OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <errno.h> | 5 #include <errno.h> |
6 #include <pthread.h> | 6 #include <pthread.h> |
7 #include <sched.h> | 7 #include <sched.h> |
8 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
9 #include <sys/syscall.h> | 9 #include <sys/syscall.h> |
10 #include <sys/time.h> | 10 #include <sys/time.h> |
11 #include <sys/types.h> | 11 #include <sys/types.h> |
12 #include <sys/utsname.h> | 12 #include <sys/utsname.h> |
13 #include <unistd.h> | 13 #include <unistd.h> |
14 #include <sys/socket.h> | |
14 | 15 |
15 #if defined(ANDROID) | 16 #if defined(ANDROID) |
16 // Work-around for buggy headers in Android's NDK | 17 // Work-around for buggy headers in Android's NDK |
17 #define __user | 18 #define __user |
18 #endif | 19 #endif |
19 #include <linux/futex.h> | 20 #include <linux/futex.h> |
20 | 21 |
21 #include <ostream> | 22 #include <ostream> |
22 | 23 |
23 #include "base/bind.h" | 24 #include "base/bind.h" |
24 #include "base/logging.h" | 25 #include "base/logging.h" |
25 #include "base/memory/scoped_ptr.h" | 26 #include "base/memory/scoped_ptr.h" |
26 #include "build/build_config.h" | 27 #include "build/build_config.h" |
27 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 28 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
28 #include "sandbox/linux/seccomp-bpf/syscall.h" | 29 #include "sandbox/linux/seccomp-bpf/syscall.h" |
29 #include "sandbox/linux/seccomp-bpf/trap.h" | 30 #include "sandbox/linux/seccomp-bpf/trap.h" |
30 #include "sandbox/linux/seccomp-bpf/verifier.h" | 31 #include "sandbox/linux/seccomp-bpf/verifier.h" |
31 #include "sandbox/linux/services/broker_process.h" | 32 #include "sandbox/linux/services/broker_process.h" |
33 #include "sandbox/linux/services/kernel_to_errno.h" | |
32 #include "sandbox/linux/services/linux_syscalls.h" | 34 #include "sandbox/linux/services/linux_syscalls.h" |
33 #include "sandbox/linux/tests/unit_tests.h" | 35 #include "sandbox/linux/tests/unit_tests.h" |
34 #include "testing/gtest/include/gtest/gtest.h" | 36 #include "testing/gtest/include/gtest/gtest.h" |
35 | 37 |
36 // Workaround for Android's prctl.h file. | 38 // Workaround for Android's prctl.h file. |
37 #ifndef PR_GET_ENDIAN | 39 #ifndef PR_GET_ENDIAN |
38 #define PR_GET_ENDIAN 19 | 40 #define PR_GET_ENDIAN 19 |
39 #endif | 41 #endif |
40 #ifndef PR_CAPBSET_READ | 42 #ifndef PR_CAPBSET_READ |
41 #define PR_CAPBSET_READ 23 | 43 #define PR_CAPBSET_READ 23 |
(...skipping 555 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
597 | 599 |
598 BPF_TEST(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { | 600 BPF_TEST(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { |
599 // We use the SIGBUS bit in the signal mask as a thread-local boolean | 601 // We use the SIGBUS bit in the signal mask as a thread-local boolean |
600 // value in the implementation of UnsafeTrap(). This is obviously a bit | 602 // value in the implementation of UnsafeTrap(). This is obviously a bit |
601 // of a hack that could conceivably interfere with code that uses SIGBUS | 603 // of a hack that could conceivably interfere with code that uses SIGBUS |
602 // in more traditional ways. This test verifies that basic functionality | 604 // in more traditional ways. This test verifies that basic functionality |
603 // of SIGBUS is not impacted, but it is certainly possibly to construe | 605 // of SIGBUS is not impacted, but it is certainly possibly to construe |
604 // more complex uses of signals where our use of the SIGBUS mask is not | 606 // more complex uses of signals where our use of the SIGBUS mask is not |
605 // 100% transparent. This is expected behavior. | 607 // 100% transparent. This is expected behavior. |
606 int fds[2]; | 608 int fds[2]; |
607 BPF_ASSERT(pipe(fds) == 0); | 609 BPF_ASSERT(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0); |
608 bus_handler_fd_ = fds[1]; | 610 bus_handler_fd_ = fds[1]; |
609 struct sigaction sa = {}; | 611 struct sigaction sa = {}; |
