| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // ASAN internally uses some syscalls which non-SFI NaCl disallows. | 5 // ASAN internally uses some syscalls which non-SFI NaCl disallows. |
| 6 // Seccomp-BPF tests die under TSAN v2. See http://crbug.com/356588 | 6 // Seccomp-BPF tests die under TSAN v2. See http://crbug.com/356588 |
| 7 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) | 7 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) |
| 8 | 8 |
| 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
| 10 | 10 |
| 11 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 11 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 12 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 12 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 13 | 13 |
| 14 namespace { | 14 namespace { |
| 15 | 15 |
| 16 // Test cases in this file just make sure not-whitelisted syscalls | 16 // Test cases in this file just make sure not-whitelisted syscalls |
| 17 // are appropriately disallowed. They should raise SIGSYS regardless | 17 // are appropriately disallowed. They should raise SIGSYS regardless |
| 18 // of arguments. We always pass five zeros not to pass uninitialized | 18 // of arguments. We always pass five zeros not to pass uninitialized |
| 19 // values to syscalls. | 19 // values to syscalls. |
| 20 #define RESTRICT_SYSCALL_DEATH_TEST_IMPL(name, sysno) \ | 20 #define RESTRICT_SYSCALL_DEATH_TEST_IMPL(name, sysno) \ |
| 21 BPF_DEATH_TEST( \ | 21 BPF_DEATH_TEST( \ |
| 22 NaClNonSfiSandboxSIGSYSTest, name, \ | 22 NaClNonSfiSandboxSIGSYSTest, name, \ |
| 23 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), \ | 23 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), \ |
| 24 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { \ | 24 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { \ |
| 25 syscall(sysno, 0, 0, 0, 0, 0); \ | 25 syscall(sysno, 0, 0, 0, 0, 0, 0); \ |
| 26 } | 26 } |
| 27 | 27 |
| 28 #define RESTRICT_SYSCALL_DEATH_TEST(name) \ | 28 #define RESTRICT_SYSCALL_DEATH_TEST(name) \ |
| 29 RESTRICT_SYSCALL_DEATH_TEST_IMPL(name, __NR_ ## name) | 29 RESTRICT_SYSCALL_DEATH_TEST_IMPL(name, __NR_ ## name) |
| 30 | 30 |
| 31 #define RESTRICT_ARM_SYSCALL_DEATH_TEST(name) \ | 31 #define RESTRICT_ARM_SYSCALL_DEATH_TEST(name) \ |
| 32 RESTRICT_SYSCALL_DEATH_TEST_IMPL(ARM_ ## name, __ARM_NR_ ## name) | 32 RESTRICT_SYSCALL_DEATH_TEST_IMPL(ARM_ ## name, __ARM_NR_ ## name) |
| 33 | 33 |
| 34 #if defined(__i386__) || defined(__arm__) | 34 #if defined(__i386__) || defined(__arm__) |
| 35 RESTRICT_SYSCALL_DEATH_TEST(_newselect); | 35 RESTRICT_SYSCALL_DEATH_TEST(_newselect); |
| (...skipping 571 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 607 #if defined(__arm__) | 607 #if defined(__arm__) |
| 608 RESTRICT_ARM_SYSCALL_DEATH_TEST(breakpoint); | 608 RESTRICT_ARM_SYSCALL_DEATH_TEST(breakpoint); |
| 609 RESTRICT_ARM_SYSCALL_DEATH_TEST(usr26); | 609 RESTRICT_ARM_SYSCALL_DEATH_TEST(usr26); |
| 610 RESTRICT_ARM_SYSCALL_DEATH_TEST(usr32); | 610 RESTRICT_ARM_SYSCALL_DEATH_TEST(usr32); |
| 611 RESTRICT_ARM_SYSCALL_DEATH_TEST(set_tls); | 611 RESTRICT_ARM_SYSCALL_DEATH_TEST(set_tls); |
| 612 #endif | 612 #endif |
| 613 | 613 |
| 614 } // namespace | 614 } // namespace |
| 615 | 615 |
| 616 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER | 616 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 248633004:
Non-SFI NaCl: Clean up seccomp for syscalls which return EPERM (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src