| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <sched.h> | 10 #include <sched.h> |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 106 intptr_t IncreaseCounter(const struct arch_seccomp_data& args, void* aux) { | 106 intptr_t IncreaseCounter(const struct arch_seccomp_data& args, void* aux) { |
| 107 BPF_ASSERT(aux); | 107 BPF_ASSERT(aux); |
| 108 int* counter = static_cast<int*>(aux); | 108 int* counter = static_cast<int*>(aux); |
| 109 return (*counter)++; | 109 return (*counter)++; |
| 110 } | 110 } |
| 111 | 111 |
| 112 class VerboseAPITestingPolicy : public Policy { | 112 class VerboseAPITestingPolicy : public Policy { |
| 113 public: | 113 public: |
| 114 explicit VerboseAPITestingPolicy(int* counter_ptr) | 114 explicit VerboseAPITestingPolicy(int* counter_ptr) |
| 115 : counter_ptr_(counter_ptr) {} | 115 : counter_ptr_(counter_ptr) {} |
| 116 virtual ~VerboseAPITestingPolicy() {} | 116 ~VerboseAPITestingPolicy() override {} |
| 117 | 117 |
| 118 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 118 ResultExpr EvaluateSyscall(int sysno) const override { |
| 119 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 119 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 120 if (sysno == __NR_uname) { | 120 if (sysno == __NR_uname) { |
| 121 return Trap(IncreaseCounter, counter_ptr_); | 121 return Trap(IncreaseCounter, counter_ptr_); |
| 122 } | 122 } |
| 123 return Allow(); | 123 return Allow(); |
| 124 } | 124 } |
| 125 | 125 |
| 126 private: | 126 private: |
| 127 int* counter_ptr_; | 127 int* counter_ptr_; |
| 128 | 128 |
| (...skipping 15 matching lines...) Expand all Loading... |
| 144 BPF_ASSERT_EQ(1, syscall(__NR_uname, 0)); | 144 BPF_ASSERT_EQ(1, syscall(__NR_uname, 0)); |
| 145 BPF_ASSERT_EQ(2, counter); | 145 BPF_ASSERT_EQ(2, counter); |
| 146 } | 146 } |
| 147 } | 147 } |
| 148 | 148 |
| 149 // A simple blacklist test | 149 // A simple blacklist test |
| 150 | 150 |
| 151 class BlacklistNanosleepPolicy : public Policy { | 151 class BlacklistNanosleepPolicy : public Policy { |
| 152 public: | 152 public: |
| 153 BlacklistNanosleepPolicy() {} | 153 BlacklistNanosleepPolicy() {} |
| 154 virtual ~BlacklistNanosleepPolicy() {} | 154 ~BlacklistNanosleepPolicy() override {} |
| 155 | 155 |
| 156 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 156 ResultExpr EvaluateSyscall(int sysno) const override { |
| 157 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 157 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 158 switch (sysno) { | 158 switch (sysno) { |
| 159 case __NR_nanosleep: | 159 case __NR_nanosleep: |
| 160 return Error(EACCES); | 160 return Error(EACCES); |
| 161 default: | 161 default: |
| 162 return Allow(); | 162 return Allow(); |
| 163 } | 163 } |
| 164 } | 164 } |
| 165 | 165 |
| 166 static void AssertNanosleepFails() { | 166 static void AssertNanosleepFails() { |
| 167 const struct timespec ts = {0, 0}; | 167 const struct timespec ts = {0, 0}; |
| 168 errno = 0; | 168 errno = 0; |
| 169 BPF_ASSERT_EQ(-1, HANDLE_EINTR(syscall(__NR_nanosleep, &ts, NULL))); | 169 BPF_ASSERT_EQ(-1, HANDLE_EINTR(syscall(__NR_nanosleep, &ts, NULL))); |
| 170 BPF_ASSERT_EQ(EACCES, errno); | 170 BPF_ASSERT_EQ(EACCES, errno); |
| 171 } | 171 } |
| 172 | 172 |
| 173 private: | 173 private: |
