components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc - Issue 248633004: Non-SFI NaCl: Clean up seccomp for syscalls which return EPERM

Side by Side Diff: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc

Issue 248633004: Non-SFI NaCl: Clean up seccomp for syscalls which return EPERM (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: handle review comments Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // ASan internally uses some syscalls which non-SFI NaCl disallows.	5 // ASan internally uses some syscalls which non-SFI NaCl disallows.

6 // Seccomp-BPF tests die under TSan v2. See http://crbug.com/356588	6 // Seccomp-BPF tests die under TSan v2. See http://crbug.com/356588

7 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER)	7 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER)

8	8

9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h"	9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h"

10	10

(...skipping 327 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
338 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {	338 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

339 char* next_brk = static_cast<char*>(sbrk(0)) + getpagesize();	339 char* next_brk = static_cast<char*>(sbrk(0)) + getpagesize();

340 // The kernel interface must return zero for brk.	340 // The kernel interface must return zero for brk.

341 BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk));	341 BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk));

342 // The libc wrapper translates it to ENOMEM.	342 // The libc wrapper translates it to ENOMEM.

343 errno = 0;	343 errno = 0;

344 BPF_ASSERT_EQ(-1, brk(next_brk));	344 BPF_ASSERT_EQ(-1, brk(next_brk));

345 BPF_ASSERT_EQ(ENOMEM, errno);	345 BPF_ASSERT_EQ(ENOMEM, errno);

346 }	346 }

347	347

348 BPF_TEST(NaClNonSfiSandboxTest, epoll_create_EPERM,	348 // The following test cases check if syscalls return EPERM regardless

349 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {	349 // of arguments.

350 errno = 0;	350 #define RESTRICT_SYSCALL_EPERM_TEST(name) \

351 BPF_ASSERT_EQ(-1, syscall(__NR_epoll_create));	351 BPF_TEST( \

352 BPF_ASSERT_EQ(EPERM, errno);	352 NaClNonSfiSandboxTest, name ## _EPERM, \

353 }	353 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { \

	354 errno = 0; \

	355 BPF_ASSERT_EQ(-1, syscall(__NR_ ## name, 0, 0, 0, 0, 0, 0)); \

	356 BPF_ASSERT_EQ(EPERM, errno); \

	357 }

354	358

	359 RESTRICT_SYSCALL_EPERM_TEST(epoll_create);

355 #if defined(__i386__) \|\| defined(__arm__)	360 #if defined(__i386__) \|\| defined(__arm__)

356 BPF_TEST(NaClNonSfiSandboxTest, getegid32_EPERM,	361 RESTRICT_SYSCALL_EPERM_TEST(getegid32);

357 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {	362 RESTRICT_SYSCALL_EPERM_TEST(geteuid32);

358 errno = 0;	363 RESTRICT_SYSCALL_EPERM_TEST(getgid32);

359 BPF_ASSERT_EQ(-1, syscall(__NR_getegid32));	364 RESTRICT_SYSCALL_EPERM_TEST(getuid32);

360 BPF_ASSERT_EQ(EPERM, errno);

361 }

362

363 BPF_TEST(NaClNonSfiSandboxTest, geteuid32_EPERM,

364 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

365 errno = 0;

366 BPF_ASSERT_EQ(-1, syscall(__NR_geteuid32));

367 BPF_ASSERT_EQ(EPERM, errno);

368 }

369

370 BPF_TEST(NaClNonSfiSandboxTest, getgid32_EPERM,

371 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

372 errno = 0;

373 BPF_ASSERT_EQ(-1, syscall(__NR_getgid32));

374 BPF_ASSERT_EQ(EPERM, errno);

375 }

376

377 BPF_TEST(NaClNonSfiSandboxTest, getuid32_EPERM,

378 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

379 errno = 0;

380 BPF_ASSERT_EQ(-1, syscall(__NR_getuid32));

381 BPF_ASSERT_EQ(EPERM, errno);

382 }

383

384 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getegid_SIGSYS,

385 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),

386 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

387 syscall(__NR_getegid);

