Chromium Code Reviews

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/bpf_dsl_unittest.cc

Issue 299683004: Rewrite all BPF policies to use DSL API Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Overhaul of DSL and implementation Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/bpf_dsl.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/bpf_dsl.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/bpf_dsl.h"
6 6
7 #include <netinet/in.h> 7 #include <netinet/in.h>
8 #include <sys/socket.h> 8 #include <sys/socket.h>
9 9
10 #include "base/macros.h" 10 #include "base/macros.h"
11 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 11 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
12 #include "sandbox/linux/seccomp-bpf/errorcode.h" 12 #include "sandbox/linux/seccomp-bpf/errorcode.h"
13 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" 13 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
14 14
15 namespace sandbox { 15 namespace sandbox {
16 16
17 namespace bpf_dsl {
18
17 namespace { 19 namespace {
18 20
19 class BasicPolicy : public SandboxBPFPolicy { 21 class BasicPolicy : public SandboxBPFPolicyDSL {
20 public: 22 public:
21 BasicPolicy() {} 23 BasicPolicy() {}
22 virtual ErrorCode EvaluateSyscall(SandboxBPF* sb, int sysno) const OVERRIDE { 24 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
23 if (sysno == __NR_getpgid) { 25 if (sysno == __NR_getpgid) {
24 const Arg<pid_t> pid(0); 26 const Arg<pid_t> pid(0);
25 return DSL(sb) 27 return If(pid == 0).Then(
26 .If(pid == 0).Then( 28 Error(EPERM)
27 ErrorCode(EPERM) 29 ).Else(
28 ).Else( 30 Error(EINVAL)
29 ErrorCode(EINVAL) 31 );
30 );
31 } 32 }
32 return ErrorCode(ErrorCode::ERR_ALLOWED); 33 return Allow();
33 } 34 }
34 35
35 private: 36 private:
36 DISALLOW_COPY_AND_ASSIGN(BasicPolicy); 37 DISALLOW_COPY_AND_ASSIGN(BasicPolicy);
37 }; 38 };
38 39
39 BPF_TEST_C(BPFDSL, Basic, BasicPolicy) { 40 BPF_TEST_C(BPFDSL, Basic, BasicPolicy) {
40 BPF_ASSERT_EQ(-1, getpgid(0)); 41 BPF_ASSERT_EQ(-1, getpgid(0));
41 BPF_ASSERT_EQ(EPERM, errno); 42 BPF_ASSERT_EQ(EPERM, errno);
42 43
43 BPF_ASSERT_EQ(-1, getpgid(1)); 44 BPF_ASSERT_EQ(-1, getpgid(1));
44 BPF_ASSERT_EQ(EINVAL, errno); 45 BPF_ASSERT_EQ(EINVAL, errno);
45 } 46 }
46 47
47 class FancyPolicy : public SandboxBPFPolicy { 48 class FancyPolicy : public SandboxBPFPolicyDSL {
48 public: 49 public:
49 FancyPolicy() {} 50 FancyPolicy() {}
50 virtual ErrorCode EvaluateSyscall(SandboxBPF* sb, int sysno) const OVERRIDE { 51 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
51 if (sysno == __NR_socketpair) { 52 if (sysno == __NR_socketpair) {
52 const Arg<int> domain(0), type(1), protocol(2); 53 const Arg<int> domain(0), type(1), protocol(2);
53 return DSL(sb) 54 return If(domain == AF_UNIX &&
54 .If(domain == AF_UNIX && 55 (type == SOCK_STREAM || type == SOCK_DGRAM) &&
55 (type == SOCK_STREAM || type == SOCK_DGRAM) && 56 protocol == 0).Then(
56 protocol == 0).Then( 57 Error(EPERM)
57 ErrorCode(EPERM) 58 ).Else(
58 ).Else( 59 Error(EINVAL)
59 ErrorCode(EINVAL) 60 );
60 );
61 } 61 }
62 return ErrorCode(ErrorCode::ERR_ALLOWED); 62 return Allow();
63 } 63 }
64 64
65 private: 65 private:
66 DISALLOW_COPY_AND_ASSIGN(FancyPolicy); 66 DISALLOW_COPY_AND_ASSIGN(FancyPolicy);
67 }; 67 };
68 68
69 void AssertSocketPairError(int expected_errno, 69 void AssertSocketPairError(int expected_errno,
70 int domain, 70 int domain,
71 int type, 71 int type,
72 int protocol) { 72 int protocol) {
(...skipping 11 matching lines...)
84 AssertSocketPairError(EINVAL, AF_INET, SOCK_STREAM, 0); 84 AssertSocketPairError(EINVAL, AF_INET, SOCK_STREAM, 0);
85 AssertSocketPairError(EINVAL, AF_UNIX, SOCK_SEQPACKET, 0); 85 AssertSocketPairError(EINVAL, AF_UNIX, SOCK_SEQPACKET, 0);
86 AssertSocketPairError(EINVAL, AF_UNIX, SOCK_STREAM, IPPROTO_TCP); 86 AssertSocketPairError(EINVAL, AF_UNIX, SOCK_STREAM, IPPROTO_TCP);
87 87
88 // Completely unacceptable combination; should also return EINVAL. 88 // Completely unacceptable combination; should also return EINVAL.
89 AssertSocketPairError(EINVAL, AF_INET, SOCK_SEQPACKET, IPPROTO_UDP); 89 AssertSocketPairError(EINVAL, AF_INET, SOCK_SEQPACKET, IPPROTO_UDP);
90 } 90 }
91 91
92 } // namespace 92 } // namespace
93 93
94 } // namespace bpf_dsl
95
94 } // namespace sandbox 96 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/bpf_dsl.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | no next file with comments »

Powered by Google App Engine