| 174 DISALLOW_COPY_AND_ASSIGN(BlacklistNanosleepPolicy); | 174 DISALLOW_COPY_AND_ASSIGN(BlacklistNanosleepPolicy); |
| 175 }; | 175 }; |
| 176 | 176 |
| 177 BPF_TEST_C(SandboxBPF, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) { | 177 BPF_TEST_C(SandboxBPF, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) { |
| 178 BlacklistNanosleepPolicy::AssertNanosleepFails(); | 178 BlacklistNanosleepPolicy::AssertNanosleepFails(); |
| 179 } | 179 } |
| 180 | 180 |
| 181 // Now do a simple whitelist test | 181 // Now do a simple whitelist test |
| 182 | 182 |
| 183 class WhitelistGetpidPolicy : public Policy { | 183 class WhitelistGetpidPolicy : public Policy { |
| 184 public: | 184 public: |
| 185 WhitelistGetpidPolicy() {} | 185 WhitelistGetpidPolicy() {} |
| 186 virtual ~WhitelistGetpidPolicy() {} | 186 ~WhitelistGetpidPolicy() override {} |
| 187 | 187 |
| 188 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 188 ResultExpr EvaluateSyscall(int sysno) const override { |
| 189 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 189 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 190 switch (sysno) { | 190 switch (sysno) { |
| 191 case __NR_getpid: | 191 case __NR_getpid: |
| 192 case __NR_exit_group: | 192 case __NR_exit_group: |
| 193 return Allow(); | 193 return Allow(); |
| 194 default: | 194 default: |
| 195 return Error(ENOMEM); | 195 return Error(ENOMEM); |
| 196 } | 196 } |
| 197 } | 197 } |
| 198 | 198 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 215 intptr_t EnomemHandler(const struct arch_seccomp_data& args, void* aux) { | 215 intptr_t EnomemHandler(const struct arch_seccomp_data& args, void* aux) { |
| 216 // We also check that the auxiliary data is correct | 216 // We also check that the auxiliary data is correct |
| 217 SANDBOX_ASSERT(aux); | 217 SANDBOX_ASSERT(aux); |
| 218 *(static_cast<int*>(aux)) = kExpectedReturnValue; | 218 *(static_cast<int*>(aux)) = kExpectedReturnValue; |
| 219 return -ENOMEM; | 219 return -ENOMEM; |
| 220 } | 220 } |
| 221 | 221 |
| 222 class BlacklistNanosleepTrapPolicy : public Policy { | 222 class BlacklistNanosleepTrapPolicy : public Policy { |
| 223 public: | 223 public: |
| 224 explicit BlacklistNanosleepTrapPolicy(int* aux) : aux_(aux) {} | 224 explicit BlacklistNanosleepTrapPolicy(int* aux) : aux_(aux) {} |
| 225 virtual ~BlacklistNanosleepTrapPolicy() {} | 225 ~BlacklistNanosleepTrapPolicy() override {} |
| 226 | 226 |
| 227 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 227 ResultExpr EvaluateSyscall(int sysno) const override { |
| 228 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 228 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 229 switch (sysno) { | 229 switch (sysno) { |
| 230 case __NR_nanosleep: | 230 case __NR_nanosleep: |
| 231 return Trap(EnomemHandler, aux_); | 231 return Trap(EnomemHandler, aux_); |
| 232 default: | 232 default: |
| 233 return Allow(); | 233 return Allow(); |
| 234 } | 234 } |
| 235 } | 235 } |
| 236 | 236 |
| 237 private: | 237 private: |
| (...skipping 19 matching lines...) Expand all Loading... |
| 257 | 257 |
| 258 // We expect the signal handler to modify AuxData | 258 // We expect the signal handler to modify AuxData |
| 259 BPF_ASSERT(*BPF_AUX == kExpectedReturnValue); | 259 BPF_ASSERT(*BPF_AUX == kExpectedReturnValue); |
| 260 } | 260 } |
| 261 | 261 |
