Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(956)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc

Issue 1295513003: Non-SFI mode: Sandbox support for NaCl async-signals. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Added a const Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
index 4338fb6fe295555f5f63aa4014aa9b78124f87bc..102f5faa1416243af9200d4ab1284e13a70ac002 100644
--- a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
@@ -641,6 +641,73 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
sandbox::Syscall::InvalidCall();
}
+// The following tests check for several restrictions in tgkill(). A delegate is
+// needed to be able to call getpid() from inside the process that will be
+// sandboxed, but before the sandbox is installed.
+template<void(*callback)(int pid, int tid)>
+class TgkillDelegate : public sandbox::BPFTesterDelegate {
+ public:
+ TgkillDelegate() {}
+ ~TgkillDelegate() override {}
+
+ scoped_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override {
+ // These two values must be obtained when running in the sandboxed process.
+ // They cannot be set in the constructor and are also not available from
+ // within |RunTestFunction|.
+ pid_ = getpid();
+ tid_ = syscall(__NR_gettid);
+
+ return scoped_ptr<sandbox::bpf_dsl::Policy>(
+ new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy());
+ }
+
+ void RunTestFunction() override {
+ callback(pid_, tid_);
+ }
+
+ int pid_;
+ int tid_;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(TgkillDelegate);
+};
+
+void BPF_TEST_D_tgkill_with_invalid_signal(int pid, int tid) {
+ syscall(__NR_tgkill, pid, tid, SIGKILL);
+}
+
+BPF_DEATH_TEST_D(NaClNonSfiSandboxTest,
+ tgkill_with_invalid_signal,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ TgkillDelegate<BPF_TEST_D_tgkill_with_invalid_signal>);
+
+void BPF_TEST_D_tgkill_with_invalid_tgid(int pid, int tid) {
+ syscall(__NR_tgkill, 1, tid, LINUX_SIGUSR1);
+}
+
+BPF_DEATH_TEST_D(NaClNonSfiSandboxTest,
+ tgkill_with_invalid_tgid,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ TgkillDelegate<BPF_TEST_D_tgkill_with_invalid_tgid>);
+
+void BPF_TEST_D_tgkill_with_negative_tgid(int pid, int tid) {
+ syscall(__NR_tgkill, pid, -1, LINUX_SIGUSR1);
+}
+
+BPF_DEATH_TEST_D(NaClNonSfiSandboxTest,
+ tgkill_with_negative_tgid,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ TgkillDelegate<BPF_TEST_D_tgkill_with_negative_tgid>);
+
+void BPF_TEST_D_tgkill_with_invalid_tid(int pid, int tid) {
+ BPF_ASSERT_EQ(-1, syscall(__NR_tgkill, pid, 1, LINUX_SIGUSR1));
+ BPF_ASSERT_EQ(ESRCH, errno);
+}
+
+BPF_TEST_D(NaClNonSfiSandboxTest,
+ tgkill_with_invalid_tid,
+ TgkillDelegate<BPF_TEST_D_tgkill_with_invalid_tid>);
+
// The following test cases check if syscalls return EPERM regardless
// of arguments.
#define RESTRICT_SYSCALL_EPERM_TEST(name) \
« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698