5 files changed, 230 insertions, 271 deletions
diff --git a/pkg/sentry/control/BUILD b/pkg/sentry/control/BUILD
deleted file mode 100644
index cfb33a398..000000000
--- a/pkg/sentry/control/BUILD
+++ /dev/null
@@ -1,65 +0,0 @@
-load("//tools:defs.bzl", "go_library", "go_test", "proto_library")
-
-package(licenses = ["notice"])
-
-proto_library(
-    name = "control",
-    srcs = ["control.proto"],
-    visibility = ["//visibility:public"],
-)
-
-go_library(
-    name = "control",
-    srcs = [
-        "control.go",
-        "events.go",
-        "fs.go",
-        "lifecycle.go",
-        "logging.go",
-        "pprof.go",
-        "proc.go",
-        "state.go",
-        "usage.go",
-    ],
-    visibility = [
-        "//:sandbox",
-    ],
-    deps = [
-        "//pkg/abi/linux",
-        "//pkg/context",
-        "//pkg/eventchannel",
-        "//pkg/fd",
-        "//pkg/log",
-        "//pkg/sentry/fdimport",
-        "//pkg/sentry/fs",
-        "//pkg/sentry/fs/host",
-        "//pkg/sentry/fs/user",
-        "//pkg/sentry/fsimpl/host",
-        "//pkg/sentry/kernel",
-        "//pkg/sentry/kernel/auth",
-        "//pkg/sentry/kernel/time",
-        "//pkg/sentry/limits",
-        "//pkg/sentry/state",
-        "//pkg/sentry/strace",
-        "//pkg/sentry/usage",
-        "//pkg/sentry/vfs",
-        "//pkg/sentry/watchdog",
-        "//pkg/sync",
-        "//pkg/tcpip/link/sniffer",
-        "//pkg/urpc",
-        "//pkg/usermem",
-        "@org_golang_x_sys//unix:go_default_library",
-    ],
-)
-
-go_test(
-    name = "control_test",
-    size = "small",
-    srcs = ["proc_test.go"],
-    library = ":control",
-    deps = [
-        "//pkg/log",
-        "//pkg/sentry/kernel/time",
-        "//pkg/sentry/usage",
-    ],
-)
diff --git a/pkg/sentry/control/control.proto b/pkg/sentry/control/control.proto
deleted file mode 100644
index 72dda3fbc..000000000
--- a/pkg/sentry/control/control.proto
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2021 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package gvisor;
-
-// ControlConfig configures the permission of controls.
-message ControlConfig {
-  // Names for individual control URPC service objects.
-  // Any new service object that should be given conditional access should be
-  // named here and conditionally added based on presence in allowed_controls.
-  enum Endpoint {
-    UNKNOWN = 0;
-    EVENTS = 1;
-    FS = 2;
-    LIFECYCLE = 3;
-    LOGGING = 4;
-    PROFILE = 5;
-    USAGE = 6;
-    PROC = 7;
-    STATE = 8;
-    DEBUG = 9;
-  }
-
-  // allowed_controls represents which endpoints may be registered to the
-  // server.
-  repeated Endpoint allowed_controls = 1;
-}
diff --git a/pkg/sentry/control/control_go_proto/control.pb.go b/pkg/sentry/control/control_go_proto/control.pb.go
new file mode 100644
index 000000000..bd4a82b05
--- /dev/null
+++ b/pkg/sentry/control/control_go_proto/control.pb.go
@@ -0,0 +1,227 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.17.0
+// source: pkg/sentry/control/control.proto
+
+package control_go_proto
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ControlConfig_Endpoint int32
+
+const (
+	ControlConfig_UNKNOWN   ControlConfig_Endpoint = 0
+	ControlConfig_EVENTS    ControlConfig_Endpoint = 1
+	ControlConfig_FS        ControlConfig_Endpoint = 2
+	ControlConfig_LIFECYCLE ControlConfig_Endpoint = 3
+	ControlConfig_LOGGING   ControlConfig_Endpoint = 4
+	ControlConfig_PROFILE   ControlConfig_Endpoint = 5
+	ControlConfig_USAGE     ControlConfig_Endpoint = 6
+	ControlConfig_PROC      ControlConfig_Endpoint = 7
+	ControlConfig_STATE     ControlConfig_Endpoint = 8
+	ControlConfig_DEBUG     ControlConfig_Endpoint = 9
+)
+
+// Enum value maps for ControlConfig_Endpoint.
