OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <errno.h> | 5 #include <errno.h> |
6 #include <pthread.h> | 6 #include <pthread.h> |
7 #include <sched.h> | 7 #include <sched.h> |
8 #include <signal.h> | 8 #include <signal.h> |
9 #include <sys/prctl.h> | 9 #include <sys/prctl.h> |
10 #include <sys/ptrace.h> | 10 #include <sys/ptrace.h> |
11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
12 #include <sys/time.h> | 12 #include <sys/time.h> |
13 #include <sys/types.h> | 13 #include <sys/types.h> |
14 #include <sys/utsname.h> | 14 #include <sys/utsname.h> |
15 #include <unistd.h> | 15 #include <unistd.h> |
| 16 #include <sys/socket.h> |
16 | 17 |
17 #if defined(ANDROID) | 18 #if defined(ANDROID) |
18 // Work-around for buggy headers in Android's NDK | 19 // Work-around for buggy headers in Android's NDK |
19 #define __user | 20 #define __user |
20 #endif | 21 #endif |
21 #include <linux/futex.h> | 22 #include <linux/futex.h> |
22 | 23 |
23 #include <ostream> | 24 #include <ostream> |
24 | 25 |
25 #include "base/bind.h" | 26 #include "base/bind.h" |
(...skipping 620 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
646 | 647 |
647 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { | 648 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { |
648 // We use the SIGBUS bit in the signal mask as a thread-local boolean | 649 // We use the SIGBUS bit in the signal mask as a thread-local boolean |
649 // value in the implementation of UnsafeTrap(). This is obviously a bit | 650 // value in the implementation of UnsafeTrap(). This is obviously a bit |
650 // of a hack that could conceivably interfere with code that uses SIGBUS | 651 // of a hack that could conceivably interfere with code that uses SIGBUS |
651 // in more traditional ways. This test verifies that basic functionality | 652 // in more traditional ways. This test verifies that basic functionality |
652 // of SIGBUS is not impacted, but it is certainly possibly to construe | 653 // of SIGBUS is not impacted, but it is certainly possibly to construe |
653 // more complex uses of signals where our use of the SIGBUS mask is not | 654 // more complex uses of signals where our use of the SIGBUS mask is not |
654 // 100% transparent. This is expected behavior. | 655 // 100% transparent. This is expected behavior. |
655 int fds[2]; | 656 int fds[2]; |
656 BPF_ASSERT(pipe(fds) == 0); | 657 BPF_ASSERT(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0); |
657 bus_handler_fd_ = fds[1]; | 658 bus_handler_fd_ = fds[1]; |
658 struct sigaction sa = {}; | 659 struct sigaction sa = {}; |
659 sa.sa_sigaction = SigBusHandler; | 660 sa.sa_sigaction = SigBusHandler; |
660 sa.sa_flags = SA_SIGINFO; | 661 sa.sa_flags = SA_SIGINFO; |
661 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); | 662 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); |
662 raise(SIGBUS); | 663 raise(SIGBUS); |
663 char c = '\000'; | 664 char c = '\000'; |
664 BPF_ASSERT(read(fds[0], &c, 1) == 1); | 665 BPF_ASSERT(read(fds[0], &c, 1) == 1); |
665 BPF_ASSERT(close(fds[0]) == 0); | 666 BPF_ASSERT(close(fds[0]) == 0); |
666 BPF_ASSERT(close(fds[1]) == 0); | 667 BPF_ASSERT(close(fds[1]) == 0); |
(...skipping 1307 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1974 if (SandboxBPF::SupportsSeccompSandbox(-1) != | 1975 if (SandboxBPF::SupportsSeccompSandbox(-1) != |
1975 sandbox::SandboxBPF::STATUS_AVAILABLE) { | 1976 sandbox::SandboxBPF::STATUS_AVAILABLE) { |
1976 return; | 1977 return; |
1977 } | 1978 } |
1978 | 1979 |
1979 #if defined(__arm__) | 1980 #if defined(__arm__) |
1980 printf("This test is currently disabled on ARM due to a kernel bug."); | 1981 printf("This test is currently disabled on ARM due to a kernel bug."); |
1981 return; | 1982 return; |
1982 #endif | 1983 #endif |
1983 | 1984 |
| 1985 #if defined(__mips__) |
| 1986 // TODO: Figure out how to support specificity of handeling indirect syscalls |
| 1987 // in this test and enable it. |
| 1988 printf("This test is currently disabled on MIPS."); |
| 1989 return; |
| 1990 #endif |
| 1991 |
1984 pid_t pid = fork(); | 1992 pid_t pid = fork(); |
1985 BPF_ASSERT_NE(-1, pid); | 1993 BPF_ASSERT_NE(-1, pid); |
1986 if (pid == 0) { | 1994 if (pid == 0) { |
1987 pid_t my_pid = getpid(); | 1995 pid_t my_pid = getpid(); |
1988 BPF_ASSERT_NE(-1, ptrace(PTRACE_TRACEME, -1, NULL, NULL)); | 1996 BPF_ASSERT_NE(-1, ptrace(PTRACE_TRACEME, -1, NULL, NULL)); |
1989 BPF_ASSERT_EQ(0, raise(SIGSTOP)); | 1997 BPF_ASSERT_EQ(0, raise(SIGSTOP)); |
1990 SandboxBPF sandbox; | 1998 SandboxBPF sandbox; |
1991 sandbox.SetSandboxPolicy(new TraceAllPolicy); | 1999 sandbox.SetSandboxPolicy(new TraceAllPolicy); |
1992 BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); | 2000 BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); |
1993 | 2001 |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2055 break; | 2063 break; |
2056 } | 2064 } |
2057 | 2065 |
2058 BPF_ASSERT_NE(-1, ptrace(PTRACE_CONT, pid, NULL, NULL)); | 2066 BPF_ASSERT_NE(-1, ptrace(PTRACE_CONT, pid, NULL, NULL)); |
2059 } | 2067 } |
2060 } | 2068 } |
2061 | 2069 |
2062 } // namespace | 2070 } // namespace |
2063 | 2071 |
2064 } // namespace sandbox | 2072 } // namespace sandbox |
OLD | NEW |