Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(936)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

Issue 11573030: Revert 173064 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/sandbox_linux.gypi ('k') | sandbox/linux/services/broker_process.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
===================================================================
--- sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc (revision 173064)
+++ sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc (working copy)
@@ -7,14 +7,11 @@
#include <ostream>
-#include "base/memory/scoped_ptr.h"
#include "sandbox/linux/seccomp-bpf/bpf_tests.h"
#include "sandbox/linux/seccomp-bpf/verifier.h"
-#include "sandbox/linux/services/broker_process.h"
#include "testing/gtest/include/gtest/gtest.h"
using namespace playground2;
-using sandbox::BrokerProcess;
namespace {
@@ -483,101 +480,4 @@
BPF_ASSERT(errno == 0);
}
-// Test a trap handler that makes use of a broker process to open().
-
-class InitializedOpenBroker {
- public:
- InitializedOpenBroker() : initialized_(false) {
- std::vector<std::string> allowed_files;
- allowed_files.push_back("/proc/allowed");
- allowed_files.push_back("/proc/cpuinfo");
-
- broker_process_.reset(new BrokerProcess(allowed_files,
- std::vector<std::string>()));
- BPF_ASSERT(broker_process() != NULL);
- BPF_ASSERT(broker_process_->Init(NULL));
-
- initialized_ = true;
- }
- bool initialized() { return initialized_; }
- class BrokerProcess* broker_process() { return broker_process_.get(); }
- private:
- bool initialized_;
- scoped_ptr<class BrokerProcess> broker_process_;
- DISALLOW_COPY_AND_ASSIGN(InitializedOpenBroker);
-};
-
-intptr_t BrokerOpenTrapHandler(const struct arch_seccomp_data& args,
- void *aux) {
- BPF_ASSERT(aux);
- BrokerProcess* broker_process = static_cast<BrokerProcess*>(aux);
- switch(args.nr) {
- case __NR_open:
- return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
- static_cast<int>(args.args[1]));
- case __NR_openat:
- // We only call open() so if we arrive here, it's because glibc uses
- // the openat() system call.
- BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD);
- return broker_process->Open(reinterpret_cast<const char*>(args.args[1]),
- static_cast<int>(args.args[2]));
- default:
- BPF_ASSERT(false);
- return -ENOSYS;
- }
-}
-
-ErrorCode DenyOpenPolicy(int sysno, void *aux) {
- InitializedOpenBroker* iob = static_cast<InitializedOpenBroker*>(aux);
- if (!Sandbox::isValidSyscallNumber(sysno)) {
- return ErrorCode(ENOSYS);
- }
-
- switch (sysno) {
- case __NR_open:
- case __NR_openat:
- // We get a InitializedOpenBroker class, but our trap handler wants
- // the BrokerProcess object.
- return ErrorCode(Sandbox::Trap(BrokerOpenTrapHandler,
- iob->broker_process()));
- default:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
- }
-}
-
-// We use a InitializedOpenBroker class, so that we can run unsandboxed
-// code in its constructor, which is the only way to do so in a BPF_TEST.
-BPF_TEST(SandboxBpf, UseOpenBroker, DenyOpenPolicy,
- InitializedOpenBroker /* BPF_AUX */) {
- BPF_ASSERT(BPF_AUX.initialized());
- BrokerProcess* broker_process = BPF_AUX.broker_process();
- BPF_ASSERT(broker_process != NULL);
-
- // First, use the broker "manually"
- BPF_ASSERT(broker_process->Open("/proc/denied", O_RDONLY) == -EPERM);
- BPF_ASSERT(broker_process->Open("/proc/allowed", O_RDONLY) == -ENOENT);
-
- // Now use glibc's open() as an external library would.
- BPF_ASSERT(open("/proc/denied", O_RDONLY) == -1);
- BPF_ASSERT(errno == EPERM);
-
- BPF_ASSERT(open("/proc/allowed", O_RDONLY) == -1);
- BPF_ASSERT(errno == ENOENT);
-
- // Also test glibc's openat(), some versions of libc use it transparently
- // instead of open().
- BPF_ASSERT(openat(AT_FDCWD, "/proc/denied", O_RDONLY) == -1);
- BPF_ASSERT(errno == EPERM);
-
- BPF_ASSERT(openat(AT_FDCWD, "/proc/allowed", O_RDONLY) == -1);
- BPF_ASSERT(errno == ENOENT);
-
-
- // This is also white listed and does exist.
- int cpu_info_fd = open("/proc/cpuinfo", O_RDONLY);
- BPF_ASSERT(cpu_info_fd >= 0);
- char buf[1024];
- BPF_ASSERT(read(cpu_info_fd, buf, sizeof(buf)) > 0);
-}
-
} // namespace
« no previous file with comments | « sandbox/linux/sandbox_linux.gypi ('k') | sandbox/linux/services/broker_process.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698