commit c8428cd93ba819f5f613d82d5074fb656ff02215
+Subproject commit 4a5426defa82a2d36c191c33f01dc83c8ea50455

LibOS/shim/test/native/sandbox_create.libos.c

@@ -1,32 +0,0 @@
-#include <stdlib.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <sys/stat.h>
-#include <arpa/inet.h>
-
-#include <shim_unistd.h>
-
-int main(int argc, char ** argv)
-{
-    mkdir("test_sandbox", 0700);
-
-    struct sockaddr_in addr;
-    addr.sin_family = AF_INET;
-    inet_pton(AF_INET, "127.0.0.1", &addr.sin_addr);
-    addr.sin_port = htons(8000);
-
-    struct net_sb net_sb;
-    struct net_sb_rule net_sb_rule;
-    net_sb.nrules = 1;
-    net_sb.rules = &net_sb_rule;
-    net_sb_rule.l_addrlen = 0;
-    net_sb_rule.l_addr = NULL;
-    net_sb_rule.r_addrlen = sizeof(struct sockaddr_in);
-    net_sb_rule.r_addr = (void *) &addr;
-
-    sandbox_create(SANDBOX_FS|SANDBOX_NET|SANDBOX_RPC,
-                   "test_sandbox",
-                   &net_sb);
-
-    return 0;
-}

LibOS/shim/test/regression/Makefile

@@ -55,7 +55,6 @@ $(special_executables) $(c_executables) $(cxx_executables):
 endif
 
 export PAL_LOADER = $(RUNTIME)/pal-$(PAL_HOST)
-export PAL_SEC = $(RUNTIME)/pal_sec-$(PAL_HOST)
 export PYTHONPATH=../../../../Scripts
 
 .PHONY: regression

LibOS/shim/test/regression/test_libos.py

@@ -9,7 +9,6 @@ import subprocess
 from regression import (
     HAS_SGX,
     RegressionTestCase,
-    SandboxTestCase,
     expectedFailureIf,
 )
 

Pal/regression/Makefile

@@ -21,7 +21,6 @@ include ../src/Makefile.Test
 RUNTIME_DIR = $(CURDIR)/../../Runtime
 
 export PAL_LOADER = $(RUNTIME_DIR)/pal-$(PAL_HOST)
-export PAL_SEC = $(RUNTIME_DIR)/pal_sec-$(PAL_HOST)
 
 .PHONY: all
 all: $(call expand_target,$(target)) $(preloads)

Pal/regression/Symbols.c

@@ -17,7 +17,6 @@ int main (int argc, char ** argv, char ** envp)
 
     PRINT_SYMBOL(DkProcessCreate);
     PRINT_SYMBOL(DkProcessExit);
-    PRINT_SYMBOL(DkProcessSandboxCreate);
 
     PRINT_SYMBOL(DkStreamOpen);
     PRINT_SYMBOL(DkStreamWaitForClient);

Pal/regression/test_pal.py

@@ -14,7 +14,6 @@ import unittest
 from regression import (
     HAS_SGX,
     RegressionTestCase,
-    SandboxTestCase,
     expectedFailureIf,
 )
 
@@ -153,7 +152,6 @@ class TC_02_Symbols(RegressionTestCase):
         'DkVirtualMemoryProtect',
         'DkProcessCreate',
         'DkProcessExit',
-        'DkProcessSandboxCreate',
         'DkStreamOpen',
         'DkStreamWaitForClient',
         'DkStreamRead',
@@ -610,13 +608,6 @@ class TC_23_SendHandle(RegressionTestCase):
         self.assertEqual(counter['Receive File Handle: Hello World'], 1)
 
 
-@unittest.expectedFailure
-class TC_30_Sandbox_Bootstrap(SandboxTestCase, TC_01_Bootstrap):
-    pass
-@unittest.expectedFailure
-class TC_31_Sandbox_Process(SandboxTestCase, TC_21_ProcessCreation):
-    pass
-
 @unittest.skipUnless(HAS_SGX, 'need SGX')
 class TC_40_AVXDisable(RegressionTestCase):
     @unittest.expectedFailure

Pal/src/.gitignore

@@ -1,4 +1,3 @@
 /host_endian.h
 /pal
-/pal_sec
 /Makefile.Status

Pal/src/Makefile

@@ -9,7 +9,6 @@ include Makefile.Host
 # (specify in Makefile.am in host-specific directories)
 # For concurrent builds, all PAL targets must be in host-specific directories
 pal_loader =
-pal_sec =
 pal_lib =
 pal_lib_deps =
 pal_lib_post =
@@ -34,7 +33,7 @@ endif
 #     (3) API library targets are in "host/{Host Name}/.lib".
 
