| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <asm/unistd.h> | 5 #include <asm/unistd.h> |
| 6 #include <fcntl.h> | 6 #include <fcntl.h> |
| 7 #include <sys/mman.h> | 7 #include <sys/mman.h> |
| 8 #include <sys/syscall.h> | 8 #include <sys/syscall.h> |
| 9 #include <unistd.h> | 9 #include <unistd.h> |
| 10 | 10 |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 | 24 |
| 25 // Different platforms use different symbols for the six-argument version | 25 // Different platforms use different symbols for the six-argument version |
| 26 // of the mmap() system call. Test for the correct symbol at compile time. | 26 // of the mmap() system call. Test for the correct symbol at compile time. |
| 27 #ifdef __NR_mmap2 | 27 #ifdef __NR_mmap2 |
| 28 const int kMMapNr = __NR_mmap2; | 28 const int kMMapNr = __NR_mmap2; |
| 29 #else | 29 #else |
| 30 const int kMMapNr = __NR_mmap; | 30 const int kMMapNr = __NR_mmap; |
| 31 #endif | 31 #endif |
| 32 | 32 |
| 33 TEST(Syscall, WellKnownEntryPoint) { | 33 TEST(Syscall, WellKnownEntryPoint) { |
| 34 // Test that SandboxSyscall(-1) is handled specially. Don't do this on ARM, | 34 // Test that SandboxSyscall(-1) is handled specially. Don't do this on ARM, |
| 35 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we | 35 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we |
| 36 // are still testing ARM code in the next set of tests. | 36 // are still testing ARM code in the next set of tests. |
| 37 #if !defined(__arm__) | 37 #if !defined(__arm__) |
| 38 EXPECT_NE(SandboxSyscall(-1), syscall(-1)); | 38 EXPECT_NE(SandboxSyscall(-1), syscall(-1)); |
| 39 #endif | 39 #endif |
| 40 | 40 |
| 41 // If possible, test that SandboxSyscall(-1) returns the address right after | 41 // If possible, test that SandboxSyscall(-1) returns the address right after |
| 42 // a kernel entry point. | 42 // a kernel entry point. |
| 43 #if defined(__i386__) | 43 #if defined(__i386__) |
| 44 EXPECT_EQ(0x80CDu, ((uint16_t *)SandboxSyscall(-1))[-1]); // INT 0x80 | 44 EXPECT_EQ(0x80CDu, ((uint16_t*)SandboxSyscall(-1))[-1]); // INT 0x80 |
| 45 #elif defined(__x86_64__) | 45 #elif defined(__x86_64__) |
| 46 EXPECT_EQ(0x050Fu, ((uint16_t *)SandboxSyscall(-1))[-1]); // SYSCALL | 46 EXPECT_EQ(0x050Fu, ((uint16_t*)SandboxSyscall(-1))[-1]); // SYSCALL |
| 47 #elif defined(__arm__) | 47 #elif defined(__arm__) |
| 48 #if defined(__thumb__) | 48 #if defined(__thumb__) |
| 49 EXPECT_EQ(0xDF00u, ((uint16_t *)SandboxSyscall(-1))[-1]); // SWI 0 | 49 EXPECT_EQ(0xDF00u, ((uint16_t*)SandboxSyscall(-1))[-1]); // SWI 0 |
| 50 #else | 50 #else |
| 51 EXPECT_EQ(0xEF000000u, ((uint32_t *)SandboxSyscall(-1))[-1]); // SVC 0 | 51 EXPECT_EQ(0xEF000000u, ((uint32_t*)SandboxSyscall(-1))[-1]); // SVC 0 |
| 52 #endif | 52 #endif |
| 53 #else | 53 #else |
| 54 #warning Incomplete test case; need port for target platform | 54 #warning Incomplete test case; need port for target platform |
| 55 #endif | 55 #endif |
| 56 } | 56 } |
| 57 | 57 |
| 58 TEST(Syscall, TrivialSyscallNoArgs) { | 58 TEST(Syscall, TrivialSyscallNoArgs) { |
| 59 // Test that we can do basic system calls | 59 // Test that we can do basic system calls |
| 60 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid)); | 60 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid)); |
| 61 } | 61 } |
| 62 | 62 |
| 63 TEST(Syscall, TrivialSyscallOneArg) { | 63 TEST(Syscall, TrivialSyscallOneArg) { |
| 64 int new_fd; | 64 int new_fd; |
