| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <sched.h> | 8 #include <sched.h> |
| 9 #include <sys/resource.h> | 9 #include <sys/resource.h> |
| 10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
| 11 #include <sys/types.h> | 11 #include <sys/types.h> |
| 12 #include <time.h> | 12 #include <time.h> |
| 13 #include <unistd.h> | 13 #include <unistd.h> |
| 14 | 14 |
| 15 #include "base/bind.h" | 15 #include "base/bind.h" |
| 16 #include "base/synchronization/waitable_event.h" | 16 #include "base/synchronization/waitable_event.h" |
| 17 #include "base/sys_info.h" | 17 #include "base/sys_info.h" |
| 18 #include "base/threading/thread.h" | 18 #include "base/threading/thread.h" |
| 19 #include "base/time/time.h" | 19 #include "base/time/time.h" |
| 20 #include "build/build_config.h" | 20 #include "build/build_config.h" |
| 21 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 21 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 22 #include "sandbox/linux/bpf_dsl/policy.h" | 22 #include "sandbox/linux/bpf_dsl/policy.h" |
| 23 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 23 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 24 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 24 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 25 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 25 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 26 #include "sandbox/linux/seccomp-bpf/syscall.h" | 26 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 27 #include "sandbox/linux/services/syscall_wrappers.h" | 27 #include "sandbox/linux/services/syscall_wrappers.h" |
| 28 #include "sandbox/linux/system_headers/linux_syscalls.h" | 28 #include "sandbox/linux/system_headers/linux_syscalls.h" |
| 29 #include "sandbox/linux/system_headers/linux_time.h" |
| 29 #include "sandbox/linux/tests/unit_tests.h" | 30 #include "sandbox/linux/tests/unit_tests.h" |
| 30 | 31 |
| 31 #if !defined(OS_ANDROID) | 32 #if !defined(OS_ANDROID) |
| 32 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK | 33 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK |
| 33 #endif | 34 #endif |
| 34 | 35 |
| 35 namespace sandbox { | 36 namespace sandbox { |
| 36 | 37 |
| 37 namespace { | 38 namespace { |
| 38 | 39 |
| (...skipping 14 matching lines...) Expand all Loading... |
| 53 case __NR_clock_getres: | 54 case __NR_clock_getres: |
| 54 return RestrictClockID(); | 55 return RestrictClockID(); |
| 55 default: | 56 default: |
| 56 return Allow(); | 57 return Allow(); |
| 57 } | 58 } |
| 58 } | 59 } |
| 59 }; | 60 }; |
| 60 | 61 |
| 61 void CheckClock(clockid_t clockid) { | 62 void CheckClock(clockid_t clockid) { |
| 62 struct timespec ts; | 63 struct timespec ts; |
| 63 ts.tv_sec = ts.tv_nsec = -1; | 64 ts.tv_sec = -1; |
| 65 ts.tv_nsec = -1; |
| 66 BPF_ASSERT_EQ(0, clock_getres(clockid, &ts)); |
| 67 BPF_ASSERT_EQ(0, ts.tv_sec); |
| 68 BPF_ASSERT_LE(0, ts.tv_nsec); |
| 69 ts.tv_sec = -1; |
| 70 ts.tv_nsec = -1; |
| 64 BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); | 71 BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); |
| 65 BPF_ASSERT_LE(0, ts.tv_sec); | 72 BPF_ASSERT_LE(0, ts.tv_sec); |
| 66 BPF_ASSERT_LE(0, ts.tv_nsec); | 73 BPF_ASSERT_LE(0, ts.tv_nsec); |
| 67 } | 74 } |
| 68 | 75 |
| 69 BPF_TEST_C(ParameterRestrictions, | 76 BPF_TEST_C(ParameterRestrictions, |
| 70 clock_gettime_allowed, | 77 clock_gettime_allowed, |
| 71 RestrictClockIdPolicy) { | 78 RestrictClockIdPolicy) { |
| 72 CheckClock(CLOCK_MONOTONIC); | 79 CheckClock(CLOCK_MONOTONIC); |
| 80 CheckClock(CLOCK_MONOTONIC_COARSE); |
| 73 CheckClock(CLOCK_PROCESS_CPUTIME_ID); | 81 CheckClock(CLOCK_PROCESS_CPUTIME_ID); |
| 74 CheckClock(CLOCK_REALTIME); | 82 CheckClock(CLOCK_REALTIME); |
| 83 CheckClock(CLOCK_REALTIME_COARSE); |
| 75 CheckClock(CLOCK_THREAD_CPUTIME_ID); | 84 CheckClock(CLOCK_THREAD_CPUTIME_ID); |
| 76 } | 85 } |
| 77 | 86 |
| 78 BPF_DEATH_TEST_C(ParameterRestrictions, | 87 BPF_DEATH_TEST_C(ParameterRestrictions, |
| 79 clock_gettime_crash_monotonic_raw, | 88 clock_gettime_crash_monotonic_raw, |
| 80 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 89 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 81 RestrictClockIdPolicy) { | 90 RestrictClockIdPolicy) { |
| 82 struct timespec ts; | 91 struct timespec ts; |
| 83 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); | 92 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); |
| 84 } | 93 } |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 264 getrusage_crash_not_self, | 273 getrusage_crash_not_self, |
| 265 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 274 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 266 RestrictGetrusagePolicy) { | 275 RestrictGetrusagePolicy) { |
| 267 struct rusage usage; | 276 struct rusage usage; |
| 268 getrusage(RUSAGE_CHILDREN, &usage); | 277 getrusage(RUSAGE_CHILDREN, &usage); |
| 269 } | 278 } |
| 270 | 279 |
| 271 } // namespace | 280 } // namespace |
| 272 | 281 |
| 273 } // namespace sandbox | 282 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1133653002:
Allow coarse clocks in clock_get{res,time} calls. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master