OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <sched.h> | 8 #include <sched.h> |
9 #include <sys/resource.h> | 9 #include <sys/resource.h> |
10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
11 #include <sys/types.h> | 11 #include <sys/types.h> |
12 #include <time.h> | 12 #include <time.h> |
13 #include <unistd.h> | 13 #include <unistd.h> |
14 | 14 |
15 #include "base/bind.h" | 15 #include "base/bind.h" |
16 #include "base/synchronization/waitable_event.h" | 16 #include "base/synchronization/waitable_event.h" |
17 #include "base/sys_info.h" | 17 #include "base/sys_info.h" |
18 #include "base/threading/thread.h" | 18 #include "base/threading/thread.h" |
19 #include "base/time/time.h" | 19 #include "base/time/time.h" |
20 #include "build/build_config.h" | 20 #include "build/build_config.h" |
21 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 21 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
22 #include "sandbox/linux/bpf_dsl/policy.h" | 22 #include "sandbox/linux/bpf_dsl/policy.h" |
23 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 23 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
24 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 24 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
25 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 25 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
26 #include "sandbox/linux/seccomp-bpf/syscall.h" | 26 #include "sandbox/linux/seccomp-bpf/syscall.h" |
27 #include "sandbox/linux/services/syscall_wrappers.h" | 27 #include "sandbox/linux/services/syscall_wrappers.h" |
28 #include "sandbox/linux/system_headers/linux_syscalls.h" | 28 #include "sandbox/linux/system_headers/linux_syscalls.h" |
| 29 #include "sandbox/linux/system_headers/linux_time.h" |
29 #include "sandbox/linux/tests/unit_tests.h" | 30 #include "sandbox/linux/tests/unit_tests.h" |
30 | 31 |
31 #if !defined(OS_ANDROID) | 32 #if !defined(OS_ANDROID) |
32 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK | 33 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK |
33 #endif | 34 #endif |
34 | 35 |
35 namespace sandbox { | 36 namespace sandbox { |
36 | 37 |
37 namespace { | 38 namespace { |
38 | 39 |
(...skipping 14 matching lines...) Expand all Loading... |
53 case __NR_clock_getres: | 54 case __NR_clock_getres: |
54 return RestrictClockID(); | 55 return RestrictClockID(); |
55 default: | 56 default: |
56 return Allow(); | 57 return Allow(); |
57 } | 58 } |
58 } | 59 } |
59 }; | 60 }; |
60 | 61 |
61 void CheckClock(clockid_t clockid) { | 62 void CheckClock(clockid_t clockid) { |
62 struct timespec ts; | 63 struct timespec ts; |
63 ts.tv_sec = ts.tv_nsec = -1; | 64 ts.tv_sec = -1; |
| 65 ts.tv_nsec = -1; |
| 66 BPF_ASSERT_EQ(0, clock_getres(clockid, &ts)); |
| 67 BPF_ASSERT_EQ(0, ts.tv_sec); |
| 68 BPF_ASSERT_LE(0, ts.tv_nsec); |
| 69 ts.tv_sec = -1; |
| 70 ts.tv_nsec = -1; |
64 BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); | 71 BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); |
65 BPF_ASSERT_LE(0, ts.tv_sec); | 72 BPF_ASSERT_LE(0, ts.tv_sec); |
66 BPF_ASSERT_LE(0, ts.tv_nsec); | 73 BPF_ASSERT_LE(0, ts.tv_nsec); |
67 } | 74 } |
68 | 75 |
69 BPF_TEST_C(ParameterRestrictions, | 76 BPF_TEST_C(ParameterRestrictions, |
70 clock_gettime_allowed, | 77 clock_gettime_allowed, |
71 RestrictClockIdPolicy) { | 78 RestrictClockIdPolicy) { |
72 CheckClock(CLOCK_MONOTONIC); | 79 CheckClock(CLOCK_MONOTONIC); |
| 80 CheckClock(CLOCK_MONOTONIC_COARSE); |
73 CheckClock(CLOCK_PROCESS_CPUTIME_ID); | 81 CheckClock(CLOCK_PROCESS_CPUTIME_ID); |
74 CheckClock(CLOCK_REALTIME); | 82 CheckClock(CLOCK_REALTIME); |
| 83 CheckClock(CLOCK_REALTIME_COARSE); |
75 CheckClock(CLOCK_THREAD_CPUTIME_ID); | 84 CheckClock(CLOCK_THREAD_CPUTIME_ID); |
76 } | 85 } |
77 | 86 |
78 BPF_DEATH_TEST_C(ParameterRestrictions, | 87 BPF_DEATH_TEST_C(ParameterRestrictions, |
79 clock_gettime_crash_monotonic_raw, | 88 clock_gettime_crash_monotonic_raw, |
80 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 89 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
81 RestrictClockIdPolicy) { | 90 RestrictClockIdPolicy) { |
82 struct timespec ts; | 91 struct timespec ts; |
83 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); | 92 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); |
84 } | 93 } |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
264 getrusage_crash_not_self, | 273 getrusage_crash_not_self, |
265 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 274 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
266 RestrictGetrusagePolicy) { | 275 RestrictGetrusagePolicy) { |
267 struct rusage usage; | 276 struct rusage usage; |
268 getrusage(RUSAGE_CHILDREN, &usage); | 277 getrusage(RUSAGE_CHILDREN, &usage); |
269 } | 278 } |
270 | 279 |
271 } // namespace | 280 } // namespace |
272 | 281 |
273 } // namespace sandbox | 282 } // namespace sandbox |
OLD | NEW |