Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/yama_unittests.cc

Issue 375913002: build fix (see r281666) (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <errno.h> 5 #include <errno.h>
6 #include <fcntl.h> 6 #include <fcntl.h>
7 #include <sys/ptrace.h> 7 #include <sys/ptrace.h>
8 #include <sys/stat.h> 8 #include <sys/stat.h>
9 #include <sys/types.h> 9 #include <sys/types.h>
10 #include <unistd.h> 10 #include <unistd.h>
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 // Attempts to enable or disable Yama restrictions. 122 // Attempts to enable or disable Yama restrictions.
123 void SetYamaRestrictions(bool enable_restriction) { 123 void SetYamaRestrictions(bool enable_restriction) {
124 if (enable_restriction) { 124 if (enable_restriction) {
125 Yama::RestrictPtracersToAncestors(); 125 Yama::RestrictPtracersToAncestors();
126 } else { 126 } else {
127 Yama::DisableYamaRestrictions(); 127 Yama::DisableYamaRestrictions();
128 } 128 }
129 } 129 }
130 130
131 TEST(Yama, RestrictPtraceWorks) { 131 TEST(Yama, RestrictPtraceWorks) {
132 if (HasLinux32Bug())
133 return;
134
132 ScopedProcess process1(base::Bind(&SetYamaRestrictions, true)); 135 ScopedProcess process1(base::Bind(&SetYamaRestrictions, true));
133 ASSERT_TRUE(process1.WaitForClosureToRun()); 136 ASSERT_TRUE(process1.WaitForClosureToRun());
134 137
135 if (Yama::IsEnforcing()) { 138 if (Yama::IsEnforcing()) {
136 // A sibling process cannot ptrace process1. 139 // A sibling process cannot ptrace process1.
137 ASSERT_FALSE(CanSubProcessPtrace(process1.GetPid())); 140 ASSERT_FALSE(CanSubProcessPtrace(process1.GetPid()));
138 } 141 }
139 142
140 if (!(Yama::GetStatus() & Yama::STATUS_STRICT_ENFORCING)) { 143 if (!(Yama::GetStatus() & Yama::STATUS_STRICT_ENFORCING)) {
141 // However, parent can ptrace process1. 144 // However, parent can ptrace process1.
142 ASSERT_TRUE(CanPtrace(process1.GetPid())); 145 ASSERT_TRUE(CanPtrace(process1.GetPid()));
143 146
144 // A sibling can ptrace process2 which disables any Yama protection. 147 // A sibling can ptrace process2 which disables any Yama protection.
145 ScopedProcess process2(base::Bind(&SetYamaRestrictions, false)); 148 ScopedProcess process2(base::Bind(&SetYamaRestrictions, false));
146 ASSERT_TRUE(process2.WaitForClosureToRun()); 149 ASSERT_TRUE(process2.WaitForClosureToRun());
147 ASSERT_TRUE(CanSubProcessPtrace(process2.GetPid())); 150 ASSERT_TRUE(CanSubProcessPtrace(process2.GetPid()));
148 } 151 }
149 } 152 }
150 153
151 void DoNothing() {} 154 void DoNothing() {}
152 155
153 SANDBOX_TEST(Yama, RestrictPtraceIsDefault) { 156 SANDBOX_TEST(Yama, RestrictPtraceIsDefault) {
154 if (!Yama::IsPresent()) 157 if (!Yama::IsPresent() || HasLinux32Bug())
155 return; 158 return;
156 159
157 CHECK(Yama::DisableYamaRestrictions()); 160 CHECK(Yama::DisableYamaRestrictions());
158 ScopedProcess process1(base::Bind(&DoNothing)); 161 ScopedProcess process1(base::Bind(&DoNothing));
159 162
160 if (Yama::IsEnforcing()) { 163 if (Yama::IsEnforcing()) {
161 // Check that process1 is protected by Yama, even though it has 164 // Check that process1 is protected by Yama, even though it has
162 // been created from a process that disabled Yama. 165 // been created from a process that disabled Yama.
163 CHECK(!CanSubProcessPtrace(process1.GetPid())); 166 CHECK(!CanSubProcessPtrace(process1.GetPid()));
164 } 167 }
165 } 168 }
166 169
167 } // namespace 170 } // namespace
168 171
169 } // namespace sandbox 172 } // namespace sandbox
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698