| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <linux/futex.h> | 8 #include <linux/futex.h> |
| 9 #include <sched.h> | 9 #include <sched.h> |
| 10 #include <signal.h> | 10 #include <signal.h> |
| 11 #include <string.h> | 11 #include <string.h> |
| 12 #include <sys/prctl.h> | 12 #include <sys/prctl.h> |
| 13 #include <sys/resource.h> |
| 13 #include <sys/socket.h> | 14 #include <sys/socket.h> |
| 14 #include <sys/stat.h> | 15 #include <sys/stat.h> |
| 15 #include <sys/syscall.h> | 16 #include <sys/syscall.h> |
| 16 #include <sys/time.h> | 17 #include <sys/time.h> |
| 17 #include <sys/types.h> | 18 #include <sys/types.h> |
| 18 #include <sys/wait.h> | 19 #include <sys/wait.h> |
| 19 #include <unistd.h> | 20 #include <unistd.h> |
| 20 | 21 |
| 21 #include "base/files/scoped_file.h" | 22 #include "base/files/scoped_file.h" |
| 22 #include "base/macros.h" | 23 #include "base/macros.h" |
| (...skipping 271 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 294 #endif | 295 #endif |
| 295 | 296 |
| 296 BPF_DEATH_TEST_C(BaselinePolicy, | 297 BPF_DEATH_TEST_C(BaselinePolicy, |
| 297 PrctlSigsys, | 298 PrctlSigsys, |
| 298 DEATH_SEGV_MESSAGE(GetPrctlErrorMessageContentForTests()), | 299 DEATH_SEGV_MESSAGE(GetPrctlErrorMessageContentForTests()), |
| 299 BaselinePolicy) { | 300 BaselinePolicy) { |
| 300 prctl(PR_CAPBSET_READ, 0, 0, 0, 0); | 301 prctl(PR_CAPBSET_READ, 0, 0, 0, 0); |
| 301 _exit(1); | 302 _exit(1); |
| 302 } | 303 } |
| 303 | 304 |
| 305 BPF_TEST_C(BaselinePolicy, GetOrSetPriority, BaselinePolicy) { |
| 306 errno = 0; |
| 307 const int original_prio = getpriority(PRIO_PROCESS, 0); |
| 308 // Check errno instead of the return value since this system call can return |
| 309 // -1 as a valid value. |
| 310 BPF_ASSERT_EQ(0, errno); |
| 311 |
| 312 errno = 0; |
| 313 int rc = getpriority(PRIO_PROCESS, getpid()); |
| 314 BPF_ASSERT_EQ(0, errno); |
| 315 |
| 316 rc = getpriority(PRIO_PROCESS, getpid() + 1); |
| 317 BPF_ASSERT_EQ(-1, rc); |
| 318 BPF_ASSERT_EQ(EPERM, errno); |
| 319 |
| 320 rc = setpriority(PRIO_PROCESS, 0, original_prio); |
| 321 BPF_ASSERT_EQ(0, rc); |
| 322 |
| 323 rc = setpriority(PRIO_PROCESS, getpid(), original_prio); |
| 324 BPF_ASSERT_EQ(0, rc); |
| 325 |
| 326 errno = 0; |
| 327 rc = setpriority(PRIO_PROCESS, getpid() + 1, original_prio); |
| 328 BPF_ASSERT_EQ(-1, rc); |
| 329 BPF_ASSERT_EQ(EPERM, errno); |
| 330 } |
| 331 |
| 332 BPF_DEATH_TEST_C(BaselinePolicy, |
| 333 GetPrioritySigsys, |
| 334 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()), |
| 335 BaselinePolicy) { |
| 336 getpriority(PRIO_USER, 0); |
| 337 _exit(1); |
| 338 } |
| 339 |
| 304 } // namespace | 340 } // namespace |
| 305 | 341 |
| 306 } // namespace sandbox | 342 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 430363003:
Linux sandbox: restrict setpriority() in baseline policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src