Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(74)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc

Issue 487143003: sandbox: Add Arm64 support for seccomp-BPF (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Code review changes Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_sets.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <linux/futex.h> 8 #include <linux/futex.h>
9 #include <sched.h> 9 #include <sched.h>
10 #include <signal.h> 10 #include <signal.h>
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after
169 int sys_ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sv); 169 int sys_ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sv);
170 BPF_ASSERT_EQ(0, sys_ret); 170 BPF_ASSERT_EQ(0, sys_ret);
171 TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1])); 171 TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1]));
172 172
173 sys_ret = socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sv); 173 sys_ret = socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sv);
174 BPF_ASSERT_EQ(0, sys_ret); 174 BPF_ASSERT_EQ(0, sys_ret);
175 TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1])); 175 TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1]));
176 } 176 }
177 177
178 // Not all architectures can restrict the domain for socketpair(). 178 // Not all architectures can restrict the domain for socketpair().
179 #if defined(__x86_64__) || defined(__arm__) 179 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
180 BPF_DEATH_TEST_C(BaselinePolicy, 180 BPF_DEATH_TEST_C(BaselinePolicy,
181 SocketpairWrongDomain, 181 SocketpairWrongDomain,
182 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()), 182 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()),
183 BaselinePolicy) { 183 BaselinePolicy) {
184 int sv[2]; 184 int sv[2];
185 ignore_result(socketpair(AF_INET, SOCK_STREAM, 0, sv)); 185 ignore_result(socketpair(AF_INET, SOCK_STREAM, 0, sv));
186 _exit(1); 186 _exit(1);
187 } 187 }
188 #endif // defined(__x86_64__) || defined(__arm__) 188 #endif // defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
189 189
190 BPF_TEST_C(BaselinePolicy, EPERM_open, BaselinePolicy) { 190 BPF_TEST_C(BaselinePolicy, EPERM_open, BaselinePolicy) {
191 errno = 0; 191 errno = 0;
192 int sys_ret = open("/proc/cpuinfo", O_RDONLY); 192 int sys_ret = open("/proc/cpuinfo", O_RDONLY);
193 BPF_ASSERT_EQ(-1, sys_ret); 193 BPF_ASSERT_EQ(-1, sys_ret);
194 BPF_ASSERT_EQ(EPERM, errno); 194 BPF_ASSERT_EQ(EPERM, errno);
195 } 195 }
196 196
197 BPF_TEST_C(BaselinePolicy, EPERM_access, BaselinePolicy) { 197 BPF_TEST_C(BaselinePolicy, EPERM_access, BaselinePolicy) {
198 errno = 0; 198 errno = 0;
(...skipping 25 matching lines...) Expand all
224 // process. 224 // process.
225 #define TEST_BASELINE_SIGSYS(sysno) \ 225 #define TEST_BASELINE_SIGSYS(sysno) \
226 BPF_DEATH_TEST_C(BaselinePolicy, \ 226 BPF_DEATH_TEST_C(BaselinePolicy, \
227 SIGSYS_##sysno, \ 227 SIGSYS_##sysno, \
228 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()), \ 228 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()), \
