[MIPS] Add seccomp bpf support

sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <errno.h>
 #include <pthread.h>
 #include <sched.h>
 #include <sys/prctl.h>
 #include <sys/syscall.h>
 #include <sys/time.h>
 #include <sys/types.h>
 #include <sys/utsname.h>
 #include <unistd.h>
+#include <sys/socket.h>
 
 #if defined(ANDROID)
 // Work-around for buggy headers in Android's NDK
 #define __user
 #endif
 #include <linux/futex.h>
 
 #include <ostream>
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "build/build_config.h"
 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
+#include "sandbox/linux/seccomp-bpf/kernel_return_value_helpers.h"
 #include "sandbox/linux/seccomp-bpf/syscall.h"
 #include "sandbox/linux/seccomp-bpf/trap.h"
 #include "sandbox/linux/seccomp-bpf/verifier.h"
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 #include "sandbox/linux/tests/unit_tests.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 // Workaround for Android's prctl.h file.
 #ifndef PR_GET_ENDIAN
@@ skipping 604 matching lines @@
 
 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) {
   // We use the SIGBUS bit in the signal mask as a thread-local boolean
   // value in the implementation of UnsafeTrap(). This is obviously a bit
   // of a hack that could conceivably interfere with code that uses SIGBUS
   // in more traditional ways. This test verifies that basic functionality
   // of SIGBUS is not impacted, but it is certainly possibly to construe
   // more complex uses of signals where our use of the SIGBUS mask is not
   // 100% transparent. This is expected behavior.
   int fds[2];
-  BPF_ASSERT(pipe(fds) == 0);
+  BPF_ASSERT(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0);
   bus_handler_fd_ = fds[1];
   struct sigaction sa = {};
   sa.sa_sigaction = SigBusHandler;
   sa.sa_flags = SA_SIGINFO;
   BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0);
   raise(SIGBUS);
   char c = '\000';
   BPF_ASSERT(read(fds[0], &c, 1) == 1);
   BPF_ASSERT(close(fds[0]) == 0);
   BPF_ASSERT(close(fds[1]) == 0);
@@ skipping 1086 matching lines @@
         "%s\n",
         args.nr,
         (long long)args.args[0],
         (long long)args.args[1],
         (long long)args.args[2],
         (long long)args.args[3],
         (long long)args.args[4],
         (long long)args.args[5],
         msg);
   }
-  return -EPERM;
+  return ErrnoToKernelRet(EPERM);
 }
 
 class PthreadPolicyEquality : public SandboxBPFPolicy {
  public:
   PthreadPolicyEquality() {}
   virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
                                     int sysno) const OVERRIDE;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(PthreadPolicyEquality);
@@ skipping 119 matching lines @@
   // Attempt to fork() a process using clone(). This should fail. We use the
   // same flags that glibc uses when calling fork(). But we don't actually
   // try calling the fork() implementation in the C run-time library, as
   // run-time libraries other than glibc might call __NR_fork instead of
   // __NR_clone, and that would introduce a bogus test failure.
   int pid;
   BPF_ASSERT(SandboxSyscall(__NR_clone,
                             CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD,
                             0,
                             0,
-                            &pid) == -EPERM);
+                            &pid) == ErrnoToKernelRet(EPERM));
 }
 
 BPF_TEST_C(SandboxBPF, PthreadEquality, PthreadPolicyEquality) {
   PthreadTest();
 }
 
 BPF_TEST_C(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) {
   PthreadTest();
 }
 
 }  // namespace
 
 }  // namespace sandbox