| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 |
| 7 #include <errno.h> |
| 8 #include <sched.h> |
| 9 #include <sys/syscall.h> |
| 10 #include <time.h> |
| 11 #include <unistd.h> |
| 12 |
| 13 #include "base/bind.h" |
| 14 #include "base/synchronization/waitable_event.h" |
| 15 #include "base/sys_info.h" |
| 16 #include "base/threading/thread.h" |
| 17 #include "base/time/time.h" |
| 18 #include "build/build_config.h" |
| 19 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 20 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 21 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 22 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 23 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 24 #include "sandbox/linux/services/linux_syscalls.h" |
| 25 #include "sandbox/linux/tests/unit_tests.h" |
| 26 |
| 27 #if !defined(OS_ANDROID) |
| 28 #include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK |
| 29 #endif |
| 30 |
| 31 namespace sandbox { |
| 32 |
| 33 namespace { |
| 34 |
| 35 // NOTE: most of the parameter restrictions are tested in |
| 36 // baseline_policy_unittest.cc as a more end-to-end test. |
| 37 |
| 38 using sandbox::bpf_dsl::Allow; |
| 39 using sandbox::bpf_dsl::ResultExpr; |
| 40 using sandbox::bpf_dsl::SandboxBPFDSLPolicy; |
| 41 |
| 42 class RestrictClockIdPolicy : public SandboxBPFDSLPolicy { |
| 43 public: |
| 44 RestrictClockIdPolicy() {} |
| 45 virtual ~RestrictClockIdPolicy() {} |
| 46 |
| 47 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 48 switch (sysno) { |
| 49 case __NR_clock_gettime: |
| 50 case __NR_clock_getres: |
| 51 return RestrictClockID(); |
| 52 default: |
| 53 return Allow(); |
| 54 } |
| 55 } |
| 56 }; |
| 57 |
| 58 void CheckClock(clockid_t clockid) { |
| 59 struct timespec ts; |
| 60 ts.tv_sec = ts.tv_nsec = -1; |
| 61 BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); |
| 62 BPF_ASSERT_LE(0, ts.tv_sec); |
| 63 BPF_ASSERT_LE(0, ts.tv_nsec); |
| 64 } |
| 65 |
| 66 BPF_TEST_C(ParameterRestrictions, |
| 67 clock_gettime_allowed, |
| 68 RestrictClockIdPolicy) { |
| 69 CheckClock(CLOCK_MONOTONIC); |
| 70 CheckClock(CLOCK_PROCESS_CPUTIME_ID); |
| 71 CheckClock(CLOCK_REALTIME); |
| 72 CheckClock(CLOCK_THREAD_CPUTIME_ID); |
| 73 } |
| 74 |
| 75 BPF_DEATH_TEST_C(ParameterRestrictions, |
| 76 clock_gettime_crash_monotonic_raw, |
| 77 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 78 RestrictClockIdPolicy) { |
| 79 struct timespec ts; |
| 80 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); |
| 81 } |
| 82 |
| 83 #if defined(OS_CHROMEOS) |
| 84 |
| 85 // A custom BPF tester delegate to run IsRunningOnChromeOS() before |
| 86 // the sandbox is enabled because we cannot run it with non-SFI BPF |
| 87 // sandbox enabled. |
| 88 class ClockSystemTesterDelegate : public sandbox::BPFTesterDelegate { |
| 89 public: |
| 90 ClockSystemTesterDelegate() |
| 91 : is_running_on_chromeos_(base::SysInfo::IsRunningOnChromeOS()) {} |
| 92 virtual ~ClockSystemTesterDelegate() {} |
| 93 |
| 94 virtual scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> |
| 95 GetSandboxBPFPolicy() override { |
| 96 return scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy>( |
| 97 new RestrictClockIdPolicy()); |
| 98 } |
| 99 virtual void RunTestFunction() override { |
| 100 if (is_running_on_chromeos_) { |
| 101 CheckClock(base::TimeTicks::kClockSystemTrace); |
| 102 } else { |
| 103 struct timespec ts; |
| 104 // kClockSystemTrace is 11, which is CLOCK_THREAD_CPUTIME_ID of |
| 105 // the init process (pid=1). If kernel supports this feature, |
| 106 // this may succeed even if this is not running on Chrome OS. We |
| 107 // just check this clock_gettime call does not crash. |
| 108 clock_gettime(base::TimeTicks::kClockSystemTrace, &ts); |