+var (
+	ControlConfig_Endpoint_name = map[int32]string{
+		0: "UNKNOWN",
+		1: "EVENTS",
+		2: "FS",
+		3: "LIFECYCLE",
+		4: "LOGGING",
+		5: "PROFILE",
+		6: "USAGE",
+		7: "PROC",
+		8: "STATE",
+		9: "DEBUG",
+	}
+	ControlConfig_Endpoint_value = map[string]int32{
+		"UNKNOWN":   0,
+		"EVENTS":    1,
+		"FS":        2,
+		"LIFECYCLE": 3,
+		"LOGGING":   4,
+		"PROFILE":   5,
+		"USAGE":     6,
+		"PROC":      7,
+		"STATE":     8,
+		"DEBUG":     9,
+	}
+)
+
+func (x ControlConfig_Endpoint) Enum() *ControlConfig_Endpoint {
+	p := new(ControlConfig_Endpoint)
+	*p = x
+	return p
+}
+
+func (x ControlConfig_Endpoint) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ControlConfig_Endpoint) Descriptor() protoreflect.EnumDescriptor {
+	return file_pkg_sentry_control_control_proto_enumTypes[0].Descriptor()
+}
+
+func (ControlConfig_Endpoint) Type() protoreflect.EnumType {
+	return &file_pkg_sentry_control_control_proto_enumTypes[0]
+}
+
+func (x ControlConfig_Endpoint) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ControlConfig_Endpoint.Descriptor instead.
+func (ControlConfig_Endpoint) EnumDescriptor() ([]byte, []int) {
+	return file_pkg_sentry_control_control_proto_rawDescGZIP(), []int{0, 0}
+}
+
+type ControlConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AllowedControls []ControlConfig_Endpoint `protobuf:"varint,1,rep,packed,name=allowed_controls,json=allowedControls,proto3,enum=gvisor.ControlConfig_Endpoint" json:"allowed_controls,omitempty"`
+}
+
+func (x *ControlConfig) Reset() {
+	*x = ControlConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pkg_sentry_control_control_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ControlConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ControlConfig) ProtoMessage() {}
+
+func (x *ControlConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pkg_sentry_control_control_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ControlConfig.ProtoReflect.Descriptor instead.
+func (*ControlConfig) Descriptor() ([]byte, []int) {
+	return file_pkg_sentry_control_control_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ControlConfig) GetAllowedControls() []ControlConfig_Endpoint {
+	if x != nil {
+		return x.AllowedControls
+	}
+	return nil
+}
+
+var File_pkg_sentry_control_control_proto protoreflect.FileDescriptor
+
+var file_pkg_sentry_control_control_proto_rawDesc = []byte{
+	0x0a, 0x20, 0x70, 0x6b, 0x67, 0x2f, 0x73, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2f, 0x63, 0x6f, 0x6e,
+	0x74, 0x72, 0x6f, 0x6c, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x06, 0x67, 0x76, 0x69, 0x73, 0x6f, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0d, 0x43,
+	0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x49, 0x0a, 0x10,
+	0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x73,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1e, 0x2e, 0x67, 0x76, 0x69, 0x73, 0x6f, 0x72, 0x2e,
+	0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x45, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x0f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x43,
+	0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x73, 0x22, 0x7f, 0x0a, 0x08, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00,
+	0x12, 0x0a, 0x0a, 0x06, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x53, 0x10, 0x01, 0x12, 0x06, 0x0a, 0x02,