| 262 // A simple test that verifies we can return arbitrary errno values. | 262 // A simple test that verifies we can return arbitrary errno values. |
| 263 | 263 |
| 264 class ErrnoTestPolicy : public Policy { | 264 class ErrnoTestPolicy : public Policy { |
| 265 public: | 265 public: |
| 266 ErrnoTestPolicy() {} | 266 ErrnoTestPolicy() {} |
| 267 virtual ~ErrnoTestPolicy() {} | 267 ~ErrnoTestPolicy() override {} |
| 268 | 268 |
| 269 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 269 ResultExpr EvaluateSyscall(int sysno) const override; |
| 270 | 270 |
| 271 private: | 271 private: |
| 272 DISALLOW_COPY_AND_ASSIGN(ErrnoTestPolicy); | 272 DISALLOW_COPY_AND_ASSIGN(ErrnoTestPolicy); |
| 273 }; | 273 }; |
| 274 | 274 |
| 275 ResultExpr ErrnoTestPolicy::EvaluateSyscall(int sysno) const { | 275 ResultExpr ErrnoTestPolicy::EvaluateSyscall(int sysno) const { |
| 276 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 276 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 277 switch (sysno) { | 277 switch (sysno) { |
| 278 case __NR_dup3: // dup2 is a wrapper of dup3 in android | 278 case __NR_dup3: // dup2 is a wrapper of dup3 in android |
| 279 #if defined(__NR_dup2) | 279 #if defined(__NR_dup2) |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 339 struct utsname uts_buf; | 339 struct utsname uts_buf; |
| 340 BPF_ASSERT(uname(&uts_buf) == -1); | 340 BPF_ASSERT(uname(&uts_buf) == -1); |
| 341 BPF_ASSERT(errno == 42); | 341 BPF_ASSERT(errno == 42); |
| 342 } | 342 } |
| 343 | 343 |
| 344 // Testing the stacking of two sandboxes | 344 // Testing the stacking of two sandboxes |
| 345 | 345 |
| 346 class StackingPolicyPartOne : public Policy { | 346 class StackingPolicyPartOne : public Policy { |
| 347 public: | 347 public: |
| 348 StackingPolicyPartOne() {} | 348 StackingPolicyPartOne() {} |
| 349 virtual ~StackingPolicyPartOne() {} | 349 ~StackingPolicyPartOne() override {} |
| 350 | 350 |
| 351 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 351 ResultExpr EvaluateSyscall(int sysno) const override { |
| 352 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 352 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 353 switch (sysno) { | 353 switch (sysno) { |
| 354 case __NR_getppid: { | 354 case __NR_getppid: { |
| 355 const Arg<int> arg(0); | 355 const Arg<int> arg(0); |
| 356 return If(arg == 0, Allow()).Else(Error(EPERM)); | 356 return If(arg == 0, Allow()).Else(Error(EPERM)); |
| 357 } | 357 } |
| 358 default: | 358 default: |
| 359 return Allow(); | 359 return Allow(); |
| 360 } | 360 } |
| 361 } | 361 } |
| 362 | 362 |
| 363 private: | 363 private: |
| 364 DISALLOW_COPY_AND_ASSIGN(StackingPolicyPartOne); | 364 DISALLOW_COPY_AND_ASSIGN(StackingPolicyPartOne); |
| 365 }; | 365 }; |
| 366 | 366 |
| 367 class StackingPolicyPartTwo : public Policy { | 367 class StackingPolicyPartTwo : public Policy { |
| 368 public: | 368 public: |
| 369 StackingPolicyPartTwo() {} | 369 StackingPolicyPartTwo() {} |
| 370 virtual ~StackingPolicyPartTwo() {} | 370 ~StackingPolicyPartTwo() override {} |
| 371 | 371 |
| 372 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 372 ResultExpr EvaluateSyscall(int sysno) const override { |
| 373 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 373 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 374 switch (sysno) { | 374 switch (sysno) { |
