sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc - Issue 550473002: Linux sandbox: whitelist allowed Futex operations.

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc

Issue 550473002: Linux sandbox: whitelist allowed Futex operations. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Move Android futex definitions to the existing separate file. Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc » ('j') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"	5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8 #include <linux/futex.h>	8 #include <linux/futex.h>

9 #include <sched.h>	9 #include <sched.h>

10 #include <signal.h>	10 #include <signal.h>

(...skipping 253 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
264 _exit(1);	264 _exit(1);

265 }	265 }

266	266

267 BPF_DEATH_TEST_C(BaselinePolicy,	267 BPF_DEATH_TEST_C(BaselinePolicy,

268 FutexWithRequeuePriorityInheritencePrivate,	268 FutexWithRequeuePriorityInheritencePrivate,

269 DEATH_MESSAGE(GetFutexErrorMessageContentForTests()),	269 DEATH_MESSAGE(GetFutexErrorMessageContentForTests()),

270 BaselinePolicy) {	270 BaselinePolicy) {

271 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI_PRIVATE, 0, NULL, NULL, 0);	271 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI_PRIVATE, 0, NULL, NULL, 0);

272 _exit(1);	272 _exit(1);

273 }	273 }

	274

	275 BPF_DEATH_TEST_C(BaselinePolicy,

	276 FutexWithUnlockPIPrivate,

	277 DEATH_MESSAGE(GetFutexErrorMessageContentForTests()),

	278 BaselinePolicy) {

	279 syscall(__NR_futex, NULL, FUTEX_UNLOCK_PI_PRIVATE, 0, NULL, NULL, 0);

	280 _exit(1);

	281 }

274 #endif // !defined(OS_ANDROID)	282 #endif // !defined(OS_ANDROID)

275	283

276 BPF_TEST_C(BaselinePolicy, PrctlDumpable, BaselinePolicy) {	284 BPF_TEST_C(BaselinePolicy, PrctlDumpable, BaselinePolicy) {

277 const int is_dumpable = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0);	285 const int is_dumpable = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0);

278 BPF_ASSERT(is_dumpable == 1 \|\| is_dumpable == 0);	286 BPF_ASSERT(is_dumpable == 1 \|\| is_dumpable == 0);

279 const int prctl_ret = prctl(PR_SET_DUMPABLE, is_dumpable, 0, 0, 0, 0);	287 const int prctl_ret = prctl(PR_SET_DUMPABLE, is_dumpable, 0, 0, 0, 0);

280 BPF_ASSERT_EQ(0, prctl_ret);	288 BPF_ASSERT_EQ(0, prctl_ret);

281 }	289 }

282	290

283 // Workaround incomplete Android headers.	291 // Workaround incomplete Android headers.

284 #if !defined(PR_CAPBSET_READ)	292 #if !defined(PR_CAPBSET_READ)

285 #define PR_CAPBSET_READ 23	293 #define PR_CAPBSET_READ 23

286 #endif	294 #endif

287	295

288 BPF_DEATH_TEST_C(BaselinePolicy,	296 BPF_DEATH_TEST_C(BaselinePolicy,

289 PrctlSigsys,	297 PrctlSigsys,

290 DEATH_SEGV_MESSAGE(GetPrctlErrorMessageContentForTests()),	298 DEATH_SEGV_MESSAGE(GetPrctlErrorMessageContentForTests()),

291 BaselinePolicy) {	299 BaselinePolicy) {

292 prctl(PR_CAPBSET_READ, 0, 0, 0, 0);	300 prctl(PR_CAPBSET_READ, 0, 0, 0, 0);

293 _exit(1);	301 _exit(1);

294 }	302 }

295	303

296 } // namespace	304 } // namespace

297	305

298 } // namespace sandbox	306 } // namespace sandbox

OLD	NEW