+	0x46, 0x53, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x4c, 0x49, 0x46, 0x45, 0x43, 0x59, 0x43, 0x4c,
+	0x45, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x4c, 0x4f, 0x47, 0x47, 0x49, 0x4e, 0x47, 0x10, 0x04,
+	0x12, 0x0b, 0x0a, 0x07, 0x50, 0x52, 0x4f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x05, 0x12, 0x09, 0x0a,
+	0x05, 0x55, 0x53, 0x41, 0x47, 0x45, 0x10, 0x06, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x52, 0x4f, 0x43,
+	0x10, 0x07, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x54, 0x41, 0x54, 0x45, 0x10, 0x08, 0x12, 0x09, 0x0a,
+	0x05, 0x44, 0x45, 0x42, 0x55, 0x47, 0x10, 0x09, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pkg_sentry_control_control_proto_rawDescOnce sync.Once
+	file_pkg_sentry_control_control_proto_rawDescData = file_pkg_sentry_control_control_proto_rawDesc
+)
+
+func file_pkg_sentry_control_control_proto_rawDescGZIP() []byte {
+	file_pkg_sentry_control_control_proto_rawDescOnce.Do(func() {
+		file_pkg_sentry_control_control_proto_rawDescData = protoimpl.X.CompressGZIP(file_pkg_sentry_control_control_proto_rawDescData)
+	})
+	return file_pkg_sentry_control_control_proto_rawDescData
+}
+
+var file_pkg_sentry_control_control_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pkg_sentry_control_control_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_pkg_sentry_control_control_proto_goTypes = []interface{}{
+	(ControlConfig_Endpoint)(0), // 0: gvisor.ControlConfig.Endpoint
+	(*ControlConfig)(nil),       // 1: gvisor.ControlConfig
+}
+var file_pkg_sentry_control_control_proto_depIdxs = []int32{
+	0, // 0: gvisor.ControlConfig.allowed_controls:type_name -> gvisor.ControlConfig.Endpoint
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_pkg_sentry_control_control_proto_init() }
+func file_pkg_sentry_control_control_proto_init() {
+	if File_pkg_sentry_control_control_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pkg_sentry_control_control_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ControlConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pkg_sentry_control_control_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pkg_sentry_control_control_proto_goTypes,
+		DependencyIndexes: file_pkg_sentry_control_control_proto_depIdxs,
+		EnumInfos:         file_pkg_sentry_control_control_proto_enumTypes,
+		MessageInfos:      file_pkg_sentry_control_control_proto_msgTypes,
+	}.Build()
+	File_pkg_sentry_control_control_proto = out.File
+	file_pkg_sentry_control_control_proto_rawDesc = nil
+	file_pkg_sentry_control_control_proto_goTypes = nil
+	file_pkg_sentry_control_control_proto_depIdxs = nil
+}
diff --git a/pkg/sentry/control/control_state_autogen.go b/pkg/sentry/control/control_state_autogen.go
new file mode 100644
index 000000000..bd5797221
--- /dev/null
+++ b/pkg/sentry/control/control_state_autogen.go
@@ -0,0 +1,3 @@
+// automatically generated by stateify.
+
+package control
diff --git a/pkg/sentry/control/proc_test.go b/pkg/sentry/control/proc_test.go
deleted file mode 100644
index 0a88459b2..000000000
--- a/pkg/sentry/control/proc_test.go
+++ /dev/null
@@ -1,166 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package control
-
-import (
-	"testing"
-
-	"gvisor.dev/gvisor/pkg/log"
-	ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
-	"gvisor.dev/gvisor/pkg/sentry/usage"
-)
-
-func init() {
-	log.SetLevel(log.Debug)
-}
-
-// Tests that ProcessData.Table() prints with the correct format.
