Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(131)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/yama_unittests.cc

Issue 371113003: Disable yama on 3.2 kernels with 32bit userland and 64bit kernel. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« sandbox/linux/services/yama.cc ('K') | « sandbox/linux/services/yama.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <errno.h> 5 #include <errno.h>
6 #include <fcntl.h> 6 #include <fcntl.h>
7 #include <sys/ptrace.h> 7 #include <sys/ptrace.h>
8 #include <sys/stat.h> 8 #include <sys/stat.h>
9 #include <sys/types.h> 9 #include <sys/types.h>
10 #include <unistd.h> 10 #include <unistd.h>
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
65 ASSERT_GE(Yama::STATUS_KNOWN | Yama::STATUS_PRESENT | Yama::STATUS_ENFORCING | 65 ASSERT_GE(Yama::STATUS_KNOWN | Yama::STATUS_PRESENT | Yama::STATUS_ENFORCING |
66 Yama::STATUS_STRICT_ENFORCING, 66 Yama::STATUS_STRICT_ENFORCING,
67 status1); 67 status1);
68 68
69 // The status should not just be a random value. 69 // The status should not just be a random value.
70 int status2 = Yama::GetStatus(); 70 int status2 = Yama::GetStatus();
71 EXPECT_EQ(status1, status2); 71 EXPECT_EQ(status1, status2);
72 72
73 // This test is not running sandboxed, there is no reason to not know the 73 // This test is not running sandboxed, there is no reason to not know the
74 // status. 74 // status.
75 EXPECT_NE(0, Yama::STATUS_KNOWN & status1); 75 if (!Yama::HasLinux32Bug()) {
Jorge Lucangeli Obes 2014/07/08 04:14:28 GetStatus should still work as before.
76 EXPECT_NE(0, Yama::STATUS_KNOWN & status1);
77 }
76 78
77 if (status1 & Yama::STATUS_STRICT_ENFORCING) { 79 if (status1 & Yama::STATUS_STRICT_ENFORCING) {
78 // If Yama is strictly enforcing, it is also enforcing. 80 // If Yama is strictly enforcing, it is also enforcing.
79 EXPECT_TRUE(status1 & Yama::STATUS_ENFORCING); 81 EXPECT_TRUE(status1 & Yama::STATUS_ENFORCING);
80 } 82 }
81 83
82 if (status1 & Yama::STATUS_ENFORCING) { 84 if (status1 & Yama::STATUS_ENFORCING) {
83 // If Yama is enforcing, Yama is present. 85 // If Yama is enforcing, Yama is present.
84 EXPECT_NE(0, status1 & Yama::STATUS_PRESENT); 86 EXPECT_NE(0, status1 & Yama::STATUS_PRESENT);
85 } 87 }
(...skipping 19 matching lines...) Expand all
105 // Attempts to enable or disable Yama restrictions. 107 // Attempts to enable or disable Yama restrictions.
106 void SetYamaRestrictions(bool enable_restriction) { 108 void SetYamaRestrictions(bool enable_restriction) {
107 if (enable_restriction) { 109 if (enable_restriction) {
108 Yama::RestrictPtracersToAncestors(); 110 Yama::RestrictPtracersToAncestors();
109 } else { 111 } else {
110 Yama::DisableYamaRestrictions(); 112 Yama::DisableYamaRestrictions();
111 } 113 }
112 } 114 }
113 115
114 TEST(Yama, RestrictPtraceWorks) { 116 TEST(Yama, RestrictPtraceWorks) {
117 if (!Yama::IsPresent())
Jorge Lucangeli Obes 2014/07/08 04:14:28 This is where we should be if-casing 3.2 kernels.
118 return;
119
115 ScopedProcess process1(base::Bind(&SetYamaRestrictions, true)); 120 ScopedProcess process1(base::Bind(&SetYamaRestrictions, true));
116 ASSERT_TRUE(process1.WaitForClosureToRun()); 121 ASSERT_TRUE(process1.WaitForClosureToRun());
117 122
118 if (Yama::IsEnforcing()) { 123 if (Yama::IsEnforcing()) {
119 // A sibling process cannot ptrace process1. 124 // A sibling process cannot ptrace process1.
120 ASSERT_FALSE(CanSubProcessPtrace(process1.GetPid())); 125 ASSERT_FALSE(CanSubProcessPtrace(process1.GetPid()));
121 } 126 }
122 127
123 if (!(Yama::GetStatus() & Yama::STATUS_STRICT_ENFORCING)) { 128 if (!(Yama::GetStatus() & Yama::STATUS_STRICT_ENFORCING)) {
124 // However, parent can ptrace process1. 129 // However, parent can ptrace process1.
(...skipping 18 matching lines...) Expand all
143 if (Yama::IsEnforcing()) { 148 if (Yama::IsEnforcing()) {
144 // Check that process1 is protected by Yama, even though it has 149 // Check that process1 is protected by Yama, even though it has
145 // been created from a process that disabled Yama. 150 // been created from a process that disabled Yama.
146 CHECK(!CanSubProcessPtrace(process1.GetPid())); 151 CHECK(!CanSubProcessPtrace(process1.GetPid()));
147 } 152 }
148 } 153 }
149 154
150 } // namespace 155 } // namespace
151 156
152 } // namespace sandbox 157 } // namespace sandbox
OLDNEW
« sandbox/linux/services/yama.cc ('K') | « sandbox/linux/services/yama.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698