OLD | NEW |
(Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
| 6 |
| 7 #include <errno.h> |
| 8 #include <fcntl.h> |
| 9 #include <pthread.h> |
| 10 #include <sched.h> |
| 11 #include <signal.h> |
| 12 #include <stdlib.h> |
| 13 #include <string.h> |
| 14 #include <sys/mman.h> |
| 15 #include <sys/prctl.h> |
| 16 #include <sys/ptrace.h> |
| 17 #include <sys/socket.h> |
| 18 #include <sys/syscall.h> |
| 19 #include <sys/types.h> |
| 20 #include <sys/wait.h> |
| 21 #include <unistd.h> |
| 22 |
| 23 #include "base/bind.h" |
| 24 #include "base/callback.h" |
| 25 #include "base/compiler_specific.h" |
| 26 #include "base/files/scoped_file.h" |
| 27 #include "base/logging.h" |
| 28 #include "base/posix/eintr_wrapper.h" |
| 29 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 30 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 31 |
| 32 namespace { |
| 33 |
| 34 void DoPipe(base::ScopedFD* fds) { |
| 35 int tmp_fds[2]; |
| 36 BPF_ASSERT_EQ(0, pipe(tmp_fds)); |
| 37 fds[0].reset(tmp_fds[0]); |
| 38 fds[1].reset(tmp_fds[1]); |
| 39 } |
| 40 |
| 41 void DoSocketpair(base::ScopedFD* fds) { |
| 42 int tmp_fds[2]; |
| 43 BPF_ASSERT_EQ(0, socketpair(AF_UNIX, SOCK_STREAM, 0, tmp_fds)); |
| 44 fds[0].reset(tmp_fds[0]); |
| 45 fds[1].reset(tmp_fds[1]); |
| 46 } |
| 47 |
| 48 TEST(NaClNonSfiSandboxTest, BPFIsSupported) { |
| 49 bool seccomp_bpf_supported = false; |
| 50 // Seccomp-BPF tests die under TSAN v2. See http://crbug.com/356588 |
| 51 #if !defined(THREAD_SANITIZER) |
| 52 seccomp_bpf_supported = ( |
| 53 sandbox::SandboxBPF::SupportsSeccompSandbox(-1) == |
| 54 sandbox::SandboxBPF::STATUS_AVAILABLE); |
| 55 #endif |
| 56 |
| 57 if (!seccomp_bpf_supported) { |
| 58 LOG(ERROR) << "Seccomp BPF is not supported, these tests " |
| 59 << "will pass without running"; |
| 60 } |
| 61 } |
| 62 |
| 63 BPF_DEATH_TEST(NaClNonSfiSandboxTest, invalid_sysno, |
| 64 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 65 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 66 syscall(999); |
| 67 } |
| 68 |
| 69 const int kExpectedValue = 123; |
| 70 |
| 71 void* SetValueInThread(void* test_val_ptr) { |
| 72 *reinterpret_cast<int*>(test_val_ptr) = kExpectedValue; |
| 73 return NULL; |
| 74 } |
| 75 |
| 76 BPF_TEST(NaClNonSfiSandboxTest, clone_by_pthread_create, |
| 77 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 78 // clone call for thread creation is allowed. |
| 79 pthread_t th; |
| 80 int test_val = 42; |
| 81 BPF_ASSERT_EQ(0, pthread_create(&th, NULL, &SetValueInThread, &test_val)); |
| 82 BPF_ASSERT_EQ(0, pthread_join(th, NULL)); |
| 83 BPF_ASSERT_EQ(kExpectedValue, test_val); |
| 84 } |
| 85 |
| 86 int DoFork() { |
| 87 // Call clone() to do a fork(). |
| 88 const int pid = syscall(__NR_clone, SIGCHLD, NULL); |
| 89 if (pid == 0) |
| 90 _exit(0); |
| 91 return pid; |
| 92 } |
| 93 |
| 94 // The sanity check for DoFork without the sandbox. |
| 95 TEST(NaClNonSfiSandboxTest, DoFork) { |
| 96 const int pid = DoFork(); |
| 97 ASSERT_LT(0, pid); |
| 98 int status; |
| 99 ASSERT_EQ(pid, HANDLE_EINTR(waitpid(pid, &status, 0))); |
| 100 ASSERT_TRUE(WIFEXITED(status)); |
| 101 ASSERT_EQ(0, WEXITSTATUS(status)); |
| 102 } |
| 103 |
| 104 // Then, try this in the sandbox. |
| 105 BPF_DEATH_TEST(NaClNonSfiSandboxTest, clone_for_fork, |
| 106 DEATH_MESSAGE(sandbox::GetCloneErrorMessageContentForTests()), |
