| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <netinet/in.h> | 9 #include <netinet/in.h> |
| 10 #include <sched.h> | 10 #include <sched.h> |
| 11 #include <signal.h> | 11 #include <signal.h> |
| 12 #include <stddef.h> | 12 #include <stddef.h> |
| 13 #include <string.h> | 13 #include <string.h> |
| 14 #include <sys/prctl.h> | 14 #include <sys/prctl.h> |
| 15 #include <sys/resource.h> | 15 #include <sys/resource.h> |
| 16 #include <sys/socket.h> | 16 #include <sys/socket.h> |
| 17 #include <sys/stat.h> | 17 #include <sys/stat.h> |
| 18 #include <sys/syscall.h> | 18 #include <sys/syscall.h> |
| 19 #include <sys/time.h> | 19 #include <sys/time.h> |
| 20 #include <sys/types.h> | 20 #include <sys/types.h> |
| 21 #include <sys/wait.h> | 21 #include <sys/wait.h> |
| 22 #include <time.h> | 22 #include <time.h> |
| 23 #include <unistd.h> | 23 #include <unistd.h> |
| 24 | 24 |
| 25 #include "base/files/scoped_file.h" | 25 #include "base/files/scoped_file.h" |
| 26 #include "base/macros.h" | 26 #include "base/macros.h" |
| 27 #include "base/posix/eintr_wrapper.h" | 27 #include "base/posix/eintr_wrapper.h" |
| 28 #include "base/synchronization/lock.h" |
| 28 #include "base/threading/thread.h" | 29 #include "base/threading/thread.h" |
| 29 #include "build/build_config.h" | 30 #include "build/build_config.h" |
| 30 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 31 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 31 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 32 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 32 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 33 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 33 #include "sandbox/linux/seccomp-bpf/syscall.h" | 34 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 34 #include "sandbox/linux/services/syscall_wrappers.h" | 35 #include "sandbox/linux/services/syscall_wrappers.h" |
| 35 #include "sandbox/linux/services/thread_helpers.h" | 36 #include "sandbox/linux/services/thread_helpers.h" |
| 36 #include "sandbox/linux/system_headers/linux_futex.h" | 37 #include "sandbox/linux/system_headers/linux_futex.h" |
| 37 #include "sandbox/linux/system_headers/linux_syscalls.h" | 38 #include "sandbox/linux/system_headers/linux_syscalls.h" |
| (...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 241 TEST_BASELINE_SIGSYS(__NR_sysinfo); | 242 TEST_BASELINE_SIGSYS(__NR_sysinfo); |
| 242 TEST_BASELINE_SIGSYS(__NR_syslog); | 243 TEST_BASELINE_SIGSYS(__NR_syslog); |
| 243 TEST_BASELINE_SIGSYS(__NR_timer_create); | 244 TEST_BASELINE_SIGSYS(__NR_timer_create); |
| 244 | 245 |
| 245 #if !defined(__aarch64__) | 246 #if !defined(__aarch64__) |
| 246 TEST_BASELINE_SIGSYS(__NR_eventfd); | 247 TEST_BASELINE_SIGSYS(__NR_eventfd); |
| 247 TEST_BASELINE_SIGSYS(__NR_inotify_init); | 248 TEST_BASELINE_SIGSYS(__NR_inotify_init); |
| 248 TEST_BASELINE_SIGSYS(__NR_vserver); | 249 TEST_BASELINE_SIGSYS(__NR_vserver); |
| 249 #endif | 250 #endif |
| 250 | 251 |
| 252 #if !PRIORITY_INHERITANCE_LOCKS_POSSIBLE() |
| 251 #if defined(LIBC_GLIBC) && !defined(OS_CHROMEOS) | 253 #if defined(LIBC_GLIBC) && !defined(OS_CHROMEOS) |
| 252 BPF_TEST_C(BaselinePolicy, FutexEINVAL, BaselinePolicy) { | 254 BPF_TEST_C(BaselinePolicy, FutexEINVAL, BaselinePolicy) { |
| 253 int ops[] = { | 255 int ops[] = { |
| 254 FUTEX_CMP_REQUEUE_PI, FUTEX_CMP_REQUEUE_PI_PRIVATE, | 256 FUTEX_CMP_REQUEUE_PI, FUTEX_CMP_REQUEUE_PI_PRIVATE, |
| 255 FUTEX_UNLOCK_PI_PRIVATE, | 257 FUTEX_UNLOCK_PI_PRIVATE, |
| 256 }; | 258 }; |
| 257 | 259 |
| 258 for (int op : ops) { | 260 for (int op : ops) { |
| 259 BPF_ASSERT_EQ(-1, syscall(__NR_futex, NULL, op, 0, NULL, NULL, 0)); | 261 BPF_ASSERT_EQ(-1, syscall(__NR_futex, NULL, op, 0, NULL, NULL, 0)); |