| 109 } |
| 110 } |
| 111 |
| 112 private: |
| 113 const bool is_running_on_chromeos_; |
| 114 DISALLOW_COPY_AND_ASSIGN(ClockSystemTesterDelegate); |
| 115 }; |
| 116 |
| 117 BPF_TEST_D(BPFTest, BPFTestWithDelegateClass, ClockSystemTesterDelegate); |
| 118 |
| 119 #elif defined(OS_LINUX) |
| 120 |
| 121 BPF_DEATH_TEST_C(ParameterRestrictions, |
| 122 clock_gettime_crash_system_trace, |
| 123 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 124 RestrictClockIdPolicy) { |
| 125 struct timespec ts; |
| 126 clock_gettime(base::TimeTicks::kClockSystemTrace, &ts); |
| 127 } |
| 128 |
| 129 #endif // defined(OS_CHROMEOS) |
| 130 |
| 131 #if !defined(OS_ANDROID) |
| 132 BPF_DEATH_TEST_C(ParameterRestrictions, |
| 133 clock_gettime_crash_cpu_clock, |
| 134 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 135 RestrictClockIdPolicy) { |
| 136 // We can't use clock_getcpuclockid() because it's not implemented in newlib, |
| 137 // and it might not work inside the sandbox anyway. |
| 138 const pid_t kInitPID = 1; |
| 139 const clockid_t kInitCPUClockID = |
| 140 MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED); |
| 141 |
| 142 struct timespec ts; |
| 143 clock_gettime(kInitCPUClockID, &ts); |
| 144 } |
| 145 #endif // !defined(OS_ANDROID) |
| 146 |
| 147 class RestrictSchedPolicy : public SandboxBPFDSLPolicy { |
| 148 public: |
| 149 RestrictSchedPolicy() {} |
| 150 virtual ~RestrictSchedPolicy() {} |
| 151 |
| 152 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 153 switch (sysno) { |
| 154 case __NR_sched_getparam: |
| 155 return RestrictSchedTarget(getpid(), sysno); |
| 156 default: |
| 157 return Allow(); |
| 158 } |
| 159 } |
| 160 }; |
| 161 |
| 162 void CheckSchedGetParam(pid_t pid, struct sched_param* param) { |
| 163 BPF_ASSERT_EQ(0, sched_getparam(pid, param)); |
| 164 } |
| 165 |
| 166 void SchedGetParamThread(base::WaitableEvent* thread_run) { |
| 167 const pid_t pid = getpid(); |
| 168 const pid_t tid = syscall(__NR_gettid); |
| 169 BPF_ASSERT_NE(pid, tid); |
| 170 |
| 171 struct sched_param current_pid_param; |
| 172 CheckSchedGetParam(pid, ¤t_pid_param); |
| 173 |
| 174 struct sched_param zero_param; |
| 175 CheckSchedGetParam(0, &zero_param); |
| 176 |
| 177 struct sched_param tid_param; |
| 178 CheckSchedGetParam(tid, &tid_param); |
| 179 |
| 180 BPF_ASSERT_EQ(zero_param.sched_priority, tid_param.sched_priority); |
| 181 |
| 182 // Verify that the SIGSYS handler sets errno properly. |
| 183 errno = 0; |
| 184 BPF_ASSERT_EQ(-1, sched_getparam(tid, NULL)); |
| 185 BPF_ASSERT_EQ(EINVAL, errno); |
| 186 |
| 187 thread_run->Signal(); |
| 188 } |
| 189 |
| 190 BPF_TEST_C(ParameterRestrictions, |
| 191 sched_getparam_allowed, |
| 192 RestrictSchedPolicy) { |
| 193 base::WaitableEvent thread_run(true, false); |
| 194 // Run the actual test in a new thread so that the current pid and tid are |
| 195 // different. |
| 196 base::Thread getparam_thread("sched_getparam_thread"); |
| 197 BPF_ASSERT(getparam_thread.Start()); |
| 198 getparam_thread.message_loop()->PostTask( |
| 199 FROM_HERE, base::Bind(&SchedGetParamThread, &thread_run)); |
| 200 BPF_ASSERT(thread_run.TimedWait(base::TimeDelta::FromMilliseconds(5000))); |
| 201 getparam_thread.Stop(); |
| 202 } |
| 203 |
| 204 BPF_DEATH_TEST_C(ParameterRestrictions, |
| 205 sched_getparam_crash_non_zero, |
| 206 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 207 RestrictSchedPolicy) { |
| 208 const pid_t kInitPID = 1; |
| 209 struct sched_param param; |
| 210 sched_getparam(kInitPID, ¶m); |
| 211 } |
| 212 |
| 213 } // namespace |
| 214 |
| 215 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 670183003:
Update from chromium 62675d9fb31fb8cedc40f68e78e8445a74f362e7 (Closed)
Base URL: git@github.com:domokit/mojo.git@master