| 107 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 108 DoFork(); |
| 109 } |
| 110 |
| 111 BPF_TEST(NaClNonSfiSandboxTest, prctl_SET_NAME, |
| 112 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 113 errno = 0; |
| 114 BPF_ASSERT_EQ(-1, syscall(__NR_prctl, PR_SET_NAME, "foo")); |
| 115 BPF_ASSERT_EQ(EPERM, errno); |
| 116 } |
| 117 |
| 118 BPF_DEATH_TEST(NaClNonSfiSandboxTest, prctl_SET_DUMPABLE, |
| 119 DEATH_MESSAGE(sandbox::GetPrctlErrorMessageContentForTests()), |
| 120 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 121 syscall(__NR_prctl, PR_SET_DUMPABLE, 1UL); |
| 122 } |
| 123 |
| 124 BPF_TEST(NaClNonSfiSandboxTest, socketcall_allowed, |
| 125 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 126 base::ScopedFD fds[2]; |
| 127 struct msghdr msg = {}; |
| 128 struct iovec iov; |
| 129 std::string payload("foo"); |
| 130 iov.iov_base = &payload[0]; |
| 131 iov.iov_len = payload.size(); |
| 132 msg.msg_iov = &iov; |
| 133 msg.msg_iovlen = 1; |
| 134 DoSocketpair(fds); |
| 135 BPF_ASSERT_EQ(static_cast<int>(payload.size()), |
| 136 HANDLE_EINTR(sendmsg(fds[1].get(), &msg, 0))); |
| 137 BPF_ASSERT_EQ(static_cast<int>(payload.size()), |
| 138 HANDLE_EINTR(recvmsg(fds[0].get(), &msg, 0))); |
| 139 BPF_ASSERT_EQ(0, shutdown(fds[0].get(), SHUT_RDWR)); |
| 140 } |
| 141 |
| 142 BPF_DEATH_TEST(NaClNonSfiSandboxTest, accept, |
| 143 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 144 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 145 accept(0, NULL, NULL); |
| 146 } |
| 147 |
| 148 BPF_DEATH_TEST(NaClNonSfiSandboxTest, bind, |
| 149 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 150 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 151 bind(0, NULL, 0); |
| 152 } |
| 153 |
| 154 BPF_DEATH_TEST(NaClNonSfiSandboxTest, connect, |
| 155 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 156 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 157 connect(0, NULL, 0); |
| 158 } |
| 159 |
| 160 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getpeername, |
| 161 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 162 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 163 getpeername(0, NULL, NULL); |
| 164 } |
| 165 |
| 166 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getsockname, |
| 167 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 168 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 169 getsockname(0, NULL, NULL); |
| 170 } |
| 171 |
| 172 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getsockopt, |
| 173 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 174 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 175 getsockopt(0, 0, 0, NULL, NULL); |
| 176 } |
| 177 |
| 178 BPF_DEATH_TEST(NaClNonSfiSandboxTest, listen, |
| 179 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 180 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 181 listen(0, 0); |
| 182 } |
| 183 |
| 184 BPF_DEATH_TEST(NaClNonSfiSandboxTest, recv, |
| 185 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 186 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 187 recv(0, NULL, 0, 0); |
| 188 } |
| 189 |
| 190 BPF_DEATH_TEST(NaClNonSfiSandboxTest, recvfrom, |
| 191 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 192 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 193 recvfrom(0, NULL, 0, 0, NULL, NULL); |
