OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. | 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. |
6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ | 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ |
7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) | 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) |
8 | 8 |
9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
10 | 10 |
11 #include <errno.h> | 11 #include <errno.h> |
12 #include <fcntl.h> | 12 #include <fcntl.h> |
13 #include <linux/net.h> | 13 #include <linux/net.h> |
14 #include <pthread.h> | 14 #include <pthread.h> |
15 #include <sched.h> | 15 #include <sched.h> |
16 #include <signal.h> | 16 #include <signal.h> |
17 #include <stdlib.h> | 17 #include <stdlib.h> |
18 #include <string.h> | 18 #include <string.h> |
19 #include <sys/mman.h> | 19 #include <sys/mman.h> |
20 #include <sys/prctl.h> | 20 #include <sys/prctl.h> |
21 #include <sys/socket.h> | 21 #include <sys/socket.h> |
22 #include <sys/syscall.h> | 22 #include <sys/syscall.h> |
23 #include <sys/types.h> | 23 #include <sys/types.h> |
24 #include <sys/wait.h> | 24 #include <sys/wait.h> |
25 #include <time.h> | 25 #include <time.h> |
26 #include <unistd.h> | 26 #include <unistd.h> |
27 | 27 |
| 28 #include <memory> |
| 29 |
28 #include "base/at_exit.h" | 30 #include "base/at_exit.h" |
29 #include "base/bind.h" | 31 #include "base/bind.h" |
30 #include "base/callback.h" | 32 #include "base/callback.h" |
31 #include "base/compiler_specific.h" | 33 #include "base/compiler_specific.h" |
32 #include "base/files/scoped_file.h" | 34 #include "base/files/scoped_file.h" |
33 #include "base/logging.h" | 35 #include "base/logging.h" |
34 #include "base/macros.h" | 36 #include "base/macros.h" |
35 #include "base/posix/eintr_wrapper.h" | 37 #include "base/posix/eintr_wrapper.h" |
36 #include "base/sys_info.h" | 38 #include "base/sys_info.h" |
37 #include "base/threading/thread.h" | 39 #include "base/threading/thread.h" |
(...skipping 562 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
600 | 602 |
601 // The following tests check for several restrictions in tgkill(). A delegate is | 603 // The following tests check for several restrictions in tgkill(). A delegate is |
602 // needed to be able to call getpid() from inside the process that will be | 604 // needed to be able to call getpid() from inside the process that will be |
603 // sandboxed, but before the sandbox is installed. | 605 // sandboxed, but before the sandbox is installed. |
604 template<void(*callback)(int pid, int tid)> | 606 template<void(*callback)(int pid, int tid)> |
605 class TgkillDelegate : public sandbox::BPFTesterDelegate { | 607 class TgkillDelegate : public sandbox::BPFTesterDelegate { |
606 public: | 608 public: |
607 TgkillDelegate() {} | 609 TgkillDelegate() {} |
608 ~TgkillDelegate() override {} | 610 ~TgkillDelegate() override {} |
609 | 611 |
610 scoped_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override { | 612 std::unique_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override { |
611 // These two values must be obtained when running in the sandboxed process. | 613 // These two values must be obtained when running in the sandboxed process. |
612 // They cannot be set in the constructor and are also not available from | 614 // They cannot be set in the constructor and are also not available from |
613 // within |RunTestFunction|. | 615 // within |RunTestFunction|. |
614 pid_ = getpid(); | 616 pid_ = getpid(); |
615 tid_ = syscall(__NR_gettid); | 617 tid_ = syscall(__NR_gettid); |
616 | 618 |
617 return scoped_ptr<sandbox::bpf_dsl::Policy>( | 619 return std::unique_ptr<sandbox::bpf_dsl::Policy>( |
618 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy()); | 620 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy()); |
619 } | 621 } |
620 | 622 |
621 void RunTestFunction() override { | 623 void RunTestFunction() override { |
622 callback(pid_, tid_); | 624 callback(pid_, tid_); |
623 } | 625 } |
624 | 626 |
625 // These are longs as a temporary workaround for crbug.com/532992. | 627 // These are longs as a temporary workaround for crbug.com/532992. |
626 long pid_; | 628 long pid_; |
627 long tid_; | 629 long tid_; |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
694 RESTRICT_SYSCALL_EPERM_TEST(ptrace); | 696 RESTRICT_SYSCALL_EPERM_TEST(ptrace); |
695 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); | 697 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); |
696 #if defined(__i386__) || defined(__x86_64__) | 698 #if defined(__i386__) || defined(__x86_64__) |
697 RESTRICT_SYSCALL_EPERM_TEST(time); | 699 RESTRICT_SYSCALL_EPERM_TEST(time); |
698 #endif | 700 #endif |
699 | 701 |
700 } // namespace | 702 } // namespace |
701 | 703 |
702 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && | 704 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && |
703 // !MEMORY_SANITIZER && !LEAK_SANITIZER | 705 // !MEMORY_SANITIZER && !LEAK_SANITIZER |
OLD | NEW |