| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 |
| 7 #include <time.h> |
| 8 |
| 9 #include "base/sys_info.h" |
| 10 #include "base/time/time.h" |
| 11 #include "build/build_config.h" |
| 12 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 13 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 14 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 15 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 16 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 17 #include "sandbox/linux/services/linux_syscalls.h" |
| 18 #include "sandbox/linux/tests/unit_tests.h" |
| 19 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK |
| 20 |
| 21 namespace sandbox { |
| 22 |
| 23 namespace { |
| 24 |
| 25 // NOTE: most of the parameter restrictions are tested in |
| 26 // baseline_policy_unittest.cc as a more end-to-end test. |
| 27 |
| 28 using sandbox::bpf_dsl::Allow; |
| 29 using sandbox::bpf_dsl::ResultExpr; |
| 30 using sandbox::bpf_dsl::SandboxBPFDSLPolicy; |
| 31 |
| 32 class RestrictClockIdPolicy : public SandboxBPFDSLPolicy { |
| 33 public: |
| 34 RestrictClockIdPolicy() {} |
| 35 virtual ~RestrictClockIdPolicy() {} |
| 36 |
| 37 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE { |
| 38 switch (sysno) { |
| 39 case __NR_clock_gettime: |
| 40 case __NR_clock_getres: |
| 41 return RestrictClockID(); |
| 42 default: |
| 43 return Allow(); |
| 44 } |
| 45 } |
| 46 }; |
| 47 |
| 48 void CheckClock(clockid_t clockid) { |
| 49 struct timespec ts; |
| 50 ts.tv_sec = ts.tv_nsec = -1; |
| 51 BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); |
| 52 BPF_ASSERT_LE(0, ts.tv_sec); |
| 53 BPF_ASSERT_LE(0, ts.tv_nsec); |
| 54 } |
| 55 |
| 56 BPF_TEST_C(ParameterRestrictions, |
| 57 clock_gettime_allowed, |
| 58 RestrictClockIdPolicy) { |
| 59 CheckClock(CLOCK_MONOTONIC); |
| 60 CheckClock(CLOCK_PROCESS_CPUTIME_ID); |
| 61 CheckClock(CLOCK_REALTIME); |
| 62 CheckClock(CLOCK_THREAD_CPUTIME_ID); |
| 63 } |
| 64 |
| 65 BPF_DEATH_TEST_C(ParameterRestrictions, |
| 66 clock_gettime_crash_monotonic_raw, |
| 67 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 68 RestrictClockIdPolicy) { |
| 69 struct timespec ts; |
| 70 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); |
| 71 } |
| 72 |
| 73 #if defined(OS_CHROMEOS) |
| 74 |
| 75 // A custom BPF tester delegate to run IsRunningOnChromeOS() before |
| 76 // the sandbox is enabled because we cannot run it with non-SFI BPF |
| 77 // sandbox enabled. |
| 78 class ClockSystemTesterDelegate : public sandbox::BPFTesterDelegate { |
| 79 public: |
| 80 ClockSystemTesterDelegate() |
| 81 : is_running_on_chromeos_(base::SysInfo::IsRunningOnChromeOS()) {} |
| 82 virtual ~ClockSystemTesterDelegate() {} |
| 83 |
| 84 virtual scoped_ptr<sandbox::SandboxBPFPolicy> GetSandboxBPFPolicy() OVERRIDE { |
| 85 return scoped_ptr<sandbox::SandboxBPFPolicy>( |
| 86 new RestrictClockIdPolicy()); |
| 87 } |
| 88 virtual void RunTestFunction() OVERRIDE { |
| 89 if (is_running_on_chromeos_) { |
| 90 CheckClock(base::TimeTicks::kClockSystemTrace); |
| 91 } else { |
| 92 struct timespec ts; |
| 93 // kClockSystemTrace is 11, which is CLOCK_THREAD_CPUTIME_ID of |
| 94 // the init process (pid=1). If kernel supports this feature, |
| 95 // this may succeed even if this is not running on Chrome OS. We |
| 96 // just check this clock_gettime call does not crash. |
| 97 clock_gettime(base::TimeTicks::kClockSystemTrace, &ts); |
| 98 } |
| 99 } |
| 100 |
| 101 private: |
| 102 const bool is_running_on_chromeos_; |
| 103 DISALLOW_COPY_AND_ASSIGN(ClockSystemTesterDelegate); |
| 104 }; |
| 105 |
| 106 BPF_TEST_D(BPFTest, BPFTestWithDelegateClass, ClockSystemTesterDelegate); |
| 107 |
| 108 #elif defined(OS_LINUX) |
| 109 |
| 110 BPF_DEATH_TEST_C(ParameterRestrictions, |
| 111 clock_gettime_crash_system_trace, |
| 112 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 113 RestrictClockIdPolicy) { |
| 114 struct timespec ts; |
| 115 clock_gettime(base::TimeTicks::kClockSystemTrace, &ts); |
| 116 } |
| 117 |
| 118 #endif // defined(OS_CHROMEOS) |
| 119 |
| 120 BPF_DEATH_TEST_C(ParameterRestrictions, |
| 121 clock_gettime_crash_cpu_clock, |
| 122 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 123 RestrictClockIdPolicy) { |
| 124 // We can't use clock_getcpuclockid() because it's not implemented in newlib, |
| 125 // and it might not work inside the sandbox anyway. |
| 126 const pid_t kInitPID = 1; |
| 127 const clockid_t kInitCPUClockID = |
| 128 MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED); |
| 129 |
| 130 struct timespec ts; |
| 131 clock_gettime(kInitCPUClockID, &ts); |
| 132 } |
| 133 |
| 134 } // namespace |
| 135 |
| 136 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 563043005:
Linux sandbox: move RestrictClockID() to sandbox/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master