-func TestProcessListTable(t *testing.T) {
-	testCases := []struct {
-		pl       []*Process
-		expected string
-	}{
-		{
-			pl:       []*Process{},
-			expected: "UID       PID       PPID      C         TTY       STIME     TIME      CMD",
-		},
-		{
-			pl: []*Process{
-				{
-					UID:   0,
-					PID:   0,
-					PPID:  0,
-					C:     0,
-					TTY:   "?",
-					STime: "0",
-					Time:  "0",
-					Cmd:   "zero",
-				},
-				{
-					UID:   1,
-					PID:   1,
-					PPID:  1,
-					C:     1,
-					TTY:   "pts/4",
-					STime: "1",
-					Time:  "1",
-					Cmd:   "one",
-				},
-			},
-			expected: `UID       PID       PPID      C         TTY       STIME     TIME      CMD
-0         0         0         0         ?         0         0         zero
-1         1         1         1         pts/4     1         1         one`,
-		},
-	}
-
-	for _, tc := range testCases {
-		output := ProcessListToTable(tc.pl)
-
-		if tc.expected != output {
-			t.Errorf("PrintTable(%v): got:\n%s\nwant:\n%s", tc.pl, output, tc.expected)
-		}
-	}
-}
-
-func TestProcessListJSON(t *testing.T) {
-	testCases := []struct {
-		pl       []*Process
-		expected string
-	}{
-		{
-			pl:       []*Process{},
-			expected: "[]",
-		},
-		{
-			pl: []*Process{
-				{
-					UID:   0,
-					PID:   0,
-					PPID:  0,
-					C:     0,
-					STime: "0",
-					Time:  "0",
-					Cmd:   "zero",
-				},
-				{
-					UID:   1,
-					PID:   1,
-					PPID:  1,
-					C:     1,
-					STime: "1",
-					Time:  "1",
-					Cmd:   "one",
-				},
-			},
-			expected: "[0,1]",
-		},
-	}
-
-	for _, tc := range testCases {
-		output, err := PrintPIDsJSON(tc.pl)
-		if err != nil {
-			t.Errorf("failed to generate JSON: %v", err)
-		}
-
-		if tc.expected != output {
-			t.Errorf("PrintJSON(%v): got:\n%s\nwant:\n%s", tc.pl, output, tc.expected)
-		}
-	}
-}
-
-func TestPercentCPU(t *testing.T) {
-	testCases := []struct {
-		stats     usage.CPUStats
-		startTime ktime.Time
-		now       ktime.Time
-		expected  int32
-	}{
-		{
-			// Verify that 100% use is capped at 99.
-			stats:     usage.CPUStats{UserTime: 1e9, SysTime: 1e9},
-			startTime: ktime.FromNanoseconds(7e9),
-			now:       ktime.FromNanoseconds(9e9),
-			expected:  99,
-		},
-		{
-			// Verify that if usage > lifetime, we get at most 99%
-			// usage.
-			stats:     usage.CPUStats{UserTime: 2e9, SysTime: 2e9},
-			startTime: ktime.FromNanoseconds(7e9),
-			now:       ktime.FromNanoseconds(9e9),
-			expected:  99,
-		},
-		{
-			// Verify that 50% usage is reported correctly.
-			stats:     usage.CPUStats{UserTime: 1e9, SysTime: 1e9},
-			startTime: ktime.FromNanoseconds(12e9),
-			now:       ktime.FromNanoseconds(16e9),
-			expected:  50,
-		},
-		{
-			// Verify that 0% usage is reported correctly.
-			stats:     usage.CPUStats{UserTime: 0, SysTime: 0},
-			startTime: ktime.FromNanoseconds(12e9),
-			now:       ktime.FromNanoseconds(14e9),
-			expected:  0,
-		},
-	}
-
-	for _, tc := range testCases {
-		if pcpu := percentCPU(tc.stats, tc.startTime, tc.now); pcpu != tc.expected {
-			t.Errorf("percentCPU(%v, %v, %v): got %d, want %d", tc.stats, tc.startTime, tc.now, pcpu, tc.expected)
-		}
-	}
-}