feat: replace shared_mem_mut() with bounds-checked guest_memory_ptr()

Replace the public shared_mem_mut() API (which exposed the full
shared memory region) with a narrower guest_memory_ptr() method that
takes an offset and length, bounds-checks against the allocated region,
and returns the corresponding host pointer.

Signed-off-by: danbugs <danilochiarlone@gmail.com>

Author: danbugs

src/hyperlight_host/src/sandbox/uninitialized.rs

@@ -29,9 +29,10 @@ use crate::func::host_functions::{HostFunction, register_host_function};
 use crate::func::{ParameterTuple, SupportedReturnType};
 #[cfg(feature = "build-metadata")]
 use crate::log_build_details;
+use crate::mem::layout::SandboxMemoryLayout;
 use crate::mem::memory_region::{DEFAULT_GUEST_BLOB_MEM_FLAGS, MemoryRegionFlags};
 use crate::mem::mgr::SandboxMemoryManager;
-use crate::mem::shared_mem::ExclusiveSharedMemory;
+use crate::mem::shared_mem::{ExclusiveSharedMemory, SharedMemory};
 use crate::sandbox::SandboxConfiguration;
 use crate::{MultiUseSandbox, Result, new_error};
 
@@ -169,9 +170,41 @@ impl<'a> From<GuestBinary<'a>> for GuestEnvironment<'a, '_> {
 }
 
 impl UninitializedSandbox {
-    /// Returns a mutable reference to the sandbox's shared memory region.
-    pub fn shared_mem_mut(&mut self) -> &mut ExclusiveSharedMemory {
-        &mut self.mgr.shared_mem
+    /// Returns a host-side pointer to a specific guest physical address (GPA)
+    /// within the sandbox's shared memory region.
+    ///
+    /// This is the safe way to obtain host-side access to guest memory.
+    /// The method validates that the GPA falls within the sandbox's
+    /// allocated memory region before returning the corresponding host pointer.
+    ///
+    /// # Safety
+    ///
+    /// The returned pointer is valid as long as the sandbox (and its underlying
+    /// shared memory mapping) remains alive. Dereferencing the pointer requires
+    /// `unsafe` code and the caller must ensure proper synchronization.
+    pub fn guest_memory_ptr(&mut self, gpa: usize) -> Result<*mut u8> {
+        let base = SandboxMemoryLayout::BASE_ADDRESS;
+        let mem_size = self.mgr.shared_mem.mem_size();
+
+        if gpa < base {
+            return Err(new_error!(
+                "GPA {:#x} is below the sandbox base address {:#x}",
+                gpa,
+                base
+            ));
+        }
+
+        let offset = gpa - base;
+        if offset >= mem_size {
+            return Err(new_error!(
+                "GPA {:#x} (offset {:#x}) is beyond sandbox memory size {:#x}",
+                gpa,
+                offset,
+                mem_size
+            ));
+        }
+
+        Ok(unsafe { self.mgr.shared_mem.base_ptr().add(offset) })
     }
 
     // Creates a new uninitialized sandbox from a pre-built snapshot.