Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(236)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc

Issue 1001833005: Update from https://crrev.com/320343 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Supress Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/verifier.cc ('k') | sandbox/linux/sandbox_linux.gypi » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <errno.h> 5 #include <errno.h>
6 #include <fcntl.h> 6 #include <fcntl.h>
7 #include <pthread.h> 7 #include <pthread.h>
8 #include <sched.h> 8 #include <sched.h>
9 #include <signal.h> 9 #include <signal.h>
10 #include <sys/prctl.h> 10 #include <sys/prctl.h>
(...skipping 539 matching lines...) Expand 10 before | Expand all | Expand 10 after
550 BPF_ASSERT(*BPF_AUX == 3); 550 BPF_ASSERT(*BPF_AUX == 3);
551 BPF_ASSERT(*name); 551 BPF_ASSERT(*name);
552 } 552 }
553 553
554 SANDBOX_TEST(SandboxBPF, EnableUnsafeTrapsInSigSysHandler) { 554 SANDBOX_TEST(SandboxBPF, EnableUnsafeTrapsInSigSysHandler) {
555 // Disabling warning messages that could confuse our test framework. 555 // Disabling warning messages that could confuse our test framework.
556 setenv(kSandboxDebuggingEnv, "t", 0); 556 setenv(kSandboxDebuggingEnv, "t", 0);
557 Die::SuppressInfoMessages(true); 557 Die::SuppressInfoMessages(true);
558 558
559 unsetenv(kSandboxDebuggingEnv); 559 unsetenv(kSandboxDebuggingEnv);
560 SANDBOX_ASSERT(Trap::EnableUnsafeTrapsInSigSysHandler() == false); 560 SANDBOX_ASSERT(Trap::Registry()->EnableUnsafeTraps() == false);
561 setenv(kSandboxDebuggingEnv, "", 1); 561 setenv(kSandboxDebuggingEnv, "", 1);
562 SANDBOX_ASSERT(Trap::EnableUnsafeTrapsInSigSysHandler() == false); 562 SANDBOX_ASSERT(Trap::Registry()->EnableUnsafeTraps() == false);
563 setenv(kSandboxDebuggingEnv, "t", 1); 563 setenv(kSandboxDebuggingEnv, "t", 1);
564 SANDBOX_ASSERT(Trap::EnableUnsafeTrapsInSigSysHandler() == true); 564 SANDBOX_ASSERT(Trap::Registry()->EnableUnsafeTraps() == true);
565 } 565 }
566 566
567 intptr_t PrctlHandler(const struct arch_seccomp_data& args, void*) { 567 intptr_t PrctlHandler(const struct arch_seccomp_data& args, void*) {
568 if (args.args[0] == PR_CAPBSET_DROP && static_cast<int>(args.args[1]) == -1) { 568 if (args.args[0] == PR_CAPBSET_DROP && static_cast<int>(args.args[1]) == -1) {
569 // prctl(PR_CAPBSET_DROP, -1) is never valid. The kernel will always 569 // prctl(PR_CAPBSET_DROP, -1) is never valid. The kernel will always
570 // return an error. But our handler allows this call. 570 // return an error. But our handler allows this call.
571 return 0; 571 return 0;
572 } else { 572 } else {
573 return SandboxBPF::ForwardSyscall(args); 573 return SandboxBPF::ForwardSyscall(args);
574 } 574 }
(...skipping 1675 matching lines...) Expand 10 before | Expand all | Expand 10 after
2250 BPF_ASSERT_EQ(ENOSYS, errno); 2250 BPF_ASSERT_EQ(ENOSYS, errno);
2251 2251
2252 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); 2252 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300));
2253 BPF_ASSERT_EQ(EPERM, errno); 2253 BPF_ASSERT_EQ(EPERM, errno);
2254 } 2254 }
2255 2255
2256 } // namespace 2256 } // namespace
2257 2257
2258 } // namespace bpf_dsl 2258 } // namespace bpf_dsl
2259 } // namespace sandbox 2259 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/bpf_dsl/verifier.cc ('k') | sandbox/linux/sandbox_linux.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698