Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(149)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc

Issue 1310773006: Update sandbox/linux from upstream (Closed) Base URL: ssh://ssh.github.com/domokit/mojo.git@master
Patch Set: Update to 3909ebfa69566f7374a6900e63cd4d3c73a35378 Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/verifier.cc ('k') | sandbox/linux/sandbox_linux.gypi » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <errno.h> 5 #include <errno.h>
6 #include <fcntl.h> 6 #include <fcntl.h>
7 #include <pthread.h> 7 #include <pthread.h>
8 #include <sched.h> 8 #include <sched.h>
9 #include <signal.h> 9 #include <signal.h>
10 #include <sys/prctl.h> 10 #include <sys/prctl.h>
(...skipping 14 matching lines...) Expand all
25 #include "base/bind.h" 25 #include "base/bind.h"
26 #include "base/logging.h" 26 #include "base/logging.h"
27 #include "base/macros.h" 27 #include "base/macros.h"
28 #include "base/memory/scoped_ptr.h" 28 #include "base/memory/scoped_ptr.h"
29 #include "base/posix/eintr_wrapper.h" 29 #include "base/posix/eintr_wrapper.h"
30 #include "base/synchronization/waitable_event.h" 30 #include "base/synchronization/waitable_event.h"
31 #include "base/sys_info.h" 31 #include "base/sys_info.h"
32 #include "base/threading/thread.h" 32 #include "base/threading/thread.h"
33 #include "build/build_config.h" 33 #include "build/build_config.h"
34 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 34 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
35 #include "sandbox/linux/bpf_dsl/errorcode.h"
35 #include "sandbox/linux/bpf_dsl/linux_syscall_ranges.h" 36 #include "sandbox/linux/bpf_dsl/linux_syscall_ranges.h"
36 #include "sandbox/linux/bpf_dsl/policy.h" 37 #include "sandbox/linux/bpf_dsl/policy.h"
37 #include "sandbox/linux/bpf_dsl/seccomp_macros.h" 38 #include "sandbox/linux/bpf_dsl/seccomp_macros.h"
38 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 39 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
39 #include "sandbox/linux/seccomp-bpf/die.h" 40 #include "sandbox/linux/seccomp-bpf/die.h"
40 #include "sandbox/linux/seccomp-bpf/errorcode.h"
41 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 41 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
42 #include "sandbox/linux/seccomp-bpf/syscall.h" 42 #include "sandbox/linux/seccomp-bpf/syscall.h"
43 #include "sandbox/linux/seccomp-bpf/trap.h" 43 #include "sandbox/linux/seccomp-bpf/trap.h"
44 #include "sandbox/linux/services/syscall_wrappers.h" 44 #include "sandbox/linux/services/syscall_wrappers.h"
45 #include "sandbox/linux/services/thread_helpers.h" 45 #include "sandbox/linux/services/thread_helpers.h"
46 #include "sandbox/linux/system_headers/linux_syscalls.h" 46 #include "sandbox/linux/system_headers/linux_syscalls.h"
47 #include "sandbox/linux/tests/scoped_temporary_file.h" 47 #include "sandbox/linux/tests/scoped_temporary_file.h"
48 #include "sandbox/linux/tests/unit_tests.h" 48 #include "sandbox/linux/tests/unit_tests.h"
49 #include "testing/gtest/include/gtest/gtest.h" 49 #include "testing/gtest/include/gtest/gtest.h"
50 50
(...skipping 1209 matching lines...) Expand 10 before | Expand all | Expand 10 after
1260 .Case(3, HasAllBits32(0x80000000)) 1260 .Case(3, HasAllBits32(0x80000000))
1261 #if __SIZEOF_POINTER__ > 4 1261 #if __SIZEOF_POINTER__ > 4
1262 .Case(4, HasAllBits64(0x0)) 1262 .Case(4, HasAllBits64(0x0))
1263 .Case(5, HasAllBits64(0x1)) 1263 .Case(5, HasAllBits64(0x1))
1264 .Case(6, HasAllBits64(0x3)) 1264 .Case(6, HasAllBits64(0x3))
1265 .Case(7, HasAllBits64(0x80000000)) 1265 .Case(7, HasAllBits64(0x80000000))
1266 .Case(8, HasAllBits64(0x100000000ULL)) 1266 .Case(8, HasAllBits64(0x100000000ULL))
1267 .Case(9, HasAllBits64(0x300000000ULL)) 1267 .Case(9, HasAllBits64(0x300000000ULL))
1268 .Case(10, HasAllBits64(0x100000001ULL)) 1268 .Case(10, HasAllBits64(0x100000001ULL))
1269 #endif 1269 #endif
1270 .Default(Kill("Invalid test case number")); 1270 .Default(Kill());
1271 } 1271 }
1272 return Allow(); 1272 return Allow();
1273 } 1273 }
1274 1274
1275 // Define a macro that performs tests using our test policy. 1275 // Define a macro that performs tests using our test policy.
1276 // NOTE: Not all of the arguments in this macro are actually used! 1276 // NOTE: Not all of the arguments in this macro are actually used!
1277 // They are here just to serve as documentation of the conditions 1277 // They are here just to serve as documentation of the conditions
1278 // implemented in the test policy. 1278 // implemented in the test policy.