 files_to_build = $(pal_lib) $(pal_lib_post) $(pal_static) \
-		 $(pal_loader) $(pal_sec)
+		 $(pal_loader)
 
 defs	= -DIN_PAL -DHOST_TYPE="$(PAL_HOST)" -D$(PAL_HOST_MACRO) -DPAL_DIR=$(PAL_DIR) \
 	  -DRUNTIME_DIR=$(RUNTIME_DIR)
@@ -59,7 +58,6 @@ export DEBUG
 # Install Targets (all in RUNTIME_DIR):
 #       pal-{Host Name}:       loader for PAL (as an executable)
 #       libpal-{Host Name}.so: dynamic-linking library
-#       pal_sec-{Host Name}:   secure loader for PAL (as an executable)
 #       pal_gdb-{Host Name}:   debugger for PAL (as an executable)
 
 runtime_loader = $(RUNTIME_DIR)/pal-$(PAL_HOST)

Pal/src/db_process.c

@@ -67,17 +67,3 @@ noreturn void DkProcessExit (PAL_NUM exitcode)
         /* nothing */;
     LEAVE_PAL_CALL();
 }
-
-PAL_BOL DkProcessSandboxCreate (PAL_STR manifest, PAL_FLG flags)
-{
-    ENTER_PAL_CALL(DkProcessSandboxCreate);
-
-    int ret = _DkProcessSandboxCreate(manifest, flags);
-
-    if (ret < 0) {
-        _DkRaiseFailure(-ret);
-        LEAVE_PAL_CALL_RETURN(PAL_FALSE);
-    }
-
-    LEAVE_PAL_CALL_RETURN(PAL_TRUE);
-}

Pal/src/host/FreeBSD/Makefile

@@ -50,7 +50,7 @@ libpal-FreeBSD.a: $(addsuffix .o,$(objs)) $(graphene_lib)
 
 include ../../../../Makefile.rules
 
-CLEAN_FILES += $(notdir $(pal_static) $(pal_lib) $(pal_sec) $(pal_loader))
+CLEAN_FILES += $(notdir $(pal_static) $(pal_lib) $(pal_loader))
 
 .PHONY: clean
 clean:

Pal/src/host/FreeBSD/db_process.c

@@ -385,15 +385,6 @@ noreturn void _DkProcessExit (int exitcode)
     INLINE_SYSCALL(exit, 1, exitcode);
 }
 
-int _DkProcessSandboxCreate (const char * manifest, int flags)
-{
-    PAL_HANDLE handle = NULL;
-    _DkStreamOpen(&handle, manifest, PAL_ACCESS_RDONLY, 0, 0, 0);
-    pal_state.manifest_handle = handle;
-    pal_state.manifest = manifest;
-    return -PAL_ERROR_NOTIMPLEMENTED;
-}
-
 static int proc_read (PAL_HANDLE handle, int offset, int count,
                           void * buffer)
 {

Pal/src/host/FreeBSD/pal.map

@@ -21,8 +21,6 @@ PAL {
 
         DkProcessCreate; DkProcessExit;
 
-        DkProcessSandboxCreate;
-
         DkSystemTimeQuery; DkRandomBitsRead;
         DkInstructionCacheFlush;
         DkObjectReference; DkObjectClose;

Pal/src/host/Linux-SGX/Makefile

@@ -87,7 +87,7 @@ sgx-driver/isgx_version.h:
 
 include ../../../../Makefile.rules
 
-CLEAN_FILES += $(notdir $(pal_static) $(pal_lib) $(pal_sec) $(pal_loader))
+CLEAN_FILES += $(notdir $(pal_static) $(pal_lib) $(pal_loader))
 CLEAN_FILES += debugger/sgx_gdb.o
 
 .PHONY: clean

Pal/src/host/Linux-SGX/db_process.c

@@ -333,14 +333,6 @@ noreturn void _DkProcessExit (int exitcode)
     }
 }
 
-int _DkProcessSandboxCreate (const char * manifest, int flags)
-{
-    __UNUSED(manifest);
-    __UNUSED(flags);
-
-    return -PAL_ERROR_NOTIMPLEMENTED;
-}
-
 static int64_t proc_read (PAL_HANDLE handle, uint64_t offset, uint64_t count,
                           void * buffer)
 {

Pal/src/host/Linux-SGX/pal.map

@@ -21,8 +21,6 @@ PAL {
 
         DkProcessCreate; DkProcessExit;
 