| 65 // Duplicate standard error and close it. | 65 // Duplicate standard error and close it. |
| 66 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0); | 66 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0); |
| 67 int close_return_value = HANDLE_EINTR(SandboxSyscall(__NR_close, new_fd)); | 67 int close_return_value = HANDLE_EINTR(SandboxSyscall(__NR_close, new_fd)); |
| 68 ASSERT_EQ(close_return_value, 0); | 68 ASSERT_EQ(close_return_value, 0); |
| 69 } | 69 } |
| 70 | 70 |
| 71 // SIGSYS trap handler that will be called on __NR_uname. | 71 // SIGSYS trap handler that will be called on __NR_uname. |
| 72 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void *aux) { | 72 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) { |
| 73 // |aux| is a pointer to our BPF_AUX. | 73 // |aux| is a pointer to our BPF_AUX. |
| 74 std::vector<uint64_t>* const seen_syscall_args = | 74 std::vector<uint64_t>* const seen_syscall_args = |
| 75 static_cast<std::vector<uint64_t>*>(aux); | 75 static_cast<std::vector<uint64_t>*>(aux); |
| 76 BPF_ASSERT(arraysize(args.args) == 6); | 76 BPF_ASSERT(arraysize(args.args) == 6); |
| 77 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); | 77 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); |
| 78 return -ENOMEM; | 78 return -ENOMEM; |
| 79 } | 79 } |
| 80 | 80 |
| 81 ErrorCode CopyAllArgsOnUnamePolicy(Sandbox *sandbox, int sysno, void *aux) { | 81 ErrorCode CopyAllArgsOnUnamePolicy(Sandbox* sandbox, int sysno, void* aux) { |
| 82 if (!Sandbox::IsValidSyscallNumber(sysno)) { | 82 if (!Sandbox::IsValidSyscallNumber(sysno)) { |
| 83 return ErrorCode(ENOSYS); | 83 return ErrorCode(ENOSYS); |
| 84 } | 84 } |
| 85 if (sysno == __NR_uname) { | 85 if (sysno == __NR_uname) { |
| 86 return sandbox->Trap(CopySyscallArgsToAux, aux); | 86 return sandbox->Trap(CopySyscallArgsToAux, aux); |
| 87 } else { | 87 } else { |
| 88 return ErrorCode(ErrorCode::ERR_ALLOWED); | 88 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 89 } | 89 } |
| 90 } | 90 } |
| 91 | 91 |
| 92 // We are testing SandboxSyscall() by making use of a BPF filter that allows us | 92 // We are testing SandboxSyscall() by making use of a BPF filter that allows us |
| 93 // to inspect the system call arguments that the kernel saw. | 93 // to inspect the system call arguments that the kernel saw. |
| 94 BPF_TEST(Syscall, SyntheticSixArgs, CopyAllArgsOnUnamePolicy, | 94 BPF_TEST(Syscall, |
| 95 SyntheticSixArgs, |
| 96 CopyAllArgsOnUnamePolicy, |
| 95 std::vector<uint64_t> /* BPF_AUX */) { | 97 std::vector<uint64_t> /* BPF_AUX */) { |
| 96 const int kExpectedValue = 42; | 98 const int kExpectedValue = 42; |
| 97 // In this test we only pass integers to the kernel. We might want to make | 99 // In this test we only pass integers to the kernel. We might want to make |
| 98 // additional tests to try other types. What we will see depends on | 100 // additional tests to try other types. What we will see depends on |
| 99 // implementation details of kernel BPF filters and we will need to document | 101 // implementation details of kernel BPF filters and we will need to document |
| 100 // the expected behavior very clearly. | 102 // the expected behavior very clearly. |
| 101 int syscall_args[6]; | 103 int syscall_args[6]; |
| 102 for (size_t i = 0; i < arraysize(syscall_args); ++i) { | 104 for (size_t i = 0; i < arraysize(syscall_args); ++i) { |
