| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. | 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. |
| 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ | 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ |
| 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) | 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) |
| 8 | 8 |
| 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
| 10 | 10 |
| (...skipping 623 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 634 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); | 634 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); |
| 635 } | 635 } |
| 636 | 636 |
| 637 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 637 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 638 invalid_syscall_crash, | 638 invalid_syscall_crash, |
| 639 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 639 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 640 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 640 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 641 sandbox::Syscall::InvalidCall(); | 641 sandbox::Syscall::InvalidCall(); |
| 642 } | 642 } |
| 643 | 643 |
| 644 // The following tests check for several restrictions in tgkill(). A delegate is |
| 645 // needed to be able to call getpid() from inside the process that will be |
| 646 // sandboxed, but before the sandbox is installed. |
| 647 template<void(*callback)(int pid, int tid)> |
| 648 class TgkillDelegate : public sandbox::BPFTesterDelegate { |
| 649 public: |
| 650 TgkillDelegate() {} |
| 651 ~TgkillDelegate() override {} |
| 652 |
| 653 scoped_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override { |
| 654 // These two values must be obtained when running in the sandboxed process. |
| 655 // They cannot be set in the constructor and are also not available from |
| 656 // within |RunTestFunction|. |
| 657 pid_ = getpid(); |
| 658 tid_ = syscall(__NR_gettid); |
| 659 |
| 660 return scoped_ptr<sandbox::bpf_dsl::Policy>( |
| 661 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy()); |
| 662 } |
| 663 |
| 664 void RunTestFunction() override { |
| 665 callback(pid_, tid_); |
| 666 } |
| 667 |
| 668 int pid_; |
| 669 int tid_; |
| 670 |
| 671 private: |
| 672 DISALLOW_COPY_AND_ASSIGN(TgkillDelegate); |
| 673 }; |
| 674 |
| 675 void BPF_TEST_D_tgkill_with_invalid_signal(int pid, int tid) { |
| 676 syscall(__NR_tgkill, pid, tid, SIGKILL); |
| 677 } |
| 678 |
| 679 BPF_DEATH_TEST_D(NaClNonSfiSandboxTest, |
| 680 tgkill_with_invalid_signal, |
| 681 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 682 TgkillDelegate<BPF_TEST_D_tgkill_with_invalid_signal>); |
| 683 |
| 684 void BPF_TEST_D_tgkill_with_invalid_tgid(int pid, int tid) { |
| 685 syscall(__NR_tgkill, 1, tid, LINUX_SIGUSR1); |
| 686 } |
| 687 |
| 688 BPF_DEATH_TEST_D(NaClNonSfiSandboxTest, |
| 689 tgkill_with_invalid_tgid, |
| 690 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 691 TgkillDelegate<BPF_TEST_D_tgkill_with_invalid_tgid>); |
| 692 |
| 693 void BPF_TEST_D_tgkill_with_negative_tgid(int pid, int tid) { |
| 694 syscall(__NR_tgkill, pid, -1, LINUX_SIGUSR1); |
| 695 } |
| 696 |
| 697 BPF_DEATH_TEST_D(NaClNonSfiSandboxTest, |
| 698 tgkill_with_negative_tgid, |
| 699 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 700 TgkillDelegate<BPF_TEST_D_tgkill_with_negative_tgid>); |
| 701 |
| 702 void BPF_TEST_D_tgkill_with_invalid_tid(int pid, int tid) { |
| 703 BPF_ASSERT_EQ(-1, syscall(__NR_tgkill, pid, 1, LINUX_SIGUSR1)); |
| 704 BPF_ASSERT_EQ(ESRCH, errno); |
| 705 } |
| 706 |
| 707 BPF_TEST_D(NaClNonSfiSandboxTest, |
| 708 tgkill_with_invalid_tid, |
| 709 TgkillDelegate<BPF_TEST_D_tgkill_with_invalid_tid>); |
| 710 |
| 644 // The following test cases check if syscalls return EPERM regardless | 711 // The following test cases check if syscalls return EPERM regardless |
| 645 // of arguments. | 712 // of arguments. |
| 646 #define RESTRICT_SYSCALL_EPERM_TEST(name) \ | 713 #define RESTRICT_SYSCALL_EPERM_TEST(name) \ |
| 647 BPF_TEST_C(NaClNonSfiSandboxTest, \ | 714 BPF_TEST_C(NaClNonSfiSandboxTest, \ |
| 648 name##_EPERM, \ | 715 name##_EPERM, \ |
| 649 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { \ | 716 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { \ |
| 650 errno = 0; \ | 717 errno = 0; \ |
| 651 BPF_ASSERT_EQ(-1, syscall(__NR_##name, 0, 0, 0, 0, 0, 0)); \ | 718 BPF_ASSERT_EQ(-1, syscall(__NR_##name, 0, 0, 0, 0, 0, 0)); \ |
| 652 BPF_ASSERT_EQ(EPERM, errno); \ | 719 BPF_ASSERT_EQ(EPERM, errno); \ |
| 653 } | 720 } |
| (...skipping 15 matching lines...) Expand all Loading... |
| 669 RESTRICT_SYSCALL_EPERM_TEST(ptrace); | 736 RESTRICT_SYSCALL_EPERM_TEST(ptrace); |
| 670 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); | 737 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); |
| 671 #if defined(__i386__) || defined(__x86_64__) | 738 #if defined(__i386__) || defined(__x86_64__) |
| 672 RESTRICT_SYSCALL_EPERM_TEST(time); | 739 RESTRICT_SYSCALL_EPERM_TEST(time); |
| 673 #endif | 740 #endif |
| 674 | 741 |
| 675 } // namespace | 742 } // namespace |
| 676 | 743 |
| 677 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && | 744 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && |
| 678 // !MEMORY_SANITIZER && !LEAK_SANITIZER | 745 // !MEMORY_SANITIZER && !LEAK_SANITIZER |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1295513003:
Non-SFI mode: Sandbox support for NaCl async-signals. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master