sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc - Issue 487143003: sandbox: Add Arm64 support for seccomp-BPF

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc

Issue 487143003: sandbox: Add Arm64 support for seccomp-BPF (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Remove IsArchitectureArm64 Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_sets.h » ('j') | sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"	5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8 #include <linux/futex.h>	8 #include <linux/futex.h>

9 #include <sched.h>	9 #include <sched.h>

10 #include <signal.h>	10 #include <signal.h>

(...skipping 158 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
169 int sys_ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sv);	169 int sys_ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sv);

170 BPF_ASSERT_EQ(0, sys_ret);	170 BPF_ASSERT_EQ(0, sys_ret);

171 TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1]));	171 TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1]));

172	172

173 sys_ret = socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sv);	173 sys_ret = socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sv);

174 BPF_ASSERT_EQ(0, sys_ret);	174 BPF_ASSERT_EQ(0, sys_ret);

175 TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1]));	175 TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1]));

176 }	176 }

177	177

178 // Not all architectures can restrict the domain for socketpair().	178 // Not all architectures can restrict the domain for socketpair().

179 #if defined(__x86_64__) \|\| defined(__arm__)	179 #if defined(__x86_64__) \|\| defined(__arm__) \|\| defined(__aarch64__)

180 BPF_DEATH_TEST_C(BaselinePolicy,	180 BPF_DEATH_TEST_C(BaselinePolicy,

181 SocketpairWrongDomain,	181 SocketpairWrongDomain,

182 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()),	182 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()),

183 BaselinePolicy) {	183 BaselinePolicy) {

184 int sv[2];	184 int sv[2];

185 ignore_result(socketpair(AF_INET, SOCK_STREAM, 0, sv));	185 ignore_result(socketpair(AF_INET, SOCK_STREAM, 0, sv));

186 _exit(1);	186 _exit(1);

187 }	187 }

188 #endif // defined(__x86_64__) \|\| defined(__arm__)	188 #endif // defined(__x86_64__) \|\| defined(__arm__) \|\| defined(__aarch64__)

189	189

190 BPF_TEST_C(BaselinePolicy, EPERM_open, BaselinePolicy) {	190 BPF_TEST_C(BaselinePolicy, EPERM_open, BaselinePolicy) {

191 errno = 0;	191 errno = 0;

192 int sys_ret = open("/proc/cpuinfo", O_RDONLY);	192 int sys_ret = open("/proc/cpuinfo", O_RDONLY);

193 BPF_ASSERT_EQ(-1, sys_ret);	193 BPF_ASSERT_EQ(-1, sys_ret);

194 BPF_ASSERT_EQ(EPERM, errno);	194 BPF_ASSERT_EQ(EPERM, errno);

195 }	195 }

196	196

197 BPF_TEST_C(BaselinePolicy, EPERM_access, BaselinePolicy) {	197 BPF_TEST_C(BaselinePolicy, EPERM_access, BaselinePolicy) {

198 errno = 0;	198 errno = 0;

(...skipping 30 matching lines...) Expand all Loading...
229 BaselinePolicy) { \	229 BaselinePolicy) { \

