OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
6 | 6 |
7 #include <sched.h> | |
7 #include <time.h> | 8 #include <time.h> |
8 | 9 |
10 #include "base/bind.h" | |
9 #include "base/sys_info.h" | 11 #include "base/sys_info.h" |
12 #include "base/threading/thread.h" | |
10 #include "base/time/time.h" | 13 #include "base/time/time.h" |
11 #include "build/build_config.h" | 14 #include "build/build_config.h" |
12 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 15 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
13 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 16 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
14 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 17 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
15 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 18 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
16 #include "sandbox/linux/seccomp-bpf/syscall.h" | 19 #include "sandbox/linux/seccomp-bpf/syscall.h" |
17 #include "sandbox/linux/services/linux_syscalls.h" | 20 #include "sandbox/linux/services/linux_syscalls.h" |
18 #include "sandbox/linux/tests/unit_tests.h" | 21 #include "sandbox/linux/tests/unit_tests.h" |
19 | 22 |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
129 // and it might not work inside the sandbox anyway. | 132 // and it might not work inside the sandbox anyway. |
130 const pid_t kInitPID = 1; | 133 const pid_t kInitPID = 1; |
131 const clockid_t kInitCPUClockID = | 134 const clockid_t kInitCPUClockID = |
132 MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED); | 135 MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED); |
133 | 136 |
134 struct timespec ts; | 137 struct timespec ts; |
135 clock_gettime(kInitCPUClockID, &ts); | 138 clock_gettime(kInitCPUClockID, &ts); |
136 } | 139 } |
137 #endif // !defined(OS_ANDROID) | 140 #endif // !defined(OS_ANDROID) |
138 | 141 |
142 class RestrictSchedPolicy : public SandboxBPFDSLPolicy { | |
143 public: | |
144 RestrictSchedPolicy() {} | |
145 virtual ~RestrictSchedPolicy() {} | |
146 | |
147 virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE { | |
148 switch (sysno) { | |
149 case __NR_sched_getaffinity: | |
150 return RestrictSchedTarget(getpid(), sysno); | |
151 default: | |
152 return Allow(); | |
153 } | |
154 } | |
155 }; | |
156 | |
157 void CheckSchedGetAffinity(pid_t pid, cpu_set_t* mask) { | |
158 BPF_ASSERT_EQ(0, sched_getaffinity(pid, sizeof(*mask), mask)); | |
159 } | |
160 | |
161 void SchedGetAffinityThread() { | |
162 const pid_t pid = getpid(); | |
163 const pid_t tid = syscall(__NR_gettid); | |
164 BPF_ASSERT_NE(pid, tid); | |
165 | |
166 cpu_set_t current_pid_mask; | |
167 CheckSchedGetAffinity(pid, ¤t_pid_mask); | |
168 | |
169 cpu_set_t zero_mask; | |
170 CheckSchedGetAffinity(0, &zero_mask); | |
171 | |
172 cpu_set_t tid_mask; | |
173 CheckSchedGetAffinity(tid, &tid_mask); | |
174 | |
175 BPF_ASSERT(CPU_EQUAL(&zero_mask, &tid_mask)); | |
jln (very slow on Chromium)
2014/09/22 21:56:44
Could you add some testing of errno if you make so
rickyz (no longer on Chrome)
2014/09/23 06:03:20
Done.
| |
176 } | |
177 | |
178 BPF_TEST_C(ParameterRestrictions, | |
179 sched_getaffinity_allowed, | |
180 RestrictClockIdPolicy) { | |
181 // Run the actual test in a new thread so that the current pid and tid are | |
182 // different. | |
183 base::Thread getaffinity_thread("getaffinity_thread"); | |
184 BPF_ASSERT(getaffinity_thread.Start()); | |
185 getaffinity_thread.message_loop()->PostTask( | |
186 FROM_HERE, base::Bind(&SchedGetAffinityThread)); | |
187 getaffinity_thread.Stop(); | |
jln (very slow on Chromium)
2014/09/22 21:56:44
You need synchronization here to make sure that yo
rickyz (no longer on Chrome)
2014/09/23 06:03:20
Done.
| |
188 } | |
189 | |
190 BPF_DEATH_TEST_C(ParameterRestrictions, | |
191 sched_getaffinity_crash_non_zero, | |
192 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | |
193 RestrictSchedPolicy) { | |
194 const pid_t kInitPID = 1; | |
195 cpu_set_t mask; | |
196 sched_getaffinity(kInitPID, sizeof(mask), &mask); | |
197 } | |
198 | |
139 } // namespace | 199 } // namespace |
140 | 200 |
141 } // namespace sandbox | 201 } // namespace sandbox |
OLD | NEW |