| 375 case __NR_getppid: { | 375 case __NR_getppid: { |
| 376 const Arg<int> arg(0); | 376 const Arg<int> arg(0); |
| 377 return If(arg == 0, Error(EINVAL)).Else(Allow()); | 377 return If(arg == 0, Error(EINVAL)).Else(Allow()); |
| 378 } | 378 } |
| 379 default: | 379 default: |
| 380 return Allow(); | 380 return Allow(); |
| 381 } | 381 } |
| 382 } | 382 } |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 418 // same errno. | 418 // same errno. |
| 419 int SysnoToRandomErrno(int sysno) { | 419 int SysnoToRandomErrno(int sysno) { |
| 420 // Small contiguous sets of 3 system calls return an errno equal to the | 420 // Small contiguous sets of 3 system calls return an errno equal to the |
| 421 // index of that set + 1 (so that we never return a NUL errno). | 421 // index of that set + 1 (so that we never return a NUL errno). |
| 422 return ((sysno & ~3) >> 2) % 29 + 1; | 422 return ((sysno & ~3) >> 2) % 29 + 1; |
| 423 } | 423 } |
| 424 | 424 |
| 425 class SyntheticPolicy : public Policy { | 425 class SyntheticPolicy : public Policy { |
| 426 public: | 426 public: |
| 427 SyntheticPolicy() {} | 427 SyntheticPolicy() {} |
| 428 virtual ~SyntheticPolicy() {} | 428 ~SyntheticPolicy() override {} |
| 429 | 429 |
| 430 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 430 ResultExpr EvaluateSyscall(int sysno) const override { |
| 431 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 431 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 432 if (sysno == __NR_exit_group || sysno == __NR_write) { | 432 if (sysno == __NR_exit_group || sysno == __NR_write) { |
| 433 // exit_group() is special, we really need it to work. | 433 // exit_group() is special, we really need it to work. |
| 434 // write() is needed for BPF_ASSERT() to report a useful error message. | 434 // write() is needed for BPF_ASSERT() to report a useful error message. |
| 435 return Allow(); | 435 return Allow(); |
| 436 } | 436 } |
| 437 return Error(SysnoToRandomErrno(sysno)); | 437 return Error(SysnoToRandomErrno(sysno)); |
| 438 } | 438 } |
| 439 | 439 |
| 440 private: | 440 private: |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 518 // infinite recursion. | 518 // infinite recursion. |
| 519 return SandboxBPF::ForwardSyscall(args); | 519 return SandboxBPF::ForwardSyscall(args); |
| 520 } | 520 } |
| 521 | 521 |
| 522 class GreyListedPolicy : public Policy { | 522 class GreyListedPolicy : public Policy { |
| 523 public: | 523 public: |
| 524 explicit GreyListedPolicy(int* aux) : aux_(aux) { | 524 explicit GreyListedPolicy(int* aux) : aux_(aux) { |
| 525 // Set the global environment for unsafe traps once. | 525 // Set the global environment for unsafe traps once. |
| 526 EnableUnsafeTraps(); | 526 EnableUnsafeTraps(); |
| 527 } | 527 } |
| 528 virtual ~GreyListedPolicy() {} | 528 ~GreyListedPolicy() override {} |
| 529 | 529 |
| 530 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 530 ResultExpr EvaluateSyscall(int sysno) const override { |
| 531 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 531 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 532 // Some system calls must always be allowed, if our policy wants to make | 532 // Some system calls must always be allowed, if our policy wants to make |
| 533 // use of UnsafeTrap() | 533 // use of UnsafeTrap() |
