Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(31)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc

Issue 196793023: Add seccomp sandbox for non-SFI NaCl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc ('k') | sandbox/linux/sandbox_linux.gypi » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h"
6
7 #include <errno.h>
8 #include <fcntl.h>
9 #include <pthread.h>
10 #include <sched.h>
11 #include <signal.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <sys/mman.h>
15 #include <sys/prctl.h>
16 #include <sys/ptrace.h>
17 #include <sys/socket.h>
18 #include <sys/syscall.h>
19 #include <sys/types.h>
20 #include <sys/wait.h>
21 #include <unistd.h>
22
23 #include "base/bind.h"
24 #include "base/callback.h"
25 #include "base/compiler_specific.h"
26 #include "base/files/scoped_file.h"
27 #include "base/logging.h"
28 #include "base/posix/eintr_wrapper.h"
29 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
30 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
31
32 namespace {
33
34 void DoPipe(base::ScopedFD* fds) {
35 int tmp_fds[2];
36 BPF_ASSERT_EQ(0, pipe(tmp_fds));
37 fds[0].reset(tmp_fds[0]);
38 fds[1].reset(tmp_fds[1]);
39 }
40
41 void DoSocketpair(base::ScopedFD* fds) {
42 int tmp_fds[2];
43 BPF_ASSERT_EQ(0, socketpair(AF_UNIX, SOCK_STREAM, 0, tmp_fds));
44 fds[0].reset(tmp_fds[0]);
45 fds[1].reset(tmp_fds[1]);
46 }
47
48 TEST(NaClNonSfiSandboxTest, BPFIsSupported) {
49 bool seccomp_bpf_supported = false;
50 // Seccomp-BPF tests die under TSAN v2. See http://crbug.com/356588
51 #if !defined(THREAD_SANITIZER)
52 seccomp_bpf_supported = (
53 sandbox::SandboxBPF::SupportsSeccompSandbox(-1) ==
54 sandbox::SandboxBPF::STATUS_AVAILABLE);
55 #endif
56
57 if (!seccomp_bpf_supported) {
58 LOG(ERROR) << "Seccomp BPF is not supported, these tests "
59 << "will pass without running";
60 }
61 }
62
63 BPF_DEATH_TEST(NaClNonSfiSandboxTest, invalid_sysno,
64 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
65 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
66 syscall(999);
67 }
68
69 const int kExpectedValue = 123;
70
71 void* SetValueInThread(void* test_val_ptr) {
72 *reinterpret_cast<int*>(test_val_ptr) = kExpectedValue;
73 return NULL;
74 }
75
76 BPF_TEST(NaClNonSfiSandboxTest, clone_by_pthread_create,
77 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
78 // clone call for thread creation is allowed.
79 pthread_t th;
80 int test_val = 42;
81 BPF_ASSERT_EQ(0, pthread_create(&th, NULL, &SetValueInThread, &test_val));
82 BPF_ASSERT_EQ(0, pthread_join(th, NULL));
83 BPF_ASSERT_EQ(kExpectedValue, test_val);
84 }
85
86 int DoFork() {
87 // Call clone() to do a fork().
88 const int pid = syscall(__NR_clone, SIGCHLD, NULL);
89 if (pid == 0)
90 _exit(0);
91 return pid;
92 }
93
94 // The sanity check for DoFork without the sandbox.
95 TEST(NaClNonSfiSandboxTest, DoFork) {
96 const int pid = DoFork();
97 ASSERT_LT(0, pid);
98 int status;
99 ASSERT_EQ(pid, HANDLE_EINTR(waitpid(pid, &status, 0)));
100 ASSERT_TRUE(WIFEXITED(status));
101 ASSERT_EQ(0, WEXITSTATUS(status));
102 }
103
104 // Then, try this in the sandbox.
