sandbox: Fix RedirectToUserSpacePolicyWrapper

sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

Index: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
index 0ce508be9c7eafbb49a4d632682df9a4715a72e2..610d0cbf2de26b5d15204d6065b81d9ec4801ff0 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
@@ -2261,6 +2261,68 @@ SANDBOX_DEATH_TEST(SandboxBPF, StartSingleThreadedAsMultiThreaded,
 }
 #endif  // !defined(THREAD_SANITIZER)
 
+intptr_t NopHandler(const struct arch_seccomp_data& args, void*) {

[jln (very slow on Chromium), 2014/08/29 20:40:05]

Maybe NoOp rather than Nop? And/Or add a comment.

[leecam, 2014/08/29 22:56:31]

Done.

+  return -1;
+}
+
+class UnsafeTrapWithCondPolicy : public SandboxBPFPolicy {
+ public:
+  UnsafeTrapWithCondPolicy() {}
+  virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
+                                    int sysno) const OVERRIDE {
+    DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+    setenv(kSandboxDebuggingEnv, "t", 0);
+    Die::SuppressInfoMessages(true);
+
+    if (sysno == __NR_rt_sigprocmask || sysno == __NR_rt_sigreturn

[jln (very slow on Chromium), 2014/08/29 20:40:05]

Should we export a "IsRequiredForUnsafeTrapsSyscall()" or something along these
lines?

[leecam, 2014/08/29 22:56:31]

Done.

+#if defined(__NR_sigprocmask)
+        ||
+        sysno == __NR_sigprocmask
+#endif
+#if defined(__NR_sigreturn)
+        ||
+        sysno == __NR_sigreturn
+#endif
+        ) {
+      return ErrorCode(ErrorCode::ERR_ALLOWED);
+    }
+    switch (sysno) {
+      case __NR_setuid:
+        return sandbox->Cond(0,
+                             ErrorCode::TP_32BIT,
+                             ErrorCode::OP_EQUAL,
+                             100,
+                             ErrorCode(ErrorCode::ERR_ALLOWED),
+                             ErrorCode(EPERM));
+      case __NR_setgid:
+        return sandbox->Cond(0,
+                             ErrorCode::TP_32BIT,
+                             ErrorCode::OP_EQUAL,
+                             100,
+                             ErrorCode(ErrorCode::ERR_ALLOWED),
+                             sandbox->Cond(0,
+                                           ErrorCode::TP_32BIT,
+                                           ErrorCode::OP_EQUAL,
+                                           200,
+                                           ErrorCode(ENOSYS),
+                                           ErrorCode(EPERM)));
+      case __NR_exit_group:
+        return ErrorCode(ErrorCode::ERR_ALLOWED);
+      case __NR_getppid:
+        return sandbox->UnsafeTrap(NopHandler, NULL);
+      default:
+        return ErrorCode(EPERM);
+    }
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(UnsafeTrapWithCondPolicy);
+};
+
+BPF_TEST_C(SandboxBPF, UnsafeTrapWithCond, UnsafeTrapWithCondPolicy) {
+  // Nothing to do, just ensuring policy compiles and verifies.

[jln (very slow on Chromium), 2014/08/29 20:40:05]

It would be worth checking that the policy does what it's supposed to do, no? It
looks like it would be easy to actually call setuid/setgid and check (but it
means you might want to default allow all other syscalls rather than restrict
them).

[leecam, 2014/08/29 22:56:31]

Done.

+}
+
 }  // namespace
 
 }  // namespace sandbox