| 103 syscall_args[i] = kExpectedValue + i; | 105 syscall_args[i] = kExpectedValue + i; |
| 104 } | 106 } |
| 105 | 107 |
| 106 // We could use pretty much any system call we don't need here. uname() is | 108 // We could use pretty much any system call we don't need here. uname() is |
| 107 // nice because it doesn't have any dangerous side effects. | 109 // nice because it doesn't have any dangerous side effects. |
| 108 BPF_ASSERT(SandboxSyscall(__NR_uname, syscall_args[0], | 110 BPF_ASSERT(SandboxSyscall(__NR_uname, |
| 109 syscall_args[1], | 111 syscall_args[0], |
| 110 syscall_args[2], | 112 syscall_args[1], |
| 111 syscall_args[3], | 113 syscall_args[2], |
| 112 syscall_args[4], | 114 syscall_args[3], |
| 113 syscall_args[5]) == -ENOMEM); | 115 syscall_args[4], |
| 116 syscall_args[5]) == -ENOMEM); |
| 114 | 117 |
| 115 // We expect the trap handler to have copied the 6 arguments. | 118 // We expect the trap handler to have copied the 6 arguments. |
| 116 BPF_ASSERT(BPF_AUX.size() == 6); | 119 BPF_ASSERT(BPF_AUX.size() == 6); |
| 117 | 120 |
| 118 // Don't loop here so that we can see which argument does cause the failure | 121 // Don't loop here so that we can see which argument does cause the failure |
| 119 // easily from the failing line. | 122 // easily from the failing line. |
| 120 // uint64_t is the type passed to our SIGSYS handler. | 123 // uint64_t is the type passed to our SIGSYS handler. |
| 121 BPF_ASSERT(BPF_AUX[0] == static_cast<uint64_t>(syscall_args[0])); | 124 BPF_ASSERT(BPF_AUX[0] == static_cast<uint64_t>(syscall_args[0])); |
| 122 BPF_ASSERT(BPF_AUX[1] == static_cast<uint64_t>(syscall_args[1])); | 125 BPF_ASSERT(BPF_AUX[1] == static_cast<uint64_t>(syscall_args[1])); |
| 123 BPF_ASSERT(BPF_AUX[2] == static_cast<uint64_t>(syscall_args[2])); | 126 BPF_ASSERT(BPF_AUX[2] == static_cast<uint64_t>(syscall_args[2])); |
| 124 BPF_ASSERT(BPF_AUX[3] == static_cast<uint64_t>(syscall_args[3])); | 127 BPF_ASSERT(BPF_AUX[3] == static_cast<uint64_t>(syscall_args[3])); |
| 125 BPF_ASSERT(BPF_AUX[4] == static_cast<uint64_t>(syscall_args[4])); | 128 BPF_ASSERT(BPF_AUX[4] == static_cast<uint64_t>(syscall_args[4])); |
| 126 BPF_ASSERT(BPF_AUX[5] == static_cast<uint64_t>(syscall_args[5])); | 129 BPF_ASSERT(BPF_AUX[5] == static_cast<uint64_t>(syscall_args[5])); |
| 127 } | 130 } |
| 128 | 131 |
| 129 TEST(Syscall, ComplexSyscallSixArgs) { | 132 TEST(Syscall, ComplexSyscallSixArgs) { |
| 130 int fd; | 133 int fd; |
| 131 ASSERT_LE(0, fd = SandboxSyscall(__NR_open, "/dev/null", O_RDWR, 0L)); | 134 ASSERT_LE(0, fd = SandboxSyscall(__NR_open, "/dev/null", O_RDWR, 0L)); |
| 132 | 135 |
| 133 // Use mmap() to allocate some read-only memory | 136 // Use mmap() to allocate some read-only memory |
| 134 char *addr0; | 137 char* addr0; |
| 135 ASSERT_NE((char *)NULL, | 138 ASSERT_NE((char*)NULL, |
| 136 addr0 = reinterpret_cast<char *>( | 139 addr0 = reinterpret_cast<char*>( |
| 137 SandboxSyscall(kMMapNr, (void *)NULL, 4096, PROT_READ, | 140 SandboxSyscall(kMMapNr, |
| 138 MAP_PRIVATE|MAP_ANONYMOUS, fd, 0L))); | 141 (void*)NULL, |
| 142 4096, |
| 143 PROT_READ, |
| 144 MAP_PRIVATE | MAP_ANONYMOUS, |
| 145 fd, |
| 146 0L))); |
| 139 | 147 |
| 140 // Try to replace the existing mapping with a read-write mapping | 148 // Try to replace the existing mapping with a read-write mapping |
| 141 char *addr1; | 149 char* addr1; |
| 142 ASSERT_EQ(addr0, | 150 ASSERT_EQ(addr0, |
| 143 addr1 = reinterpret_cast<char *>( | 151 addr1 = reinterpret_cast<char*>( |