229 BaselinePolicy) { \ 229 BaselinePolicy) { \
230 syscall(sysno, 0, 0, 0, 0, 0, 0); \ 230 syscall(sysno, 0, 0, 0, 0, 0, 0); \
231 _exit(1); \ 231 _exit(1); \
232 } 232 }
233 233
234 TEST_BASELINE_SIGSYS(__NR_syslog); 234 TEST_BASELINE_SIGSYS(__NR_acct);
235 TEST_BASELINE_SIGSYS(__NR_sched_setaffinity); 235 TEST_BASELINE_SIGSYS(__NR_chroot);
236 TEST_BASELINE_SIGSYS(__NR_timer_create); 236 TEST_BASELINE_SIGSYS(__NR_fanotify_init);
237 TEST_BASELINE_SIGSYS(__NR_fgetxattr);
238 TEST_BASELINE_SIGSYS(__NR_getcpu);
239 TEST_BASELINE_SIGSYS(__NR_getitimer);
240 TEST_BASELINE_SIGSYS(__NR_init_module);
237 TEST_BASELINE_SIGSYS(__NR_io_cancel); 241 TEST_BASELINE_SIGSYS(__NR_io_cancel);
238 TEST_BASELINE_SIGSYS(__NR_ptrace);
239 TEST_BASELINE_SIGSYS(__NR_eventfd);
240 TEST_BASELINE_SIGSYS(__NR_fgetxattr);
241 TEST_BASELINE_SIGSYS(__NR_fanotify_init);
242 TEST_BASELINE_SIGSYS(__NR_swapon);
243 TEST_BASELINE_SIGSYS(__NR_chroot);
244 TEST_BASELINE_SIGSYS(__NR_acct);
245 TEST_BASELINE_SIGSYS(__NR_sysinfo);
246 TEST_BASELINE_SIGSYS(__NR_inotify_init);
247 TEST_BASELINE_SIGSYS(__NR_init_module);
248 TEST_BASELINE_SIGSYS(__NR_keyctl); 242 TEST_BASELINE_SIGSYS(__NR_keyctl);
249 TEST_BASELINE_SIGSYS(__NR_mq_open); 243 TEST_BASELINE_SIGSYS(__NR_mq_open);
244 TEST_BASELINE_SIGSYS(__NR_ptrace);
245 TEST_BASELINE_SIGSYS(__NR_sched_setaffinity);
246 TEST_BASELINE_SIGSYS(__NR_setpgid);
247 TEST_BASELINE_SIGSYS(__NR_swapon);
248 TEST_BASELINE_SIGSYS(__NR_sysinfo);
249 TEST_BASELINE_SIGSYS(__NR_syslog);
250 TEST_BASELINE_SIGSYS(__NR_timer_create);
251
252 #if !defined(__aarch64__)
253 TEST_BASELINE_SIGSYS(__NR_eventfd);
254 TEST_BASELINE_SIGSYS(__NR_inotify_init);
250 TEST_BASELINE_SIGSYS(__NR_vserver); 255 TEST_BASELINE_SIGSYS(__NR_vserver);
251 TEST_BASELINE_SIGSYS(__NR_getcpu); 256 #endif
252 TEST_BASELINE_SIGSYS(__NR_setpgid);
253 TEST_BASELINE_SIGSYS(__NR_getitimer);
254 257
255 #if !defined(OS_ANDROID) 258 #if !defined(OS_ANDROID)
256 BPF_DEATH_TEST_C(BaselinePolicy, 259 BPF_DEATH_TEST_C(BaselinePolicy,
257 FutexWithRequeuePriorityInheritence, 260 FutexWithRequeuePriorityInheritence,
258 DEATH_MESSAGE(GetFutexErrorMessageContentForTests()), 261 DEATH_MESSAGE(GetFutexErrorMessageContentForTests()),
259 BaselinePolicy) { 262 BaselinePolicy) {
260 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0); 263 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0);
261 _exit(1); 264 _exit(1);
262 } 265 }
263 266
(...skipping 22 matching lines...) Expand all
286 PrctlSigsys, 289 PrctlSigsys,
287 DEATH_SEGV_MESSAGE(GetPrctlErrorMessageContentForTests()), 290 DEATH_SEGV_MESSAGE(GetPrctlErrorMessageContentForTests()),
288 BaselinePolicy) { 291 BaselinePolicy) {
289 prctl(PR_CAPBSET_READ, 0, 0, 0, 0); 292 prctl(PR_CAPBSET_READ, 0, 0, 0, 0);
290 _exit(1); 293 _exit(1);
291 } 294 }
292 295
293 } // namespace 296 } // namespace
294 297
295 } // namespace sandbox 298 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_sets.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698