610 sa.sa_sigaction = SigBusHandler; | 612 sa.sa_sigaction = SigBusHandler; |
611 sa.sa_flags = SA_SIGINFO; | 613 sa.sa_flags = SA_SIGINFO; |
612 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); | 614 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); |
613 raise(SIGBUS); | 615 raise(SIGBUS); |
614 char c = '\000'; | 616 char c = '\000'; |
615 BPF_ASSERT(read(fds[0], &c, 1) == 1); | 617 BPF_ASSERT(read(fds[0], &c, 1) == 1); |
616 BPF_ASSERT(close(fds[0]) == 0); | 618 BPF_ASSERT(close(fds[0]) == 0); |
617 BPF_ASSERT(close(fds[1]) == 0); | 619 BPF_ASSERT(close(fds[1]) == 0); |
(...skipping 1051 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1669 "%s\n", | 1671 "%s\n", |
1670 args.nr, | 1672 args.nr, |
1671 (long long)args.args[0], | 1673 (long long)args.args[0], |
1672 (long long)args.args[1], | 1674 (long long)args.args[1], |
1673 (long long)args.args[2], | 1675 (long long)args.args[2], |
1674 (long long)args.args[3], | 1676 (long long)args.args[3], |
1675 (long long)args.args[4], | 1677 (long long)args.args[4], |
1676 (long long)args.args[5], | 1678 (long long)args.args[5], |
1677 msg); | 1679 msg); |
1678 } | 1680 } |
1679 return -EPERM; | 1681 return KernelRetToErrno(EPERM); |
jln (very slow on Chromium)
2014/05/16 19:30:17
ErrnoToKernelRet()
nedeljko
2014/05/22 17:38:55
Done.
| |
1680 } | 1682 } |
1681 ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) { | 1683 ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) { |
1682 // This policy allows creating threads with pthread_create(). But it | 1684 // This policy allows creating threads with pthread_create(). But it |
1683 // doesn't allow any other uses of clone(). Most notably, it does not | 1685 // doesn't allow any other uses of clone(). Most notably, it does not |
1684 // allow callers to implement fork() or vfork() by passing suitable flags | 1686 // allow callers to implement fork() or vfork() by passing suitable flags |
1685 // to the clone() system call. | 1687 // to the clone() system call. |
1686 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { | 1688 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { |
1687 // FIXME: we should really not have to do that in a trivial policy | 1689 // FIXME: we should really not have to do that in a trivial policy |
1688 return ErrorCode(ENOSYS); | 1690 return ErrorCode(ENOSYS); |
1689 } else if (sysno == __NR_clone) { | 1691 } else if (sysno == __NR_clone) { |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1792 // Attempt to fork() a process using clone(). This should fail. We use the | 1794 // Attempt to fork() a process using clone(). This should fail. We use the |
1793 // same flags that glibc uses when calling fork(). But we don't actually | 1795 // same flags that glibc uses when calling fork(). But we don't actually |
1794 // try calling the fork() implementation in the C run-time library, as | 1796 // try calling the fork() implementation in the C run-time library, as |
1795 // run-time libraries other than glibc might call __NR_fork instead of | 1797 // run-time libraries other than glibc might call __NR_fork instead of |
1796 // __NR_clone, and that would introduce a bogus test failure. | 1798 // __NR_clone, and that would introduce a bogus test failure. |
1797 int pid; | 1799 int pid; |
1798 BPF_ASSERT(SandboxSyscall(__NR_clone, | 1800 BPF_ASSERT(SandboxSyscall(__NR_clone, |
1799 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, | 1801 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, |
1800 0, | 1802 0, |
1801 0, | 1803 0, |
1802 &pid) == -EPERM); | 1804 &pid) == KernelRetToErrno(EPERM)); |
1803 } | 1805 } |
1804 | 1806 |
1805 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); } | 1807 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); } |
1806 | 1808 |
1807 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); } | 1809 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); } |
1808 | 1810 |
1809 } // namespace | 1811 } // namespace |
1810 | 1812 |
1811 } // namespace sandbox | 1813 } // namespace sandbox |
OLD | NEW |