1279 // Most notably, "op" and "mask" are unused by the macro. If you want 1279 // Most notably, "op" and "mask" are unused by the macro. If you want
1280 // to make changes to these values, you will have to edit the 1280 // to make changes to these values, you will have to edit the
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after
1446 .Case(3, HasAnyBits32(0x80000000)) 1446 .Case(3, HasAnyBits32(0x80000000))
1447 #if __SIZEOF_POINTER__ > 4 1447 #if __SIZEOF_POINTER__ > 4
1448 .Case(4, HasAnyBits64(0x0)) 1448 .Case(4, HasAnyBits64(0x0))
1449 .Case(5, HasAnyBits64(0x1)) 1449 .Case(5, HasAnyBits64(0x1))
1450 .Case(6, HasAnyBits64(0x3)) 1450 .Case(6, HasAnyBits64(0x3))
1451 .Case(7, HasAnyBits64(0x80000000)) 1451 .Case(7, HasAnyBits64(0x80000000))
1452 .Case(8, HasAnyBits64(0x100000000ULL)) 1452 .Case(8, HasAnyBits64(0x100000000ULL))
1453 .Case(9, HasAnyBits64(0x300000000ULL)) 1453 .Case(9, HasAnyBits64(0x300000000ULL))
1454 .Case(10, HasAnyBits64(0x100000001ULL)) 1454 .Case(10, HasAnyBits64(0x100000001ULL))
1455 #endif 1455 #endif
1456 .Default(Kill("Invalid test case number")); 1456 .Default(Kill());
1457 } 1457 }
1458 return Allow(); 1458 return Allow();
1459 } 1459 }
1460 1460
1461 BPF_TEST_C(SandboxBPF, AnyBitTests, AnyBitTestPolicy) { 1461 BPF_TEST_C(SandboxBPF, AnyBitTests, AnyBitTestPolicy) {
1462 // 32bit test: any of 0x0 (should always be false) 1462 // 32bit test: any of 0x0 (should always be false)
1463 BITMASK_TEST( 0, 0, ANYBITS32, 0x0, EXPECT_FAILURE); 1463 BITMASK_TEST( 0, 0, ANYBITS32, 0x0, EXPECT_FAILURE);
1464 BITMASK_TEST( 0, 1, ANYBITS32, 0x0, EXPECT_FAILURE); 1464 BITMASK_TEST( 0, 1, ANYBITS32, 0x0, EXPECT_FAILURE);
1465 BITMASK_TEST( 0, 3, ANYBITS32, 0x0, EXPECT_FAILURE); 1465 BITMASK_TEST( 0, 3, ANYBITS32, 0x0, EXPECT_FAILURE);
1466 BITMASK_TEST( 0, 0xFFFFFFFFU, ANYBITS32, 0x0, EXPECT_FAILURE); 1466 BITMASK_TEST( 0, 0xFFFFFFFFU, ANYBITS32, 0x0, EXPECT_FAILURE);
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
1591 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); 1591 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
1592 1592
1593 if (sysno == __NR_uname) { 1593 if (sysno == __NR_uname) {
1594 const Arg<int> option(0); 1594 const Arg<int> option(0);
1595 return Switch(option) 1595 return Switch(option)
1596 .Case(0, MaskedEqual32(0x00ff00ff, 0x005500aa)) 1596 .Case(0, MaskedEqual32(0x00ff00ff, 0x005500aa))
1597 #if __SIZEOF_POINTER__ > 4 1597 #if __SIZEOF_POINTER__ > 4
1598 .Case(1, MaskedEqual64(0x00ff00ff00000000, 0x005500aa00000000)) 1598 .Case(1, MaskedEqual64(0x00ff00ff00000000, 0x005500aa00000000))
1599 .Case(2, MaskedEqual64(0x00ff00ff00ff00ff, 0x005500aa005500aa)) 1599 .Case(2, MaskedEqual64(0x00ff00ff00ff00ff, 0x005500aa005500aa))
1600 #endif 1600 #endif
1601 .Default(Kill("Invalid test case number")); 1601 .Default(Kill());
1602 } 1602 }
1603 1603
1604 return Allow(); 1604 return Allow();
1605 } 1605 }
1606 1606
1607 #define MASKEQ_TEST(rulenum, arg, expected_result) \ 1607 #define MASKEQ_TEST(rulenum, arg, expected_result) \
1608 BPF_ASSERT(Syscall::Call(__NR_uname, (rulenum), (arg)) == (expected_result)) 1608 BPF_ASSERT(Syscall::Call(__NR_uname, (rulenum), (arg)) == (expected_result))
1609 1609
1610 BPF_TEST_C(SandboxBPF, MaskedEqualTests, MaskedEqualTestPolicy) { 1610 BPF_TEST_C(SandboxBPF, MaskedEqualTests, MaskedEqualTestPolicy) {
1611 // Allowed: 0x__55__aa 1611 // Allowed: 0x__55__aa
(...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after
2250 BPF_ASSERT_EQ(ENOSYS, errno); 2250 BPF_ASSERT_EQ(ENOSYS, errno);
2251 2251
2252 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); 2252 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300));
2253 BPF_ASSERT_EQ(EPERM, errno); 2253 BPF_ASSERT_EQ(EPERM, errno);
2254 } 2254 }
2255 2255
2256 } // namespace 2256 } // namespace
2257 2257
2258 } // namespace bpf_dsl 2258 } // namespace bpf_dsl
2259 } // namespace sandbox 2259 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/bpf_dsl/verifier.cc ('k') | sandbox/linux/sandbox_linux.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698