| 194 } |
| 195 |
| 196 BPF_DEATH_TEST(NaClNonSfiSandboxTest, send, |
| 197 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 198 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 199 send(0, NULL, 0, 0); |
| 200 } |
| 201 |
| 202 BPF_DEATH_TEST(NaClNonSfiSandboxTest, sendto, |
| 203 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 204 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 205 sendto(0, NULL, 0, 0, NULL, 0); |
| 206 } |
| 207 |
| 208 BPF_DEATH_TEST(NaClNonSfiSandboxTest, setsockopt, |
| 209 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 210 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 211 setsockopt(0, 0, 0, NULL, 0); |
| 212 } |
| 213 |
| 214 BPF_DEATH_TEST(NaClNonSfiSandboxTest, socket, |
| 215 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 216 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 217 socket(0, 0, 0); |
| 218 } |
| 219 |
| 220 #if defined(__x86_64__) || defined(__arm__) |
| 221 BPF_DEATH_TEST(NaClNonSfiSandboxTest, socketpair, |
| 222 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 223 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 224 int fds[2]; |
| 225 socketpair(AF_INET, SOCK_STREAM, 0, fds); |
| 226 } |
| 227 #endif |
| 228 |
| 229 BPF_TEST(NaClNonSfiSandboxTest, fcntl_SETFD_allowed, |
| 230 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 231 base::ScopedFD fds[2]; |
| 232 DoSocketpair(fds); |
| 233 BPF_ASSERT_EQ(0, fcntl(fds[0].get(), F_SETFD, FD_CLOEXEC)); |
| 234 } |
| 235 |
| 236 BPF_DEATH_TEST(NaClNonSfiSandboxTest, fcntl_SETFD, |
| 237 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 238 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 239 base::ScopedFD fds[2]; |
| 240 DoSocketpair(fds); |
| 241 fcntl(fds[0].get(), F_SETFD, 99); |
| 242 } |
| 243 |
| 244 BPF_TEST(NaClNonSfiSandboxTest, fcntl_GETFL_SETFL_allowed, |
| 245 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 246 base::ScopedFD fds[2]; |
| 247 DoPipe(fds); |
| 248 const int fd = fds[0].get(); |
| 249 BPF_ASSERT_EQ(0, fcntl(fd, F_GETFL)); |
| 250 BPF_ASSERT_EQ(0, fcntl(fd, F_SETFL, O_RDWR | O_NONBLOCK)); |
| 251 BPF_ASSERT_EQ(O_NONBLOCK, fcntl(fd, F_GETFL)); |
| 252 } |
| 253 |
| 254 BPF_DEATH_TEST(NaClNonSfiSandboxTest, fcntl_GETFL_SETFL, |
| 255 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 256 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 257 base::ScopedFD fds[2]; |
| 258 DoSocketpair(fds); |
| 259 fcntl(fds[0].get(), F_SETFL, O_APPEND); |
| 260 } |
| 261 |
| 262 BPF_DEATH_TEST(NaClNonSfiSandboxTest, fcntl_DUPFD, |
| 263 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 264 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 265 fcntl(0, F_DUPFD); |
| 266 } |
| 267 |
| 268 BPF_DEATH_TEST(NaClNonSfiSandboxTest, fcntl_DUPFD_CLOEXEC, |
| 269 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 270 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 271 fcntl(0, F_DUPFD_CLOEXEC); |
| 272 } |
| 273 |
| 274 void* DoAllowedAnonymousMmap() { |
| 275 return mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, |
| 276 MAP_ANONYMOUS | MAP_SHARED, -1, 0); |
| 277 } |
| 278 |
| 279 BPF_TEST(NaClNonSfiSandboxTest, mmap_allowed, |
| 280 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 281 void* ptr = DoAllowedAnonymousMmap(); |
| 282 BPF_ASSERT_NE(MAP_FAILED, ptr); |