| 144 SandboxSyscall(kMMapNr, addr0, 4096L, PROT_READ|PROT_WRITE, | 152 SandboxSyscall(kMMapNr, |
| 145 MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, | 153 addr0, |
| 146 fd, 0L))); | 154 4096L, |
| 147 ++*addr1; // This should not seg fault | 155 PROT_READ | PROT_WRITE, |
| 156 MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, |
| 157 fd, |
| 158 0L))); |
| 159 ++*addr1; // This should not seg fault |
| 148 | 160 |
| 149 // Clean up | 161 // Clean up |
| 150 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr1, 4096L)); | 162 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr1, 4096L)); |
| 151 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd))); | 163 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd))); |
| 152 | 164 |
| 153 // Check that the offset argument (i.e. the sixth argument) is processed | 165 // Check that the offset argument (i.e. the sixth argument) is processed |
| 154 // correctly. | 166 // correctly. |
| 155 ASSERT_GE(fd = SandboxSyscall(__NR_open, "/proc/self/exe", O_RDONLY, 0L), 0); | 167 ASSERT_GE(fd = SandboxSyscall(__NR_open, "/proc/self/exe", O_RDONLY, 0L), 0); |
| 156 char *addr2, *addr3; | 168 char* addr2, *addr3; |
| 157 ASSERT_NE((char *)NULL, | 169 ASSERT_NE((char*)NULL, |
| 158 addr2 = reinterpret_cast<char *>( | 170 addr2 = reinterpret_cast<char*>(SandboxSyscall( |
| 159 SandboxSyscall(kMMapNr, (void *)NULL, 8192L, PROT_READ, | 171 kMMapNr, (void*)NULL, 8192L, PROT_READ, MAP_PRIVATE, fd, 0L))); |
| 160 MAP_PRIVATE, fd, 0L))); | 172 ASSERT_NE((char*)NULL, |
| 161 ASSERT_NE((char *)NULL, | 173 addr3 = reinterpret_cast<char*>(SandboxSyscall(kMMapNr, |
| 162 addr3 = reinterpret_cast<char *>( | 174 (void*)NULL, |
| 163 SandboxSyscall(kMMapNr, (void *)NULL, 4096L, PROT_READ, | 175 4096L, |
| 164 MAP_PRIVATE, fd, | 176 PROT_READ, |
| 177 MAP_PRIVATE, |
| 178 fd, |
| 165 #if defined(__NR_mmap2) | 179 #if defined(__NR_mmap2) |
| 166 1L | 180 1L |
| 167 #else | 181 #else |
| 168 4096L | 182 4096L |
| 169 #endif | 183 #endif |
| 170 ))); | 184 ))); |
| 171 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096)); | 185 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096)); |
| 172 | 186 |
| 173 // Just to be absolutely on the safe side, also verify that the file | 187 // Just to be absolutely on the safe side, also verify that the file |
| 174 // contents matches what we are getting from a read() operation. | 188 // contents matches what we are getting from a read() operation. |
| 175 char buf[8192]; | 189 char buf[8192]; |
| 176 EXPECT_EQ(8192, SandboxSyscall(__NR_read, fd, buf, 8192L)); | 190 EXPECT_EQ(8192, SandboxSyscall(__NR_read, fd, buf, 8192L)); |
| 177 EXPECT_EQ(0, memcmp(addr2, buf, 8192)); | 191 EXPECT_EQ(0, memcmp(addr2, buf, 8192)); |
| 178 | 192 |
| 179 // Clean up | 193 // Clean up |
| 180 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); | 194 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); |
| 181 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); | 195 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); |
| 182 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd))); | 196 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd))); |
| 183 } | 197 } |
| 184 | 198 |
| 185 } // namespace | 199 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 66723007:
Make sandbox/linux/seccomp-bpf/ follow the style guide. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src