105 BPF_DEATH_TEST(NaClNonSfiSandboxTest, clone_for_fork,
106 DEATH_MESSAGE(sandbox::GetCloneErrorMessageContentForTests()),
107 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
108 DoFork();
109 }
110
111 BPF_TEST(NaClNonSfiSandboxTest, prctl_SET_NAME,
112 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
113 errno = 0;
114 BPF_ASSERT_EQ(-1, syscall(__NR_prctl, PR_SET_NAME, "foo"));
115 BPF_ASSERT_EQ(EPERM, errno);
116 }
117
118 BPF_DEATH_TEST(NaClNonSfiSandboxTest, prctl_SET_DUMPABLE,
119 DEATH_MESSAGE(sandbox::GetPrctlErrorMessageContentForTests()),
120 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
121 syscall(__NR_prctl, PR_SET_DUMPABLE, 1UL);
122 }
123
124 BPF_TEST(NaClNonSfiSandboxTest, socketcall_allowed,
125 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
126 base::ScopedFD fds[2];
127 struct msghdr msg = {};
128 struct iovec iov;
129 std::string payload("foo");
130 iov.iov_base = &payload[0];
131 iov.iov_len = payload.size();
132 msg.msg_iov = &iov;
133 msg.msg_iovlen = 1;
134 DoSocketpair(fds);
135 BPF_ASSERT_EQ(static_cast<int>(payload.size()),
136 HANDLE_EINTR(sendmsg(fds[1].get(), &msg, 0)));
137 BPF_ASSERT_EQ(static_cast<int>(payload.size()),
138 HANDLE_EINTR(recvmsg(fds[0].get(), &msg, 0)));
139 BPF_ASSERT_EQ(0, shutdown(fds[0].get(), SHUT_RDWR));
140 }
141
142 BPF_DEATH_TEST(NaClNonSfiSandboxTest, accept,
143 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
144 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
145 accept(0, NULL, NULL);
146 }
147
148 BPF_DEATH_TEST(NaClNonSfiSandboxTest, bind,
149 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
150 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
151 bind(0, NULL, 0);
152 }
153
154 BPF_DEATH_TEST(NaClNonSfiSandboxTest, connect,
155 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
156 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
157 connect(0, NULL, 0);
158 }
159
160 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getpeername,
161 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
162 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
163 getpeername(0, NULL, NULL);
164 }
165
166 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getsockname,
167 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
168 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
169 getsockname(0, NULL, NULL);
170 }
171
172 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getsockopt,
173 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
174 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
175 getsockopt(0, 0, 0, NULL, NULL);
176 }
177
178 BPF_DEATH_TEST(NaClNonSfiSandboxTest, listen,
179 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
180 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
181 listen(0, 0);
182 }
183
184 BPF_DEATH_TEST(NaClNonSfiSandboxTest, recv,
185 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
186 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
187 recv(0, NULL, 0, 0);
188 }
189
190 BPF_DEATH_TEST(NaClNonSfiSandboxTest, recvfrom,
191 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
192 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
193 recvfrom(0, NULL, 0, 0, NULL, NULL);
194 }
195
196 BPF_DEATH_TEST(NaClNonSfiSandboxTest, send,
197 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
198 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
199 send(0, NULL, 0, 0);
200 }
201
202 BPF_DEATH_TEST(NaClNonSfiSandboxTest, sendto,
203 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
204 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
205 sendto(0, NULL, 0, 0, NULL, 0);
206 }
207
208 BPF_DEATH_TEST(NaClNonSfiSandboxTest, setsockopt,
209 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
210 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
211 setsockopt(0, 0, 0, NULL, 0);
212 }
213
214 BPF_DEATH_TEST(NaClNonSfiSandboxTest, socket,
215 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
216 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
217 socket(0, 0, 0);
218 }
219
220 #if defined(__x86_64__) || defined(__arm__)
221 BPF_DEATH_TEST(NaClNonSfiSandboxTest, socketpair,
222 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