| 534 if (SandboxBPF::IsRequiredForUnsafeTrap(sysno)) { | 534 if (SandboxBPF::IsRequiredForUnsafeTrap(sysno)) { |
| 535 return Allow(); | 535 return Allow(); |
| 536 } else if (sysno == __NR_getpid) { | 536 } else if (sysno == __NR_getpid) { |
| 537 // Disallow getpid() | 537 // Disallow getpid() |
| 538 return Error(EPERM); | 538 return Error(EPERM); |
| 539 } else { | 539 } else { |
| 540 // Allow (and count) all other system calls. | 540 // Allow (and count) all other system calls. |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 584 // return an error. But our handler allows this call. | 584 // return an error. But our handler allows this call. |
| 585 return 0; | 585 return 0; |
| 586 } else { | 586 } else { |
| 587 return SandboxBPF::ForwardSyscall(args); | 587 return SandboxBPF::ForwardSyscall(args); |
| 588 } | 588 } |
| 589 } | 589 } |
| 590 | 590 |
| 591 class PrctlPolicy : public Policy { | 591 class PrctlPolicy : public Policy { |
| 592 public: | 592 public: |
| 593 PrctlPolicy() {} | 593 PrctlPolicy() {} |
| 594 virtual ~PrctlPolicy() {} | 594 ~PrctlPolicy() override {} |
| 595 | 595 |
| 596 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 596 ResultExpr EvaluateSyscall(int sysno) const override { |
| 597 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 597 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 598 setenv(kSandboxDebuggingEnv, "t", 0); | 598 setenv(kSandboxDebuggingEnv, "t", 0); |
| 599 Die::SuppressInfoMessages(true); | 599 Die::SuppressInfoMessages(true); |
| 600 | 600 |
| 601 if (sysno == __NR_prctl) { | 601 if (sysno == __NR_prctl) { |
| 602 // Handle prctl() inside an UnsafeTrap() | 602 // Handle prctl() inside an UnsafeTrap() |
| 603 return UnsafeTrap(PrctlHandler, NULL); | 603 return UnsafeTrap(PrctlHandler, NULL); |
| 604 } | 604 } |
| 605 | 605 |
| 606 // Allow all other system calls. | 606 // Allow all other system calls. |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 638 BPF_ASSERT(!strcmp(uts.sysname, "Linux")); | 638 BPF_ASSERT(!strcmp(uts.sysname, "Linux")); |
| 639 } | 639 } |
| 640 | 640 |
| 641 intptr_t AllowRedirectedSyscall(const struct arch_seccomp_data& args, void*) { | 641 intptr_t AllowRedirectedSyscall(const struct arch_seccomp_data& args, void*) { |
| 642 return SandboxBPF::ForwardSyscall(args); | 642 return SandboxBPF::ForwardSyscall(args); |
| 643 } | 643 } |
| 644 | 644 |
| 645 class RedirectAllSyscallsPolicy : public Policy { | 645 class RedirectAllSyscallsPolicy : public Policy { |
| 646 public: | 646 public: |
| 647 RedirectAllSyscallsPolicy() {} | 647 RedirectAllSyscallsPolicy() {} |
| 648 virtual ~RedirectAllSyscallsPolicy() {} | 648 ~RedirectAllSyscallsPolicy() override {} |
| 649 | 649 |
| 650 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 650 ResultExpr EvaluateSyscall(int sysno) const override; |
| 651 | 651 |
| 652 private: | 652 private: |
| 653 DISALLOW_COPY_AND_ASSIGN(RedirectAllSyscallsPolicy); | 653 DISALLOW_COPY_AND_ASSIGN(RedirectAllSyscallsPolicy); |
| 654 }; | 654 }; |
| 655 | 655 |
| 656 ResultExpr RedirectAllSyscallsPolicy::EvaluateSyscall(int sysno) const { | 656 ResultExpr RedirectAllSyscallsPolicy::EvaluateSyscall(int sysno) const { |