388 }

389

390 BPF_DEATH_TEST(NaClNonSfiSandboxTest, geteuid_SIGSYS,

391 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),

392 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

393 syscall(__NR_geteuid);

394 }

395

396 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getgid_SIGSYS,

397 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),

398 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

399 syscall(__NR_getgid);

400 }

401

402 BPF_DEATH_TEST(NaClNonSfiSandboxTest, getuid_SIGSYS,

403 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),

404 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

405 syscall(__NR_getuid);

406 }

407 #endif	365 #endif

408	366 RESTRICT_SYSCALL_EPERM_TEST(getegid);

409 #if defined(__x86_64__)	367 RESTRICT_SYSCALL_EPERM_TEST(geteuid);

410 BPF_TEST(NaClNonSfiSandboxTest, getegid_EPERM,	368 RESTRICT_SYSCALL_EPERM_TEST(getgid);

411 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {	369 RESTRICT_SYSCALL_EPERM_TEST(getuid);

412 errno = 0;	370 RESTRICT_SYSCALL_EPERM_TEST(madvise);

413 BPF_ASSERT_EQ(-1, syscall(__NR_getegid));	371 RESTRICT_SYSCALL_EPERM_TEST(open);

414 BPF_ASSERT_EQ(EPERM, errno);	372 RESTRICT_SYSCALL_EPERM_TEST(ptrace);

415 }	373 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list);

416

417 BPF_TEST(NaClNonSfiSandboxTest, geteuid_EPERM,

418 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

419 errno = 0;

420 BPF_ASSERT_EQ(-1, syscall(__NR_geteuid));

421 BPF_ASSERT_EQ(EPERM, errno);

422 }

423

424 BPF_TEST(NaClNonSfiSandboxTest, getgid_EPERM,

425 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

426 errno = 0;

427 BPF_ASSERT_EQ(-1, syscall(__NR_getgid));

428 BPF_ASSERT_EQ(EPERM, errno);

429 }

430

431 BPF_TEST(NaClNonSfiSandboxTest, getuid_EPERM,

432 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

433 errno = 0;

434 BPF_ASSERT_EQ(-1, syscall(__NR_getuid));

435 BPF_ASSERT_EQ(EPERM, errno);

436 }

437 #endif

438

439 BPF_TEST(NaClNonSfiSandboxTest, madvise_EPERM,

440 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

441 errno = 0;

442 BPF_ASSERT_EQ(-1, syscall(__NR_madvise));

443 BPF_ASSERT_EQ(EPERM, errno);

444 }

445

446 BPF_TEST(NaClNonSfiSandboxTest, open_EPERM,

447 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

448 errno = 0;

449 BPF_ASSERT_EQ(-1, syscall(__NR_open));

450 BPF_ASSERT_EQ(EPERM, errno);

451 }

452

453 BPF_TEST(NaClNonSfiSandboxTest, ptrace_EPERM,

454 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

455 errno = 0;

456 BPF_ASSERT_EQ(-1, syscall(__NR_ptrace));

457 BPF_ASSERT_EQ(EPERM, errno);

458 }

459

460 BPF_TEST(NaClNonSfiSandboxTest, set_robust_list_EPERM,

461 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

462 errno = 0;

463 BPF_ASSERT_EQ(-1, syscall(__NR_set_robust_list));

464 BPF_ASSERT_EQ(EPERM, errno);

465 }

466

467 #if defined(__i386__) \|\| defined(__x86_64__)	374 #if defined(__i386__) \|\| defined(__x86_64__)

468 BPF_TEST(NaClNonSfiSandboxTest, time_EPERM,	375 RESTRICT_SYSCALL_EPERM_TEST(time);

469 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {

470 errno = 0;

471 BPF_ASSERT_EQ(-1, syscall(__NR_time));

472 BPF_ASSERT_EQ(EPERM, errno);

473 }

474 #endif	376 #endif

475	377

476 } // namespace	378 } // namespace

477	379

478 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER	380 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER

OLD	NEW

« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc ('k') | no next file » | no next file with comments »