sandbox: Add Arm64 support for seccomp-BPF

sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

Index: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
index c25d6cf61141fceb8c933b0581cf2c57ac5d7dd6..8234d5ed26af0c47aae2c833cdcb88ecf67555b7 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
@@ -248,7 +248,9 @@ ErrorCode ErrnoTestPolicy::EvaluateSyscall(SandboxBPF*, int sysno) const {
   DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
   switch (sysno) {
     case __NR_dup3:    // dup2 is a wrapper of dup3 in android
+#if defined(__NR_dup2)
     case __NR_dup2:
+#endif
       // Pretend that dup2() worked, but don't actually do anything.
       return ErrorCode(0);
     case __NR_setuid:
@@ -762,12 +764,16 @@ intptr_t BrokerOpenTrapHandler(const struct arch_seccomp_data& args,
       BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD);
       return broker_process->Access(reinterpret_cast<const char*>(args.args[1]),
                                     static_cast<int>(args.args[2]));
+#if defined(__NR_access)
     case __NR_access:
       return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
                                     static_cast<int>(args.args[1]));
+#endif
+#if defined(__NR_open)
     case __NR_open:
       return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
                                   static_cast<int>(args.args[1]));
+#endif
     case __NR_openat:
       // We only call open() so if we arrive here, it's because glibc uses
       // the openat() system call.
@@ -789,8 +795,12 @@ ErrorCode DenyOpenPolicy(SandboxBPF* sandbox,
 
   switch (sysno) {
     case __NR_faccessat:
+#if defined(__NR_access)
     case __NR_access:
+#endif
+#if defined(__NR_open)
     case __NR_open:
+#endif
     case __NR_openat:
       // We get a InitializedOpenBroker class, but our trap handler wants
       // the BrokerProcess object.
@@ -869,13 +879,14 @@ ErrorCode SimpleCondTestPolicy::EvaluateSyscall(SandboxBPF* sandbox,
   // to return more traditional values.
   int flags_argument_position = -1;
   switch (sysno) {
+#if defined(__NR_open)
     case __NR_open:
+      flags_argument_position = 1;
+#endif
     case __NR_openat:  // open can be a wrapper for openat(2).
-      if (sysno == __NR_open) {
-        flags_argument_position = 1;
-      } else if (sysno == __NR_openat) {
+      if (sysno == __NR_openat)
         flags_argument_position = 2;
-      }
+
       // Allow opening files for reading, but don't allow writing.
       COMPILE_ASSERT(O_RDONLY == 0, O_RDONLY_must_be_all_zero_bits);
       return sandbox->Cond(flags_argument_position,
@@ -1213,7 +1224,11 @@ class EqualityStressTest {
   // Don't increase these values. We are pushing the limits of the maximum
   // BPF program that the kernel will allow us to load. If the values are
   // increased too much, the test will start failing.
+#if defined(__aarch64__)
+  static const int kNumTestCases = 30;

[jln (very slow on Chromium), 2014/08/22 20:11:30]

Did you figure out what was happening btw?

CodeGen::PrintProgram() is a useful debugging tool, but these days, there are
also a bunch of other BPF decompilers / debuggers.

[leecam, 2014/08/24 22:11:58]

I'm still looking into this one but I don't think there is anything
fundamentally bad happening

+#else
   static const int kNumTestCases = 40;
+#endif
   static const int kMaxFanOut = 3;
   static const int kMaxArgs = 6;
 };
@@ -1930,6 +1945,18 @@ BPF_TEST_C(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) {
 #endif
 #endif
 
+#if defined(__aarch64__)
+#ifndef PTRACE_GETREGS
+#define PTRACE_GETREGS 12
+#endif
+#endif
+
+#if defined(__aarch64__)
+#ifndef PTRACE_SETREGS
+#define PTRACE_SETREGS 13
+#endif
+#endif
+
 // Changes the syscall to run for a child being sandboxed using seccomp-bpf with
 // PTRACE_O_TRACESECCOMP.  Should only be called when the child is stopped on
 // PTRACE_EVENT_SECCOMP.
@@ -1973,11 +2000,18 @@ SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) {
     return;
   }
 
+// The following tests are disabled due to a kernel bug.

[jln (very slow on Chromium), 2014/08/22 20:11:30]

You mean "The current test"?

[leecam, 2014/08/24 22:11:57]

Yep ;-)

+// See https://code.google.com/p/chromium/issues/detail?id=383977
 #if defined(__arm__)

[jln (very slow on Chromium), 2014/08/22 20:11:30]

You could probably just || (__aarch64__) here, with a common message.

[leecam, 2014/08/24 22:11:58]

Done.

   printf("This test is currently disabled on ARM due to a kernel bug.");
   return;
 #endif
 
+#if defined(__aarch64__)
+  printf("This test is currently disabled on ARM64..");
+  return;
+#endif
+
 #if defined(__mips__)
   // TODO: Figure out how to support specificity of handling indirect syscalls
   //        in this test and enable it.