| 657 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 657 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 658 setenv(kSandboxDebuggingEnv, "t", 0); | 658 setenv(kSandboxDebuggingEnv, "t", 0); |
| 659 Die::SuppressInfoMessages(true); | 659 Die::SuppressInfoMessages(true); |
| 660 | 660 |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 802 static_cast<int>(args.args[2])); | 802 static_cast<int>(args.args[2])); |
| 803 default: | 803 default: |
| 804 BPF_ASSERT(false); | 804 BPF_ASSERT(false); |
| 805 return -ENOSYS; | 805 return -ENOSYS; |
| 806 } | 806 } |
| 807 } | 807 } |
| 808 | 808 |
| 809 class DenyOpenPolicy : public Policy { | 809 class DenyOpenPolicy : public Policy { |
| 810 public: | 810 public: |
| 811 explicit DenyOpenPolicy(InitializedOpenBroker* iob) : iob_(iob) {} | 811 explicit DenyOpenPolicy(InitializedOpenBroker* iob) : iob_(iob) {} |
| 812 virtual ~DenyOpenPolicy() {} | 812 ~DenyOpenPolicy() override {} |
| 813 | 813 |
| 814 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 814 ResultExpr EvaluateSyscall(int sysno) const override { |
| 815 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 815 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 816 | 816 |
| 817 switch (sysno) { | 817 switch (sysno) { |
| 818 case __NR_faccessat: | 818 case __NR_faccessat: |
| 819 #if defined(__NR_access) | 819 #if defined(__NR_access) |
| 820 case __NR_access: | 820 case __NR_access: |
| 821 #endif | 821 #endif |
| 822 #if defined(__NR_open) | 822 #if defined(__NR_open) |
| 823 case __NR_open: | 823 case __NR_open: |
| 824 #endif | 824 #endif |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 882 BPF_ASSERT(cpu_info_fd >= 0); | 882 BPF_ASSERT(cpu_info_fd >= 0); |
| 883 char buf[1024]; | 883 char buf[1024]; |
| 884 BPF_ASSERT(read(cpu_info_fd, buf, sizeof(buf)) > 0); | 884 BPF_ASSERT(read(cpu_info_fd, buf, sizeof(buf)) > 0); |
| 885 } | 885 } |
| 886 | 886 |
| 887 // Simple test demonstrating how to use SandboxBPF::Cond() | 887 // Simple test demonstrating how to use SandboxBPF::Cond() |
| 888 | 888 |
| 889 class SimpleCondTestPolicy : public Policy { | 889 class SimpleCondTestPolicy : public Policy { |
| 890 public: | 890 public: |
| 891 SimpleCondTestPolicy() {} | 891 SimpleCondTestPolicy() {} |
| 892 virtual ~SimpleCondTestPolicy() {} | 892 ~SimpleCondTestPolicy() override {} |
| 893 | 893 |
| 894 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 894 ResultExpr EvaluateSyscall(int sysno) const override; |
| 895 | 895 |
| 896 private: | 896 private: |
| 897 DISALLOW_COPY_AND_ASSIGN(SimpleCondTestPolicy); | 897 DISALLOW_COPY_AND_ASSIGN(SimpleCondTestPolicy); |
| 898 }; | 898 }; |
| 899 | 899 |
| 900 ResultExpr SimpleCondTestPolicy::EvaluateSyscall(int sysno) const { | 900 ResultExpr SimpleCondTestPolicy::EvaluateSyscall(int sysno) const { |
| 901 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 901 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 902 | 902 |
| 903 // We deliberately return unusual errno values upon failure, so that we | 903 // We deliberately return unusual errno values upon failure, so that we |
| 904 // can uniquely test for these values. In a "real" policy, you would want | 904 // can uniquely test for these values. In a "real" policy, you would want |
| (...skipping 334 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1239 #else | 1239 #else |
