OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <errno.h> | 5 #include <errno.h> |
6 #include <pthread.h> | 6 #include <pthread.h> |
7 #include <sched.h> | 7 #include <sched.h> |
8 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
9 #include <sys/syscall.h> | 9 #include <sys/syscall.h> |
10 #include <sys/time.h> | 10 #include <sys/time.h> |
11 #include <sys/types.h> | 11 #include <sys/types.h> |
12 #include <sys/utsname.h> | 12 #include <sys/utsname.h> |
13 #include <unistd.h> | 13 #include <unistd.h> |
14 | 14 |
15 #if defined(ANDROID) | 15 #if defined(ANDROID) |
16 // Work-around for buggy headers in Android's NDK | 16 // Work-around for buggy headers in Android's NDK |
17 #define __user | 17 #define __user |
18 #endif | 18 #endif |
19 #include <linux/futex.h> | 19 #include <linux/futex.h> |
20 | 20 |
21 #include <ostream> | 21 #include <ostream> |
22 | 22 |
23 #include "base/bind.h" | |
23 #include "base/memory/scoped_ptr.h" | 24 #include "base/memory/scoped_ptr.h" |
24 #include "build/build_config.h" | 25 #include "build/build_config.h" |
25 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 26 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
26 #include "sandbox/linux/seccomp-bpf/syscall.h" | 27 #include "sandbox/linux/seccomp-bpf/syscall.h" |
27 #include "sandbox/linux/seccomp-bpf/trap.h" | 28 #include "sandbox/linux/seccomp-bpf/trap.h" |
28 #include "sandbox/linux/seccomp-bpf/verifier.h" | 29 #include "sandbox/linux/seccomp-bpf/verifier.h" |
29 #include "sandbox/linux/services/broker_process.h" | 30 #include "sandbox/linux/services/broker_process.h" |
30 #include "sandbox/linux/services/linux_syscalls.h" | 31 #include "sandbox/linux/services/linux_syscalls.h" |
31 #include "sandbox/linux/tests/unit_tests.h" | 32 #include "sandbox/linux/tests/unit_tests.h" |
32 #include "testing/gtest/include/gtest/gtest.h" | 33 #include "testing/gtest/include/gtest/gtest.h" |
(...skipping 631 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
664 // accidentally mess with errno, when we shouldn't. | 665 // accidentally mess with errno, when we shouldn't. |
665 errno = 0; | 666 errno = 0; |
666 struct arch_seccomp_data args = {}; | 667 struct arch_seccomp_data args = {}; |
667 args.nr = __NR_close; | 668 args.nr = __NR_close; |
668 args.args[0] = -1; | 669 args.args[0] = -1; |
669 BPF_ASSERT(SandboxBPF::ForwardSyscall(args) == -EBADF); | 670 BPF_ASSERT(SandboxBPF::ForwardSyscall(args) == -EBADF); |
670 BPF_ASSERT(errno == 0); | 671 BPF_ASSERT(errno == 0); |
671 } | 672 } |
672 | 673 |
673 // Test a trap handler that makes use of a broker process to open(). | 674 // Test a trap handler that makes use of a broker process to open(). |
675 bool NoOpCallback() { | |
jln (very slow on Chromium)
2014/02/20 23:38:52
The comment becomes a little confusing here. Let's
dshwang
2014/02/21 07:03:13
I move this function few lines above, not the top.
| |
676 return true; | |
677 } | |
674 | 678 |
675 class InitializedOpenBroker { | 679 class InitializedOpenBroker { |
676 public: | 680 public: |
677 InitializedOpenBroker() : initialized_(false) { | 681 InitializedOpenBroker() : initialized_(false) { |
678 std::vector<std::string> allowed_files; | 682 std::vector<std::string> allowed_files; |
679 allowed_files.push_back("/proc/allowed"); | 683 allowed_files.push_back("/proc/allowed"); |
680 allowed_files.push_back("/proc/cpuinfo"); | 684 allowed_files.push_back("/proc/cpuinfo"); |
681 | 685 |
682 broker_process_.reset( | 686 broker_process_.reset( |
683 new BrokerProcess(EPERM, allowed_files, std::vector<std::string>())); | 687 new BrokerProcess(EPERM, allowed_files, std::vector<std::string>())); |
684 BPF_ASSERT(broker_process() != NULL); | 688 BPF_ASSERT(broker_process() != NULL); |
685 BPF_ASSERT(broker_process_->Init(NULL)); | 689 BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); |
686 | 690 |
687 initialized_ = true; | 691 initialized_ = true; |
688 } | 692 } |
689 bool initialized() { return initialized_; } | 693 bool initialized() { return initialized_; } |
690 class BrokerProcess* broker_process() { return broker_process_.get(); } | 694 class BrokerProcess* broker_process() { return broker_process_.get(); } |
691 | 695 |
692 private: | 696 private: |
693 bool initialized_; | 697 bool initialized_; |
694 scoped_ptr<class BrokerProcess> broker_process_; | 698 scoped_ptr<class BrokerProcess> broker_process_; |
695 DISALLOW_COPY_AND_ASSIGN(InitializedOpenBroker); | 699 DISALLOW_COPY_AND_ASSIGN(InitializedOpenBroker); |
(...skipping 1078 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1774 &pid) == -EPERM); | 1778 &pid) == -EPERM); |
1775 } | 1779 } |
1776 | 1780 |
1777 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); } | 1781 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); } |
1778 | 1782 |
1779 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); } | 1783 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); } |
1780 | 1784 |
1781 } // namespace | 1785 } // namespace |
1782 | 1786 |
1783 } // namespace sandbox | 1787 } // namespace sandbox |
OLD | NEW |