-        DkProcessSandboxCreate;
-
         DkSystemTimeQuery; DkRandomBitsRead;
         DkInstructionCacheFlush;
         DkObjectReference; DkObjectClose;

Pal/src/host/Linux/Makefile

@@ -50,7 +50,7 @@ libpal-Linux.a: $(addsuffix .o,$(objs)) $(graphene_lib)
 
 include ../../../../Makefile.rules
 
-CLEAN_FILES += $(notdir $(pal_static) $(pal_lib) $(pal_sec) $(pal_loader))
+CLEAN_FILES += $(notdir $(pal_static) $(pal_lib) $(pal_loader))
 
 .PHONY: clean
 clean:

Pal/src/host/Linux/db_process.c

@@ -442,12 +442,6 @@ noreturn void _DkProcessExit (int exitcode)
     }
 }
 
-int _DkProcessSandboxCreate(const char* manifest, int flags) {
-    __UNUSED(manifest);
-    __UNUSED(flags);
-    return -PAL_ERROR_NOTIMPLEMENTED;
-}
-
 static int64_t proc_read (PAL_HANDLE handle, uint64_t offset, uint64_t count,
                       void * buffer)
 {

Pal/src/host/Linux/pal.map

@@ -21,8 +21,6 @@ PAL {
 
         DkProcessCreate; DkProcessExit;
 
-        DkProcessSandboxCreate;
-
         DkSystemTimeQuery; DkRandomBitsRead;
         DkInstructionCacheFlush;
         DkCpuIdRetrieve;

Pal/src/host/Skeleton/db_process.c

@@ -43,11 +43,6 @@ noreturn void _DkProcessExit (int exitcode)
     /* need to be implemented */
 }
 
-int _DkProcessSandboxCreate (const char * manifest, int flags)
-{
-    return -PAL_ERROR_NOTIMPLEMENTED;
-}
-
 static int64_t proc_read (PAL_HANDLE handle, uint64_t offset, uint64_t count,
                           void * buffer)
 {

Pal/src/host/Skeleton/pal.map

@@ -21,8 +21,6 @@ PAL {
 
         DkProcessCreate; DkProcessExit;
 
-        DkProcessSandboxCreate;
-
         DkSystemTimeQuery; DkRandomBitsRead;
         DkInstructionCacheFlush;
         DkObjectReference; DkObjectClose;

Pal/src/pal.h

@@ -274,11 +274,6 @@ DkProcessCreate (PAL_STR uri, PAL_STR * args);
 noreturn void
 DkProcessExit (PAL_NUM exitCode);
 
-#define PAL_SANDBOX_PIPE         0x1
-
-PAL_BOL
-DkProcessSandboxCreate (PAL_STR manifest, PAL_FLG flags);
-
 /* The stream ABI includes nine calls to open, read, write, map, unmap,
  * truncate, flush, delete and wait for I/O streams and three calls to
  * access metadata about an I/O stream. The ABI purposefully does not

Pal/src/pal_internal.h

@@ -303,7 +303,6 @@ int _DkThreadResume (PAL_HANDLE threadHandle);
 int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
                       const char ** args);
 noreturn void _DkProcessExit (int exitCode);
-int _DkProcessSandboxCreate (const char * manifest, int flags);
 
 /* DkMutex calls */
 int _DkMutexCreate (PAL_HANDLE * handle, int initialCount);

README.md

@@ -183,8 +183,8 @@ specifying the programs and manifest files:
 Although manifest files are optional for Graphene, running an application
 usually requires some minimal configuration in its manifest file. A
 sensible manifest file will include paths to the library OS and GNU
-library C, environment variables such as LD_LIBRARY_PATH, file systems to
-be mounted, and isolation rules to be enforced in the reference monitor.
+library C, environment variables such as LD_LIBRARY_PATH and file systems to
+be mounted.
 
 Here is an example of manifest files:
 

Runtime/Makefile

@@ -3,7 +3,7 @@ all:
 
 .PHONY: clean
 clean:
-	rm -f *.a *.o *.so *.so.* pal_gdb* pal-* pal_sec*
+	rm -f *.a *.o *.so *.so.* pal_gdb* pal-*
 
 .PHONY: format
 format:

Scripts/regression.py

@@ -59,7 +59,3 @@ class RegressionTestCase(unittest.TestCase):
             self.assertEqual(e.returncode, returncode,
                 'failed with returncode {} (expected {})'.format(
                     e.returncode, returncode))
-
-
-class SandboxTestCase(RegressionTestCase):
-    LOADER_ENV = 'PAL_SEC'