| 1240 static const int kNumTestCases = 40; | 1240 static const int kNumTestCases = 40; |
| 1241 #endif | 1241 #endif |
| 1242 static const int kMaxFanOut = 3; | 1242 static const int kMaxFanOut = 3; |
| 1243 static const int kMaxArgs = 6; | 1243 static const int kMaxArgs = 6; |
| 1244 }; | 1244 }; |
| 1245 | 1245 |
| 1246 class EqualityStressTestPolicy : public Policy { | 1246 class EqualityStressTestPolicy : public Policy { |
| 1247 public: | 1247 public: |
| 1248 explicit EqualityStressTestPolicy(EqualityStressTest* aux) : aux_(aux) {} | 1248 explicit EqualityStressTestPolicy(EqualityStressTest* aux) : aux_(aux) {} |
| 1249 virtual ~EqualityStressTestPolicy() {} | 1249 ~EqualityStressTestPolicy() override {} |
| 1250 | 1250 |
| 1251 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 1251 ResultExpr EvaluateSyscall(int sysno) const override { |
| 1252 return aux_->Policy(sysno); | 1252 return aux_->Policy(sysno); |
| 1253 } | 1253 } |
| 1254 | 1254 |
| 1255 private: | 1255 private: |
| 1256 EqualityStressTest* aux_; | 1256 EqualityStressTest* aux_; |
| 1257 | 1257 |
| 1258 DISALLOW_COPY_AND_ASSIGN(EqualityStressTestPolicy); | 1258 DISALLOW_COPY_AND_ASSIGN(EqualityStressTestPolicy); |
| 1259 }; | 1259 }; |
| 1260 | 1260 |
| 1261 BPF_TEST(SandboxBPF, | 1261 BPF_TEST(SandboxBPF, |
| 1262 EqualityTests, | 1262 EqualityTests, |
| 1263 EqualityStressTestPolicy, | 1263 EqualityStressTestPolicy, |
| 1264 EqualityStressTest /* (*BPF_AUX) */) { | 1264 EqualityStressTest /* (*BPF_AUX) */) { |
| 1265 BPF_AUX->VerifyFilter(); | 1265 BPF_AUX->VerifyFilter(); |
| 1266 } | 1266 } |
| 1267 | 1267 |
| 1268 class EqualityArgumentWidthPolicy : public Policy { | 1268 class EqualityArgumentWidthPolicy : public Policy { |
| 1269 public: | 1269 public: |
| 1270 EqualityArgumentWidthPolicy() {} | 1270 EqualityArgumentWidthPolicy() {} |
| 1271 virtual ~EqualityArgumentWidthPolicy() {} | 1271 ~EqualityArgumentWidthPolicy() override {} |
| 1272 | 1272 |
| 1273 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1273 ResultExpr EvaluateSyscall(int sysno) const override; |
| 1274 | 1274 |
| 1275 private: | 1275 private: |
| 1276 DISALLOW_COPY_AND_ASSIGN(EqualityArgumentWidthPolicy); | 1276 DISALLOW_COPY_AND_ASSIGN(EqualityArgumentWidthPolicy); |
| 1277 }; | 1277 }; |
| 1278 | 1278 |
| 1279 ResultExpr EqualityArgumentWidthPolicy::EvaluateSyscall(int sysno) const { | 1279 ResultExpr EqualityArgumentWidthPolicy::EvaluateSyscall(int sysno) const { |
| 1280 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 1280 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 1281 if (sysno == __NR_uname) { | 1281 if (sysno == __NR_uname) { |
| 1282 const Arg<int> option(0); | 1282 const Arg<int> option(0); |
| 1283 const Arg<uint32_t> arg32(1); | 1283 const Arg<uint32_t> arg32(1); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 1314 EqualityArgumentUnallowed64bit, | 1314 EqualityArgumentUnallowed64bit, |
| 1315 DEATH_MESSAGE("Unexpected 64bit argument detected"), | 1315 DEATH_MESSAGE("Unexpected 64bit argument detected"), |
| 1316 EqualityArgumentWidthPolicy) { | 1316 EqualityArgumentWidthPolicy) { |
| 1317 Syscall::Call(__NR_uname, 0, 0x5555555555555555ULL); | 1317 Syscall::Call(__NR_uname, 0, 0x5555555555555555ULL); |
| 1318 } | 1318 } |
| 1319 #endif | 1319 #endif |
| 1320 | 1320 |