| 283 BPF_ASSERT_EQ(0, munmap(ptr, getpagesize())); |
| 284 } |
| 285 |
| 286 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_unallowed_flag, |
| 287 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 288 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 289 mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, |
| 290 MAP_ANONYMOUS | MAP_POPULATE, -1, 0); |
| 291 } |
| 292 |
| 293 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_unallowed_prot, |
| 294 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 295 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 296 mmap(NULL, getpagesize(), PROT_READ | PROT_GROWSDOWN, |
| 297 MAP_ANONYMOUS, -1, 0); |
| 298 } |
| 299 |
| 300 // TODO(hamaji): Disallow RWX mmap. |
| 301 #if 0 |
| 302 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_rwx, |
| 303 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 304 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 305 mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC, |
| 306 MAP_ANONYMOUS, -1, 0); |
| 307 } |
| 308 #endif |
| 309 |
| 310 BPF_TEST(NaClNonSfiSandboxTest, mprotect_allowed, |
| 311 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 312 void* ptr = DoAllowedAnonymousMmap(); |
| 313 BPF_ASSERT_NE(MAP_FAILED, ptr); |
| 314 BPF_ASSERT_EQ(0, mprotect(ptr, getpagesize(), PROT_READ)); |
| 315 BPF_ASSERT_EQ(0, munmap(ptr, getpagesize())); |
| 316 } |
| 317 |
| 318 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mprotect_unallowed_prot, |
| 319 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 320 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 321 // We have tested DoAllowedAnonymousMmap is allowed in |
| 322 // mmap_allowed, so we can make sure the following mprotect call |
| 323 // kills the process. |
| 324 void* ptr = DoAllowedAnonymousMmap(); |
| 325 BPF_ASSERT_NE(MAP_FAILED, ptr); |
| 326 mprotect(ptr, getpagesize(), PROT_READ | PROT_GROWSDOWN); |
| 327 } |
| 328 |
| 329 BPF_TEST(NaClNonSfiSandboxTest, brk, |
| 330 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 331 char* next_brk = static_cast<char*>(sbrk(0)) + getpagesize(); |
| 332 // The kernel interface must return zero for brk. |
| 333 BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk)); |
| 334 // The libc wrapper translates it to ENOMEM. |
| 335 errno = 0; |
| 336 BPF_ASSERT_EQ(-1, brk(next_brk)); |
| 337 BPF_ASSERT_EQ(ENOMEM, errno); |
| 338 } |
| 339 |
| 340 #if defined(__i386__) || defined(__arm__) |
| 341 BPF_TEST(NaClNonSfiSandboxTest, getegid32_EPERM, |
| 342 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 343 errno = 0; |
| 344 BPF_ASSERT_EQ(-1, syscall(__NR_getegid32)); |
| 345 BPF_ASSERT_EQ(EPERM, errno); |
| 346 } |
| 347 |
| 348 BPF_TEST(NaClNonSfiSandboxTest, geteuid32_EPERM, |
| 349 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 350 errno = 0; |
| 351 BPF_ASSERT_EQ(-1, syscall(__NR_geteuid32)); |
| 352 BPF_ASSERT_EQ(EPERM, errno); |
| 353 } |
| 354 |
| 355 BPF_TEST(NaClNonSfiSandboxTest, getgid32_EPERM, |
| 356 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 357 errno = 0; |
| 358 BPF_ASSERT_EQ(-1, syscall(__NR_getgid32)); |
| 359 BPF_ASSERT_EQ(EPERM, errno); |
| 360 } |
| 361 |
| 362 BPF_TEST(NaClNonSfiSandboxTest, getuid32_EPERM, |
| 363 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 364 errno = 0; |
