| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <netinet/in.h> | 8 #include <netinet/in.h> |
| 9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
| 10 #include <sys/utsname.h> | 10 #include <sys/utsname.h> |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 60 | 60 |
| 61 class BasicPolicy : public SandboxBPFDSLPolicy { | 61 class BasicPolicy : public SandboxBPFDSLPolicy { |
| 62 public: | 62 public: |
| 63 BasicPolicy() {} | 63 BasicPolicy() {} |
| 64 virtual ~BasicPolicy() {} | 64 virtual ~BasicPolicy() {} |
| 65 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE { | 65 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE { |
| 66 if (sysno == __NR_getpgid) { | 66 if (sysno == __NR_getpgid) { |
| 67 const Arg<pid_t> pid(0); | 67 const Arg<pid_t> pid(0); |
| 68 return If(pid == 0, Error(EPERM)).Else(Error(EINVAL)); | 68 return If(pid == 0, Error(EPERM)).Else(Error(EINVAL)); |
| 69 } | 69 } |
| 70 if (sysno == __NR_setuid) { |
| 71 const Arg<uid_t> uid(0); |
| 72 return If(uid != 42, Error(ESRCH)).Else(Error(ENOMEM)); |
| 73 } |
| 70 return Allow(); | 74 return Allow(); |
| 71 } | 75 } |
| 72 | 76 |
| 73 private: | 77 private: |
| 74 DISALLOW_COPY_AND_ASSIGN(BasicPolicy); | 78 DISALLOW_COPY_AND_ASSIGN(BasicPolicy); |
| 75 }; | 79 }; |
| 76 | 80 |
| 77 BPF_TEST_C(BPFDSL, Basic, BasicPolicy) { | 81 BPF_TEST_C(BPFDSL, Basic, BasicPolicy) { |
| 78 ASSERT_SYSCALL_RESULT(-EPERM, getpgid, 0); | 82 ASSERT_SYSCALL_RESULT(-EPERM, getpgid, 0); |
| 79 ASSERT_SYSCALL_RESULT(-EINVAL, getpgid, 1); | 83 ASSERT_SYSCALL_RESULT(-EINVAL, getpgid, 1); |
| 84 |
| 85 ASSERT_SYSCALL_RESULT(-ENOMEM, setuid, 42); |
| 86 ASSERT_SYSCALL_RESULT(-ESRCH, setuid, 43); |
| 80 } | 87 } |
| 81 | 88 |
| 82 /* On IA-32, socketpair() is implemented via socketcall(). :-( */ | 89 /* On IA-32, socketpair() is implemented via socketcall(). :-( */ |
| 83 #if !defined(ARCH_CPU_X86) | 90 #if !defined(ARCH_CPU_X86) |
| 84 class BooleanLogicPolicy : public SandboxBPFDSLPolicy { | 91 class BooleanLogicPolicy : public SandboxBPFDSLPolicy { |
| 85 public: | 92 public: |
| 86 BooleanLogicPolicy() {} | 93 BooleanLogicPolicy() {} |
| 87 virtual ~BooleanLogicPolicy() {} | 94 virtual ~BooleanLogicPolicy() {} |
| 88 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE { | 95 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE { |
| 89 if (sysno == __NR_socketpair) { | 96 if (sysno == __NR_socketpair) { |
| (...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 314 ASSERT_SYSCALL_RESULT(-EINVAL, fcntl, sock_fd.get(), F_SETFD, 0); | 321 ASSERT_SYSCALL_RESULT(-EINVAL, fcntl, sock_fd.get(), F_SETFD, 0); |
| 315 | 322 |
| 316 ASSERT_SYSCALL_RESULT(-EPERM, fcntl, sock_fd.get(), F_SETFL, O_RDONLY); | 323 ASSERT_SYSCALL_RESULT(-EPERM, fcntl, sock_fd.get(), F_SETFL, O_RDONLY); |
| 317 | 324 |
| 318 ASSERT_SYSCALL_RESULT(-EACCES, fcntl, sock_fd.get(), F_DUPFD, 0); | 325 ASSERT_SYSCALL_RESULT(-EACCES, fcntl, sock_fd.get(), F_DUPFD, 0); |
| 319 } | 326 } |
| 320 | 327 |
| 321 } // namespace | 328 } // namespace |
| 322 } // namespace bpf_dsl | 329 } // namespace bpf_dsl |
| 323 } // namespace sandbox | 330 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 559653004:
Convert sandbox_bpf_unittest.cc to use bpf_dsl (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master