Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(385)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc

Issue 248633004: Non-SFI NaCl: Clean up seccomp for syscalls which return EPERM (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
index 41829910717fd8fc5b91ee7869e83451772cab06..5fab8b44d76d3149b9645389848b70751ae3fce2 100644
--- a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
@@ -345,132 +345,33 @@ BPF_TEST(NaClNonSfiSandboxTest, brk,
BPF_ASSERT_EQ(ENOMEM, errno);
}
-BPF_TEST(NaClNonSfiSandboxTest, epoll_create_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_epoll_create));
- BPF_ASSERT_EQ(EPERM, errno);
-}
+// The following test cases check if syscalls return EPERM regardless
+// of arguments.
+#define RESTRICT_SYSCALL_EPERM_TEST(name) \
jln (very slow on Chromium) 2014/04/24 16:39:00 maybe align the "\"?
hamaji 2014/04/25 00:13:27 Done. Emacs seems to like this. I added a linebrea
+ BPF_TEST(NaClNonSfiSandboxTest, name ## _EPERM, \
+ nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { \
+ errno = 0; \
+ BPF_ASSERT_EQ(-1, syscall(__NR_ ## name, 0, 0, 0, 0, 0)); \
Mark Seaborn 2014/04/24 16:41:29 Nit: syscalls take upto 6 args (e.g. mmap), so add
hamaji 2014/04/25 00:13:27 Done. I asked about this before, and this slipped
+ BPF_ASSERT_EQ(EPERM, errno); \
+ }
+RESTRICT_SYSCALL_EPERM_TEST(epoll_create);
#if defined(__i386__) || defined(__arm__)
-BPF_TEST(NaClNonSfiSandboxTest, getegid32_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_getegid32));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, geteuid32_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_geteuid32));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, getgid32_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_getgid32));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, getuid32_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_getuid32));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_DEATH_TEST(NaClNonSfiSandboxTest, getegid_SIGSYS,
- DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- syscall(__NR_getegid);
-}
-
-BPF_DEATH_TEST(NaClNonSfiSandboxTest, geteuid_SIGSYS,
- DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- syscall(__NR_geteuid);
-}
-
-BPF_DEATH_TEST(NaClNonSfiSandboxTest, getgid_SIGSYS,
- DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- syscall(__NR_getgid);
-}
-
-BPF_DEATH_TEST(NaClNonSfiSandboxTest, getuid_SIGSYS,
- DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- syscall(__NR_getuid);
-}
-#endif
-
-#if defined(__x86_64__)
-BPF_TEST(NaClNonSfiSandboxTest, getegid_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_getegid));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, geteuid_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_geteuid));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, getgid_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_getgid));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, getuid_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_getuid));
- BPF_ASSERT_EQ(EPERM, errno);
-}
+RESTRICT_SYSCALL_EPERM_TEST(getegid32);
+RESTRICT_SYSCALL_EPERM_TEST(geteuid32);
+RESTRICT_SYSCALL_EPERM_TEST(getgid32);
+RESTRICT_SYSCALL_EPERM_TEST(getuid32);
#endif
-
-BPF_TEST(NaClNonSfiSandboxTest, madvise_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_madvise));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, open_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_open));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, ptrace_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_ptrace));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
-BPF_TEST(NaClNonSfiSandboxTest, set_robust_list_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_set_robust_list));
- BPF_ASSERT_EQ(EPERM, errno);
-}
-
+RESTRICT_SYSCALL_EPERM_TEST(getegid);
+RESTRICT_SYSCALL_EPERM_TEST(geteuid);
+RESTRICT_SYSCALL_EPERM_TEST(getgid);
+RESTRICT_SYSCALL_EPERM_TEST(getuid);
+RESTRICT_SYSCALL_EPERM_TEST(madvise);
+RESTRICT_SYSCALL_EPERM_TEST(open);
+RESTRICT_SYSCALL_EPERM_TEST(ptrace);
+RESTRICT_SYSCALL_EPERM_TEST(set_robust_list);
#if defined(__i386__) || defined(__x86_64__)
-BPF_TEST(NaClNonSfiSandboxTest, time_EPERM,
- nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
- errno = 0;
- BPF_ASSERT_EQ(-1, syscall(__NR_time));
- BPF_ASSERT_EQ(EPERM, errno);
-}
+RESTRICT_SYSCALL_EPERM_TEST(time);
#endif
} // namespace
« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698