OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
| 5 #include <pthread.h> |
| 6 #include <sched.h> |
5 #include <sys/syscall.h> | 7 #include <sys/syscall.h> |
6 #include <sys/utsname.h> | 8 #include <sys/utsname.h> |
7 | 9 |
8 #include <ostream> | 10 #include <ostream> |
9 | 11 |
10 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
11 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 13 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
12 #include "sandbox/linux/seccomp-bpf/syscall.h" | 14 #include "sandbox/linux/seccomp-bpf/syscall.h" |
13 #include "sandbox/linux/seccomp-bpf/trap.h" | 15 #include "sandbox/linux/seccomp-bpf/trap.h" |
14 #include "sandbox/linux/seccomp-bpf/verifier.h" | 16 #include "sandbox/linux/seccomp-bpf/verifier.h" |
(...skipping 965 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
980 BPF_DEATH_TEST(SandboxBpf, EqualityWithNegative64bitArguments, | 982 BPF_DEATH_TEST(SandboxBpf, EqualityWithNegative64bitArguments, |
981 DEATH_MESSAGE("Unexpected 64bit argument detected"), | 983 DEATH_MESSAGE("Unexpected 64bit argument detected"), |
982 EqualityWithNegativeArgumentsPolicy) { | 984 EqualityWithNegativeArgumentsPolicy) { |
983 // When expecting a 32bit system call argument, we look at the MSB of the | 985 // When expecting a 32bit system call argument, we look at the MSB of the |
984 // 64bit value and allow both "0" and "-1". But the latter is allowed only | 986 // 64bit value and allow both "0" and "-1". But the latter is allowed only |
985 // iff the LSB was negative. So, this death test should error out. | 987 // iff the LSB was negative. So, this death test should error out. |
986 BPF_ASSERT(SandboxSyscall(__NR_uname, 0xFFFFFFFF00000000ll) == -1); | 988 BPF_ASSERT(SandboxSyscall(__NR_uname, 0xFFFFFFFF00000000ll) == -1); |
987 } | 989 } |
988 #endif | 990 #endif |
989 | 991 |
| 992 intptr_t PthreadTrapHandler(const struct arch_seccomp_data& args, void *aux) { |
| 993 printf("Clone() was called with unexpected arguments\n" |
| 994 " nr: %d\n" |
| 995 " 0: 0x%llX\n" |
| 996 " 1: 0x%llX\n" |
| 997 " 2: 0x%llX\n" |
| 998 " 3: 0x%llX\n" |
| 999 " 4: 0x%llX\n" |
| 1000 " 5: 0x%llX\n", |
| 1001 args.nr, |
| 1002 (long long)args.args[0], (long long)args.args[1], |
| 1003 (long long)args.args[2], (long long)args.args[2], |
| 1004 (long long)args.args[4], (long long)args.args[5]); |
| 1005 return -EPERM; |
| 1006 } |
| 1007 |
| 1008 ErrorCode PthreadPolicy(int sysno, void *aux) { |
| 1009 if (!Sandbox::IsValidSyscallNumber(sysno)) { |
| 1010 // FIXME: we should really not have to do that in a trivial policy |
| 1011 return ErrorCode(ENOSYS); |
| 1012 } else if (sysno == __NR_clone) { |
| 1013 // We have seen two different valid combinations of flags. Glibc |
| 1014 // uses the more modern flags, sets the TLS from the call to clone(), and |
| 1015 // uses futexes to monitor threads. Android's C run-time library, doesn't |
| 1016 // do any of this, but it sets the obsolete (and no-op) CLONE_DETACHED. |
| 1017 return Sandbox::Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 1018 CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND| |
| 1019 CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS| |
| 1020 CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, |
| 1021 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 1022 Sandbox::Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 1023 CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND| |
| 1024 CLONE_THREAD|CLONE_SYSVSEM|CLONE_DETACHED, |
| 1025 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 1026 Sandbox::Trap(PthreadTrapHandler, aux))); |
| 1027 } else { |
| 1028 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 1029 } |
| 1030 } |
| 1031 |
| 1032 static void *ThreadFnc(void *arg) { |
| 1033 ++*reinterpret_cast<int *>(arg); |
| 1034 return NULL; |
| 1035 } |
| 1036 |
| 1037 BPF_TEST(SandboxBpf, Pthread, PthreadPolicy) { |
| 1038 pthread_t thread; |
| 1039 int thread_ran = 0; |
| 1040 BPF_ASSERT(!pthread_create(&thread, NULL, ThreadFnc, &thread_ran)); |
| 1041 BPF_ASSERT(!pthread_join(thread, NULL)); |
| 1042 BPF_ASSERT(thread_ran); |
| 1043 } |
| 1044 |
990 } // namespace | 1045 } // namespace |
OLD | NEW |