Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(236)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc

Issue 1302043002: sandbox/linux: refactor bpf_dsl dependency on die.h (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Change default panic behavior to simply Kill Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl.cc ('k') | sandbox/linux/bpf_dsl/policy_compiler.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <netinet/in.h> 9 #include <netinet/in.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 } 127 }
128 128
129 void ExpectAllow(const struct arch_seccomp_data& data) const { 129 void ExpectAllow(const struct arch_seccomp_data& data) const {
130 EXPECT_EQ(SECCOMP_RET_ALLOW, Emulate(data)); 130 EXPECT_EQ(SECCOMP_RET_ALLOW, Emulate(data));
131 } 131 }
132 132
133 void ExpectErrno(uint16_t err, const struct arch_seccomp_data& data) const { 133 void ExpectErrno(uint16_t err, const struct arch_seccomp_data& data) const {
134 EXPECT_EQ(SECCOMP_RET_ERRNO | err, Emulate(data)); 134 EXPECT_EQ(SECCOMP_RET_ERRNO | err, Emulate(data));
135 } 135 }
136 136
137 void ExpectKill(const struct arch_seccomp_data& data) const {
138 EXPECT_EQ(SECCOMP_RET_KILL, Emulate(data));
139 }
140
137 private: 141 private:
138 CodeGen::Program program_; 142 CodeGen::Program program_;
139 FakeTrapRegistry traps_; 143 FakeTrapRegistry traps_;
140 144
141 DISALLOW_COPY_AND_ASSIGN(PolicyEmulator); 145 DISALLOW_COPY_AND_ASSIGN(PolicyEmulator);
142 }; 146 };
143 147
144 class BasicPolicy : public Policy { 148 class BasicPolicy : public Policy {
145 public: 149 public:
146 BasicPolicy() {} 150 BasicPolicy() {}
147 ~BasicPolicy() override {} 151 ~BasicPolicy() override {}
148 ResultExpr EvaluateSyscall(int sysno) const override { 152 ResultExpr EvaluateSyscall(int sysno) const override {
149 if (sysno == __NR_getpgid) { 153 if (sysno == __NR_getpgid) {
150 const Arg<pid_t> pid(0); 154 const Arg<pid_t> pid(0);
151 return If(pid == 0, Error(EPERM)).Else(Error(EINVAL)); 155 return If(pid == 0, Error(EPERM)).Else(Error(EINVAL));
152 } 156 }
153 if (sysno == __NR_setuid) { 157 if (sysno == __NR_setuid) {
154 const Arg<uid_t> uid(0); 158 const Arg<uid_t> uid(0);
155 return If(uid != 42, Error(ESRCH)).Else(Error(ENOMEM)); 159 return If(uid != 42, Kill()).Else(Allow());
156 } 160 }
157 return Allow(); 161 return Allow();
158 } 162 }
159 163
160 private: 164 private:
161 DISALLOW_COPY_AND_ASSIGN(BasicPolicy); 165 DISALLOW_COPY_AND_ASSIGN(BasicPolicy);
162 }; 166 };
163 167
164 TEST(BPFDSL, Basic) { 168 TEST(BPFDSL, Basic) {
165 BasicPolicy policy; 169 BasicPolicy policy;
166 PolicyEmulator emulator(&policy); 170 PolicyEmulator emulator(&policy);
167 171
168 emulator.ExpectErrno(EPERM, FakeSyscall(__NR_getpgid, 0)); 172 emulator.ExpectErrno(EPERM, FakeSyscall(__NR_getpgid, 0));
169 emulator.ExpectErrno(EINVAL, FakeSyscall(__NR_getpgid, 1)); 173 emulator.ExpectErrno(EINVAL, FakeSyscall(__NR_getpgid, 1));
170 174
171 emulator.ExpectErrno(ENOMEM, FakeSyscall(__NR_setuid, 42)); 175 emulator.ExpectAllow(FakeSyscall(__NR_setuid, 42));
172 emulator.ExpectErrno(ESRCH, FakeSyscall(__NR_setuid, 43)); 176 emulator.ExpectKill(FakeSyscall(__NR_setuid, 43));
173 } 177 }
174 178
175 /* On IA-32, socketpair() is implemented via socketcall(). :-( */ 179 /* On IA-32, socketpair() is implemented via socketcall(). :-( */
176 #if !defined(ARCH_CPU_X86) 180 #if !defined(ARCH_CPU_X86)
177 class BooleanLogicPolicy : public Policy { 181 class BooleanLogicPolicy : public Policy {
178 public: 182 public:
179 BooleanLogicPolicy() {} 183 BooleanLogicPolicy() {}
180 ~BooleanLogicPolicy() override {} 184 ~BooleanLogicPolicy() override {}
181 ResultExpr EvaluateSyscall(int sysno) const override { 185 ResultExpr EvaluateSyscall(int sysno) const override {
182 if (sysno == __NR_socketpair) { 186 if (sysno == __NR_socketpair) {
(...skipping 319 matching lines...) Expand 10 before | Expand all | Expand 10 after
502 EXPECT_TRUE(unsafe->HasUnsafeTraps()); 506 EXPECT_TRUE(unsafe->HasUnsafeTraps());
503 507
504 const Arg<int> arg(0); 508 const Arg<int> arg(0);
505 ResultExpr maybe = If(arg == 0, allow).Else(unsafe); 509 ResultExpr maybe = If(arg == 0, allow).Else(unsafe);
506 EXPECT_TRUE(maybe->HasUnsafeTraps()); 510 EXPECT_TRUE(maybe->HasUnsafeTraps());
507 } 511 }
508 512
509 } // namespace 513 } // namespace
510 } // namespace bpf_dsl 514 } // namespace bpf_dsl
511 } // namespace sandbox 515 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl.cc ('k') | sandbox/linux/bpf_dsl/policy_compiler.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698