OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // ASan internally uses some syscalls which non-SFI NaCl disallows. | 5 // ASan internally uses some syscalls which non-SFI NaCl disallows. |
6 // Seccomp-BPF tests die under TSan v2. See http://crbug.com/356588 | 6 // Seccomp-BPF tests die under TSan v2. See http://crbug.com/356588 |
7 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) | 7 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) |
8 | 8 |
9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
10 | 10 |
(...skipping 15 matching lines...) Expand all Loading... |
26 #include <unistd.h> | 26 #include <unistd.h> |
27 | 27 |
28 #include "base/bind.h" | 28 #include "base/bind.h" |
29 #include "base/callback.h" | 29 #include "base/callback.h" |
30 #include "base/compiler_specific.h" | 30 #include "base/compiler_specific.h" |
31 #include "base/files/scoped_file.h" | 31 #include "base/files/scoped_file.h" |
32 #include "base/logging.h" | 32 #include "base/logging.h" |
33 #include "base/posix/eintr_wrapper.h" | 33 #include "base/posix/eintr_wrapper.h" |
34 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 34 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
35 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 35 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 36 #include "sandbox/linux/services/linux_syscalls.h" |
36 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK | 37 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK |
37 | 38 |
38 namespace { | 39 namespace { |
39 | 40 |
40 void DoPipe(base::ScopedFD* fds) { | 41 void DoPipe(base::ScopedFD* fds) { |
41 int tmp_fds[2]; | 42 int tmp_fds[2]; |
42 BPF_ASSERT_EQ(0, pipe(tmp_fds)); | 43 BPF_ASSERT_EQ(0, pipe(tmp_fds)); |
43 fds[0].reset(tmp_fds[0]); | 44 fds[0].reset(tmp_fds[0]); |
44 fds[1].reset(tmp_fds[1]); | 45 fds[1].reset(tmp_fds[1]); |
45 } | 46 } |
(...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
401 BPF_ASSERT_LE(0, ts.tv_nsec); | 402 BPF_ASSERT_LE(0, ts.tv_nsec); |
402 } | 403 } |
403 | 404 |
404 BPF_TEST_C(NaClNonSfiSandboxTest, | 405 BPF_TEST_C(NaClNonSfiSandboxTest, |
405 clock_gettime_allowed, | 406 clock_gettime_allowed, |
406 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 407 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
407 CheckClock(CLOCK_MONOTONIC); | 408 CheckClock(CLOCK_MONOTONIC); |
408 CheckClock(CLOCK_PROCESS_CPUTIME_ID); | 409 CheckClock(CLOCK_PROCESS_CPUTIME_ID); |
409 CheckClock(CLOCK_REALTIME); | 410 CheckClock(CLOCK_REALTIME); |
410 CheckClock(CLOCK_THREAD_CPUTIME_ID); | 411 CheckClock(CLOCK_THREAD_CPUTIME_ID); |
| 412 #if defined(OS_CHROMEOS) |
| 413 CheckClock(CLOCK_SYSTEM_TRACE); |
| 414 #endif |
411 } | 415 } |
412 | 416 |
413 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 417 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
414 clock_gettime_crash_monotonic_raw, | 418 clock_gettime_crash_monotonic_raw, |
415 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 419 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
416 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 420 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
417 struct timespec ts; | 421 struct timespec ts; |
418 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); | 422 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); |
419 } | 423 } |
420 | 424 |
| 425 #if !defined(OS_CHROMEOS) |
| 426 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 427 clock_gettime_crash_system_trace, |
| 428 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 429 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 430 struct timespec ts; |
| 431 clock_gettime(CLOCK_SYSTEM_TRACE, &ts); |
| 432 } |
| 433 #endif |
| 434 |
421 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 435 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
422 clock_gettime_crash_cpu_clock, | 436 clock_gettime_crash_cpu_clock, |
423 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 437 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
424 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 438 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
425 // We can't use clock_getcpuclockid() because it's not implemented in newlib, | 439 // We can't use clock_getcpuclockid() because it's not implemented in newlib, |
426 // and it might not work inside the sandbox anyway. | 440 // and it might not work inside the sandbox anyway. |
427 const pid_t kInitPID = 1; | 441 const pid_t kInitPID = 1; |
428 const clockid_t kInitCPUClockID = | 442 const clockid_t kInitCPUClockID = |
429 MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED); | 443 MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED); |
430 | 444 |
(...skipping 27 matching lines...) Expand all Loading... |
458 RESTRICT_SYSCALL_EPERM_TEST(open); | 472 RESTRICT_SYSCALL_EPERM_TEST(open); |
459 RESTRICT_SYSCALL_EPERM_TEST(ptrace); | 473 RESTRICT_SYSCALL_EPERM_TEST(ptrace); |
460 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); | 474 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); |
461 #if defined(__i386__) || defined(__x86_64__) | 475 #if defined(__i386__) || defined(__x86_64__) |
462 RESTRICT_SYSCALL_EPERM_TEST(time); | 476 RESTRICT_SYSCALL_EPERM_TEST(time); |
463 #endif | 477 #endif |
464 | 478 |
465 } // namespace | 479 } // namespace |
466 | 480 |
467 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER | 481 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER |
OLD | NEW |