223 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
224 int fds[2];
225 socketpair(AF_INET, SOCK_STREAM, 0, fds);
226 }
227 #endif
228
229 BPF_TEST(NaClNonSfiSandboxTest, fcntl_SETFD_allowed,
230 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
231 base::ScopedFD fds[2];
232 DoSocketpair(fds);
233 BPF_ASSERT_EQ(0, fcntl(fds[0].get(), F_SETFD, FD_CLOEXEC));
234 }
235
236 BPF_DEATH_TEST(NaClNonSfiSandboxTest, fcntl_SETFD,
237 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
238 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
239 base::ScopedFD fds[2];
240 DoSocketpair(fds);
241 fcntl(fds[0].get(), F_SETFD, 99);
242 }
243
244 BPF_TEST(NaClNonSfiSandboxTest, fcntl_GETFL_SETFL_allowed,
245 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
246 base::ScopedFD fds[2];
247 DoPipe(fds);
248 const int fd = fds[0].get();
249 BPF_ASSERT_EQ(0, fcntl(fd, F_GETFL));
250 BPF_ASSERT_EQ(0, fcntl(fd, F_SETFL, O_RDWR | O_NONBLOCK));
251 BPF_ASSERT_EQ(O_NONBLOCK, fcntl(fd, F_GETFL));
252 }
253
254 BPF_DEATH_TEST(NaClNonSfiSandboxTest, fcntl_GETFL_SETFL,
255 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
256 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
257 base::ScopedFD fds[2];
258 DoSocketpair(fds);
259 fcntl(fds[0].get(), F_SETFL, O_APPEND);
260 }
261
262 BPF_DEATH_TEST(NaClNonSfiSandboxTest, fcntl_DUPFD,
263 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
264 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
265 fcntl(0, F_DUPFD);
266 }
267
268 BPF_DEATH_TEST(NaClNonSfiSandboxTest, fcntl_DUPFD_CLOEXEC,
269 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
270 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
271 fcntl(0, F_DUPFD_CLOEXEC);
272 }
273
274 void* DoAllowedAnonymousMmap() {
275 return mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE,
276 MAP_ANONYMOUS | MAP_SHARED, -1, 0);
277 }
278
279 BPF_TEST(NaClNonSfiSandboxTest, mmap_allowed,
280 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
281 void* ptr = DoAllowedAnonymousMmap();
282 BPF_ASSERT_NE(MAP_FAILED, ptr);
283 BPF_ASSERT_EQ(0, munmap(ptr, getpagesize()));
284 }
285
286 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_unallowed_flag,
287 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
288 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
289 mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE,
290 MAP_ANONYMOUS | MAP_POPULATE, -1, 0);
291 }
292
293 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_unallowed_prot,
294 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
295 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
296 mmap(NULL, getpagesize(), PROT_READ | PROT_GROWSDOWN,
297 MAP_ANONYMOUS, -1, 0);
298 }
299
300 // TODO(hamaji): Disallow RWX mmap.
301 #if 0
302 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_rwx,
303 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
304 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
305 mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC,
306 MAP_ANONYMOUS, -1, 0);
307 }
308 #endif
309
310 BPF_TEST(NaClNonSfiSandboxTest, mprotect_allowed,
311 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
312 void* ptr = DoAllowedAnonymousMmap();
313 BPF_ASSERT_NE(MAP_FAILED, ptr);
314 BPF_ASSERT_EQ(0, mprotect(ptr, getpagesize(), PROT_READ));
315 BPF_ASSERT_EQ(0, munmap(ptr, getpagesize()));
316 }
317
318 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mprotect_unallowed_prot,
319 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
320 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
321 // We have tested DoAllowedAnonymousMmap is allowed in
322 // mmap_allowed, so we can make sure the following mprotect call
323 // kills the process.
324 void* ptr = DoAllowedAnonymousMmap();
325 BPF_ASSERT_NE(MAP_FAILED, ptr);
326 mprotect(ptr, getpagesize(), PROT_READ | PROT_GROWSDOWN);
327 }
328
329 BPF_TEST(NaClNonSfiSandboxTest, brk,
330 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
331 char* next_brk = static_cast<char*>(sbrk(0)) + getpagesize();
332 // The kernel interface must return zero for brk.
333 BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk));
334 // The libc wrapper translates it to ENOMEM.