| 365 BPF_ASSERT_EQ(-1, syscall(__NR_getuid32)); |
| 366 BPF_ASSERT_EQ(EPERM, errno); |
| 367 } |
| 368 |
| 369 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getegid_SIGSYS, |
| 370 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 371 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 372 syscall(__NR_getegid); |
| 373 } |
| 374 |
| 375 BPF_DEATH_TEST(NaClNonSfiSandboxTest, geteuid_SIGSYS, |
| 376 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 377 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 378 syscall(__NR_geteuid); |
| 379 } |
| 380 |
| 381 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getgid_SIGSYS, |
| 382 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 383 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 384 syscall(__NR_getgid); |
| 385 } |
| 386 |
| 387 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getuid_SIGSYS, |
| 388 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 389 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 390 syscall(__NR_getuid); |
| 391 } |
| 392 #endif |
| 393 |
| 394 #if defined(__x86_64__) |
| 395 BPF_TEST(NaClNonSfiSandboxTest, getegid_EPERM, |
| 396 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 397 errno = 0; |
| 398 BPF_ASSERT_EQ(-1, syscall(__NR_getegid)); |
| 399 BPF_ASSERT_EQ(EPERM, errno); |
| 400 } |
| 401 |
| 402 BPF_TEST(NaClNonSfiSandboxTest, geteuid_EPERM, |
| 403 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 404 errno = 0; |
| 405 BPF_ASSERT_EQ(-1, syscall(__NR_geteuid)); |
| 406 BPF_ASSERT_EQ(EPERM, errno); |
| 407 } |
| 408 |
| 409 BPF_TEST(NaClNonSfiSandboxTest, getgid_EPERM, |
| 410 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 411 errno = 0; |
| 412 BPF_ASSERT_EQ(-1, syscall(__NR_getgid)); |
| 413 BPF_ASSERT_EQ(EPERM, errno); |
| 414 } |
| 415 |
| 416 BPF_TEST(NaClNonSfiSandboxTest, getuid_EPERM, |
| 417 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 418 errno = 0; |
| 419 BPF_ASSERT_EQ(-1, syscall(__NR_getuid)); |
| 420 BPF_ASSERT_EQ(EPERM, errno); |
| 421 } |
| 422 #endif |
| 423 |
| 424 BPF_TEST(NaClNonSfiSandboxTest, madvise_EPERM, |
| 425 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 426 errno = 0; |
| 427 BPF_ASSERT_EQ(-1, syscall(__NR_madvise)); |
| 428 BPF_ASSERT_EQ(EPERM, errno); |
| 429 } |
| 430 |
| 431 BPF_TEST(NaClNonSfiSandboxTest, open_EPERM, |
| 432 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 433 errno = 0; |
| 434 BPF_ASSERT_EQ(-1, syscall(__NR_open)); |
| 435 BPF_ASSERT_EQ(EPERM, errno); |
| 436 } |
| 437 |
| 438 BPF_TEST(NaClNonSfiSandboxTest, ptrace_EPERM, |
| 439 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 440 errno = 0; |
| 441 BPF_ASSERT_EQ(-1, syscall(__NR_ptrace)); |
| 442 BPF_ASSERT_EQ(EPERM, errno); |
| 443 } |
| 444 |
| 445 BPF_TEST(NaClNonSfiSandboxTest, set_robust_list_EPERM, |
| 446 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 447 errno = 0; |
| 448 BPF_ASSERT_EQ(-1, syscall(__NR_set_robust_list)); |
| 449 BPF_ASSERT_EQ(EPERM, errno); |
| 450 } |
| 451 |
| 452 #if defined(__i386__) || defined(__x86_64__) |
| 453 BPF_TEST(NaClNonSfiSandboxTest, time_EPERM, |
| 454 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 455 errno = 0; |
| 456 BPF_ASSERT_EQ(-1, syscall(__NR_time)); |
| 457 BPF_ASSERT_EQ(EPERM, errno); |
| 458 } |
| 459 #endif |
| 460 |
| 461 } // namespace |
OLD | NEW |