Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(629)

Side by Side Diff: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc

Issue 298163008: Non-SFI NaCl: Allow CLOCK_SYSTEM_TRACE on Chrome OS (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // ASan internally uses some syscalls which non-SFI NaCl disallows. 5 // ASan internally uses some syscalls which non-SFI NaCl disallows.
6 // Seccomp-BPF tests die under TSan v2. See http://crbug.com/356588 6 // Seccomp-BPF tests die under TSan v2. See http://crbug.com/356588
7 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) 7 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER)
8 8
9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h"
10 10
(...skipping 15 matching lines...) Expand all
26 #include <unistd.h> 26 #include <unistd.h>
27 27
28 #include "base/bind.h" 28 #include "base/bind.h"
29 #include "base/callback.h" 29 #include "base/callback.h"
30 #include "base/compiler_specific.h" 30 #include "base/compiler_specific.h"
31 #include "base/files/scoped_file.h" 31 #include "base/files/scoped_file.h"
32 #include "base/logging.h" 32 #include "base/logging.h"
33 #include "base/posix/eintr_wrapper.h" 33 #include "base/posix/eintr_wrapper.h"
34 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 34 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
35 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 35 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
36 #include "sandbox/linux/services/linux_syscalls.h"
36 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK 37 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
37 38
38 namespace { 39 namespace {
39 40
40 void DoPipe(base::ScopedFD* fds) { 41 void DoPipe(base::ScopedFD* fds) {
41 int tmp_fds[2]; 42 int tmp_fds[2];
42 BPF_ASSERT_EQ(0, pipe(tmp_fds)); 43 BPF_ASSERT_EQ(0, pipe(tmp_fds));
43 fds[0].reset(tmp_fds[0]); 44 fds[0].reset(tmp_fds[0]);
44 fds[1].reset(tmp_fds[1]); 45 fds[1].reset(tmp_fds[1]);
45 } 46 }
(...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after
401 BPF_ASSERT_LE(0, ts.tv_nsec); 402 BPF_ASSERT_LE(0, ts.tv_nsec);
402 } 403 }
403 404
404 BPF_TEST_C(NaClNonSfiSandboxTest, 405 BPF_TEST_C(NaClNonSfiSandboxTest,
405 clock_gettime_allowed, 406 clock_gettime_allowed,
406 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 407 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
407 CheckClock(CLOCK_MONOTONIC); 408 CheckClock(CLOCK_MONOTONIC);
408 CheckClock(CLOCK_PROCESS_CPUTIME_ID); 409 CheckClock(CLOCK_PROCESS_CPUTIME_ID);
409 CheckClock(CLOCK_REALTIME); 410 CheckClock(CLOCK_REALTIME);
410 CheckClock(CLOCK_THREAD_CPUTIME_ID); 411 CheckClock(CLOCK_THREAD_CPUTIME_ID);
412 #if defined(OS_CHROMEOS)
413 CheckClock(CLOCK_SYSTEM_TRACE);
414 #endif
411 } 415 }
412 416
413 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 417 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
414 clock_gettime_crash_monotonic_raw, 418 clock_gettime_crash_monotonic_raw,
415 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 419 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
416 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 420 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
417 struct timespec ts; 421 struct timespec ts;
418 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); 422 clock_gettime(CLOCK_MONOTONIC_RAW, &ts);
419 } 423 }
420 424
425 #if !defined(OS_CHROMEOS)
426 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
427 clock_gettime_crash_system_trace,
428 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
429 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
430 struct timespec ts;
431 clock_gettime(CLOCK_SYSTEM_TRACE, &ts);
432 }
433 #endif
434
421 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 435 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest,
422 clock_gettime_crash_cpu_clock, 436 clock_gettime_crash_cpu_clock,
423 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 437 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
424 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 438 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) {
425 // We can't use clock_getcpuclockid() because it's not implemented in newlib, 439 // We can't use clock_getcpuclockid() because it's not implemented in newlib,
426 // and it might not work inside the sandbox anyway. 440 // and it might not work inside the sandbox anyway.
427 const pid_t kInitPID = 1; 441 const pid_t kInitPID = 1;
428 const clockid_t kInitCPUClockID = 442 const clockid_t kInitCPUClockID =
429 MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED); 443 MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED);
430 444
(...skipping 27 matching lines...) Expand all
458 RESTRICT_SYSCALL_EPERM_TEST(open); 472 RESTRICT_SYSCALL_EPERM_TEST(open);
459 RESTRICT_SYSCALL_EPERM_TEST(ptrace); 473 RESTRICT_SYSCALL_EPERM_TEST(ptrace);
460 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); 474 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list);
461 #if defined(__i386__) || defined(__x86_64__) 475 #if defined(__i386__) || defined(__x86_64__)
462 RESTRICT_SYSCALL_EPERM_TEST(time); 476 RESTRICT_SYSCALL_EPERM_TEST(time);
463 #endif 477 #endif
464 478
465 } // namespace 479 } // namespace
466 480
467 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER 481 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698