335 errno = 0;
336 BPF_ASSERT_EQ(-1, brk(next_brk));
337 BPF_ASSERT_EQ(ENOMEM, errno);
338 }
339
340 #if defined(__i386__) || defined(__arm__)
341 BPF_TEST(NaClNonSfiSandboxTest, getegid32_EPERM,
342 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
343 errno = 0;
344 BPF_ASSERT_EQ(-1, syscall(__NR_getegid32));
345 BPF_ASSERT_EQ(EPERM, errno);
346 }
347
348 BPF_TEST(NaClNonSfiSandboxTest, geteuid32_EPERM,
349 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
350 errno = 0;
351 BPF_ASSERT_EQ(-1, syscall(__NR_geteuid32));
352 BPF_ASSERT_EQ(EPERM, errno);
353 }
354
355 BPF_TEST(NaClNonSfiSandboxTest, getgid32_EPERM,
356 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
357 errno = 0;
358 BPF_ASSERT_EQ(-1, syscall(__NR_getgid32));
359 BPF_ASSERT_EQ(EPERM, errno);
360 }
361
362 BPF_TEST(NaClNonSfiSandboxTest, getuid32_EPERM,
363 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
364 errno = 0;
365 BPF_ASSERT_EQ(-1, syscall(__NR_getuid32));
366 BPF_ASSERT_EQ(EPERM, errno);
367 }
368
369 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getegid_SIGSYS,
370 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
371 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
372 syscall(__NR_getegid);
373 }
374
375 BPF_DEATH_TEST(NaClNonSfiSandboxTest, geteuid_SIGSYS,
376 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
377 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
378 syscall(__NR_geteuid);
379 }
380
381 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getgid_SIGSYS,
382 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
383 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
384 syscall(__NR_getgid);
385 }
386
387 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getuid_SIGSYS,
388 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
389 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
390 syscall(__NR_getuid);
391 }
392 #endif
393
394 #if defined(__x86_64__)
395 BPF_TEST(NaClNonSfiSandboxTest, getegid_EPERM,
396 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
397 errno = 0;
398 BPF_ASSERT_EQ(-1, syscall(__NR_getegid));
399 BPF_ASSERT_EQ(EPERM, errno);
400 }
401
402 BPF_TEST(NaClNonSfiSandboxTest, geteuid_EPERM,
403 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
404 errno = 0;
405 BPF_ASSERT_EQ(-1, syscall(__NR_geteuid));
406 BPF_ASSERT_EQ(EPERM, errno);
407 }
408
409 BPF_TEST(NaClNonSfiSandboxTest, getgid_EPERM,
410 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
411 errno = 0;
412 BPF_ASSERT_EQ(-1, syscall(__NR_getgid));
413 BPF_ASSERT_EQ(EPERM, errno);
414 }
415
416 BPF_TEST(NaClNonSfiSandboxTest, getuid_EPERM,
417 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
418 errno = 0;
419 BPF_ASSERT_EQ(-1, syscall(__NR_getuid));
420 BPF_ASSERT_EQ(EPERM, errno);
421 }
422 #endif
423
424 BPF_TEST(NaClNonSfiSandboxTest, madvise_EPERM,
425 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
426 errno = 0;
427 BPF_ASSERT_EQ(-1, syscall(__NR_madvise));
428 BPF_ASSERT_EQ(EPERM, errno);
429 }
430
431 BPF_TEST(NaClNonSfiSandboxTest, open_EPERM,
432 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
433 errno = 0;
434 BPF_ASSERT_EQ(-1, syscall(__NR_open));
435 BPF_ASSERT_EQ(EPERM, errno);
436 }
437
438 BPF_TEST(NaClNonSfiSandboxTest, ptrace_EPERM,
439 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
440 errno = 0;
441 BPF_ASSERT_EQ(-1, syscall(__NR_ptrace));
442 BPF_ASSERT_EQ(EPERM, errno);
443 }
444
445 BPF_TEST(NaClNonSfiSandboxTest, set_robust_list_EPERM,
446 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
447 errno = 0;
448 BPF_ASSERT_EQ(-1, syscall(__NR_set_robust_list));
449 BPF_ASSERT_EQ(EPERM, errno);
450 }
451
452 #if defined(__i386__) || defined(__x86_64__)
453 BPF_TEST(NaClNonSfiSandboxTest, time_EPERM,
454 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
455 errno = 0;
456 BPF_ASSERT_EQ(-1, syscall(__NR_time));
457 BPF_ASSERT_EQ(EPERM, errno);
458 }
459 #endif
460
461 } // namespace
OLDNEW
« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc ('k') | sandbox/linux/sandbox_linux.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698