230 syscall(sysno, 0, 0, 0, 0, 0, 0); \	230 syscall(sysno, 0, 0, 0, 0, 0, 0); \

231 _exit(1); \	231 _exit(1); \

232 }	232 }

233	233

234 TEST_BASELINE_SIGSYS(__NR_syslog);	234 TEST_BASELINE_SIGSYS(__NR_syslog);

235 TEST_BASELINE_SIGSYS(__NR_sched_setaffinity);	235 TEST_BASELINE_SIGSYS(__NR_sched_setaffinity);

236 TEST_BASELINE_SIGSYS(__NR_timer_create);	236 TEST_BASELINE_SIGSYS(__NR_timer_create);

237 TEST_BASELINE_SIGSYS(__NR_io_cancel);	237 TEST_BASELINE_SIGSYS(__NR_io_cancel);

238 TEST_BASELINE_SIGSYS(__NR_ptrace);	238 TEST_BASELINE_SIGSYS(__NR_ptrace);

	239 #if !defined(__aarch64__)
	jln (very slow on Chromium) 2014/08/21 19:04:53 I'm not sure why this list is not sorted (almost c I'm not sure why this list is not sorted (almost certainly my fault). Let's sort it please, and extract the non aarch64 ones and put them under (after a vertical whitespace) in a new "section". leecam 2014/08/22 10:44:17 Done. Show quoted text On 2014/08/21 19:04:53, jln wrote: > I'm not sure why this list is not sorted (almost certainly my fault). > > Let's sort it please, and extract the non aarch64 ones and put them under (after > a vertical whitespace) in a new "section". Done.
239 TEST_BASELINE_SIGSYS(__NR_eventfd);	240 TEST_BASELINE_SIGSYS(__NR_eventfd);

	241 TEST_BASELINE_SIGSYS(__NR_inotify_init);

	242 TEST_BASELINE_SIGSYS(__NR_vserver);

	243 #endif

240 TEST_BASELINE_SIGSYS(__NR_fgetxattr);	244 TEST_BASELINE_SIGSYS(__NR_fgetxattr);

241 TEST_BASELINE_SIGSYS(__NR_fanotify_init);	245 TEST_BASELINE_SIGSYS(__NR_fanotify_init);

242 TEST_BASELINE_SIGSYS(__NR_swapon);	246 TEST_BASELINE_SIGSYS(__NR_swapon);

243 TEST_BASELINE_SIGSYS(__NR_chroot);	247 TEST_BASELINE_SIGSYS(__NR_chroot);

244 TEST_BASELINE_SIGSYS(__NR_acct);	248 TEST_BASELINE_SIGSYS(__NR_acct);

245 TEST_BASELINE_SIGSYS(__NR_sysinfo);	249 TEST_BASELINE_SIGSYS(__NR_sysinfo);

246 TEST_BASELINE_SIGSYS(__NR_inotify_init);

247 TEST_BASELINE_SIGSYS(__NR_init_module);	250 TEST_BASELINE_SIGSYS(__NR_init_module);

248 TEST_BASELINE_SIGSYS(__NR_keyctl);	251 TEST_BASELINE_SIGSYS(__NR_keyctl);

249 TEST_BASELINE_SIGSYS(__NR_mq_open);	252 TEST_BASELINE_SIGSYS(__NR_mq_open);

250 TEST_BASELINE_SIGSYS(__NR_vserver);

251 TEST_BASELINE_SIGSYS(__NR_getcpu);	253 TEST_BASELINE_SIGSYS(__NR_getcpu);

252 TEST_BASELINE_SIGSYS(__NR_setpgid);	254 TEST_BASELINE_SIGSYS(__NR_setpgid);

253 TEST_BASELINE_SIGSYS(__NR_getitimer);	255 TEST_BASELINE_SIGSYS(__NR_getitimer);

254	256

255 #if !defined(OS_ANDROID)	257 #if !defined(OS_ANDROID)

256 BPF_DEATH_TEST_C(BaselinePolicy,	258 BPF_DEATH_TEST_C(BaselinePolicy,

257 FutexWithRequeuePriorityInheritence,	259 FutexWithRequeuePriorityInheritence,

258 DEATH_MESSAGE(GetFutexErrorMessageContentForTests()),	260 DEATH_MESSAGE(GetFutexErrorMessageContentForTests()),

259 BaselinePolicy) {	261 BaselinePolicy) {

260 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0);	262 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0);

(...skipping 25 matching lines...) Expand all Loading...
286 PrctlSigsys,	288 PrctlSigsys,

287 DEATH_SEGV_MESSAGE(GetPrctlErrorMessageContentForTests()),	289 DEATH_SEGV_MESSAGE(GetPrctlErrorMessageContentForTests()),

288 BaselinePolicy) {	290 BaselinePolicy) {

289 prctl(PR_CAPBSET_READ, 0, 0, 0, 0);	291 prctl(PR_CAPBSET_READ, 0, 0, 0, 0);

290 _exit(1);	292 _exit(1);

291 }	293 }

292	294

293 } // namespace	295 } // namespace

294	296

295 } // namespace sandbox	297 } // namespace sandbox

OLD	NEW