| 260 BPF_ASSERT_EQ(EINVAL, errno); | 262 BPF_ASSERT_EQ(EINVAL, errno); |
| 261 } | 263 } |
| 262 } | 264 } |
| 263 #else | 265 #else // defined(LIBC_GLIBC) && !defined(OS_CHROMEOS) |
| 264 BPF_DEATH_TEST_C(BaselinePolicy, | 266 BPF_DEATH_TEST_C(BaselinePolicy, |
| 265 FutexWithRequeuePriorityInheritence, | 267 FutexWithRequeuePriorityInheritence, |
| 266 DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()), | 268 DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()), |
| 267 BaselinePolicy) { | 269 BaselinePolicy) { |
| 268 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0); | 270 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0); |
| 269 _exit(1); | 271 _exit(1); |
| 270 } | 272 } |
| 271 | 273 |
| 272 BPF_DEATH_TEST_C(BaselinePolicy, | 274 BPF_DEATH_TEST_C(BaselinePolicy, |
| 273 FutexWithRequeuePriorityInheritencePrivate, | 275 FutexWithRequeuePriorityInheritencePrivate, |
| 274 DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()), | 276 DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()), |
| 275 BaselinePolicy) { | 277 BaselinePolicy) { |
| 276 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI_PRIVATE, 0, NULL, NULL, 0); | 278 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI_PRIVATE, 0, NULL, NULL, 0); |
| 277 _exit(1); | 279 _exit(1); |
| 278 } | 280 } |
| 279 | 281 |
| 280 BPF_DEATH_TEST_C(BaselinePolicy, | 282 BPF_DEATH_TEST_C(BaselinePolicy, |
| 281 FutexWithUnlockPIPrivate, | 283 FutexWithUnlockPIPrivate, |
| 282 DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()), | 284 DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()), |
| 283 BaselinePolicy) { | 285 BaselinePolicy) { |
| 284 syscall(__NR_futex, NULL, FUTEX_UNLOCK_PI_PRIVATE, 0, NULL, NULL, 0); | 286 syscall(__NR_futex, NULL, FUTEX_UNLOCK_PI_PRIVATE, 0, NULL, NULL, 0); |
| 285 _exit(1); | 287 _exit(1); |
| 286 } | 288 } |
| 287 #endif // defined(LIBC_GLIBC) && !defined(OS_CHROMEOS) | 289 #endif // defined(LIBC_GLIBC) && !defined(OS_CHROMEOS) |
| 290 #endif // !PRIORITY_INHERITANCE_LOCKS_POSSIBLE() |
| 288 | 291 |
| 289 BPF_TEST_C(BaselinePolicy, PrctlDumpable, BaselinePolicy) { | 292 BPF_TEST_C(BaselinePolicy, PrctlDumpable, BaselinePolicy) { |
| 290 const int is_dumpable = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0); | 293 const int is_dumpable = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0); |
| 291 BPF_ASSERT(is_dumpable == 1 || is_dumpable == 0); | 294 BPF_ASSERT(is_dumpable == 1 || is_dumpable == 0); |
| 292 const int prctl_ret = prctl(PR_SET_DUMPABLE, is_dumpable, 0, 0, 0, 0); | 295 const int prctl_ret = prctl(PR_SET_DUMPABLE, is_dumpable, 0, 0, 0, 0); |
| 293 BPF_ASSERT_EQ(0, prctl_ret); | 296 BPF_ASSERT_EQ(0, prctl_ret); |
| 294 } | 297 } |
| 295 | 298 |
| 296 // Workaround incomplete Android headers. | 299 // Workaround incomplete Android headers. |
| 297 #if !defined(PR_CAPBSET_READ) | 300 #if !defined(PR_CAPBSET_READ) |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 390 int fds[2]; | 393 int fds[2]; |
| 391 PCHECK(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0); | 394 PCHECK(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0); |
| 392 int id; | 395 int id; |
| 393 setsockopt(fds[0], SOL_SOCKET, SO_DEBUG, &id, sizeof(id)); | 396 setsockopt(fds[0], SOL_SOCKET, SO_DEBUG, &id, sizeof(id)); |
| 394 } | 397 } |
| 395 #endif | 398 #endif |
| 396 | 399 |
| 397 } // namespace | 400 } // namespace |
| 398 | 401 |
| 399 } // namespace sandbox | 402 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2028303005:
Add PTHREAD_PRIO_INHERIT to POSIX Locks (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master