| 1321 class EqualityWithNegativeArgumentsPolicy : public Policy { | 1321 class EqualityWithNegativeArgumentsPolicy : public Policy { |
| 1322 public: | 1322 public: |
| 1323 EqualityWithNegativeArgumentsPolicy() {} | 1323 EqualityWithNegativeArgumentsPolicy() {} |
| 1324 virtual ~EqualityWithNegativeArgumentsPolicy() {} | 1324 ~EqualityWithNegativeArgumentsPolicy() override {} |
| 1325 | 1325 |
| 1326 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 1326 ResultExpr EvaluateSyscall(int sysno) const override { |
| 1327 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 1327 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 1328 if (sysno == __NR_uname) { | 1328 if (sysno == __NR_uname) { |
| 1329 // TODO(mdempsky): This currently can't be Arg<int> because then | 1329 // TODO(mdempsky): This currently can't be Arg<int> because then |
| 1330 // 0xFFFFFFFF will be treated as a (signed) int, and then when | 1330 // 0xFFFFFFFF will be treated as a (signed) int, and then when |
| 1331 // Arg::EqualTo casts it to uint64_t, it will be sign extended. | 1331 // Arg::EqualTo casts it to uint64_t, it will be sign extended. |
| 1332 const Arg<unsigned> arg(0); | 1332 const Arg<unsigned> arg(0); |
| 1333 return If(arg == 0xFFFFFFFF, Error(1)).Else(Error(2)); | 1333 return If(arg == 0xFFFFFFFF, Error(1)).Else(Error(2)); |
| 1334 } | 1334 } |
| 1335 return Allow(); | 1335 return Allow(); |
| 1336 } | 1336 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 1355 // When expecting a 32bit system call argument, we look at the MSB of the | 1355 // When expecting a 32bit system call argument, we look at the MSB of the |
| 1356 // 64bit value and allow both "0" and "-1". But the latter is allowed only | 1356 // 64bit value and allow both "0" and "-1". But the latter is allowed only |
| 1357 // iff the LSB was negative. So, this death test should error out. | 1357 // iff the LSB was negative. So, this death test should error out. |
| 1358 BPF_ASSERT(Syscall::Call(__NR_uname, 0xFFFFFFFF00000000LL) == -1); | 1358 BPF_ASSERT(Syscall::Call(__NR_uname, 0xFFFFFFFF00000000LL) == -1); |
| 1359 } | 1359 } |
| 1360 #endif | 1360 #endif |
| 1361 | 1361 |
| 1362 class AllBitTestPolicy : public Policy { | 1362 class AllBitTestPolicy : public Policy { |
| 1363 public: | 1363 public: |
| 1364 AllBitTestPolicy() {} | 1364 AllBitTestPolicy() {} |
| 1365 virtual ~AllBitTestPolicy() {} | 1365 ~AllBitTestPolicy() override {} |
| 1366 | 1366 |
| 1367 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1367 ResultExpr EvaluateSyscall(int sysno) const override; |
| 1368 | 1368 |
| 1369 private: | 1369 private: |
| 1370 static ResultExpr HasAllBits32(uint32_t bits); | 1370 static ResultExpr HasAllBits32(uint32_t bits); |
| 1371 static ResultExpr HasAllBits64(uint64_t bits); | 1371 static ResultExpr HasAllBits64(uint64_t bits); |
| 1372 | 1372 |
| 1373 DISALLOW_COPY_AND_ASSIGN(AllBitTestPolicy); | 1373 DISALLOW_COPY_AND_ASSIGN(AllBitTestPolicy); |
| 1374 }; | 1374 }; |
| 1375 | 1375 |
| 1376 ResultExpr AllBitTestPolicy::HasAllBits32(uint32_t bits) { | 1376 ResultExpr AllBitTestPolicy::HasAllBits32(uint32_t bits) { |
| 1377 if (bits == 0) { | 1377 if (bits == 0) { |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1541 BITMASK_TEST(10, 0x100000000LL, ALLBITS64,0x100000001, EXPECT_FAILURE); | 1541 BITMASK_TEST(10, 0x100000000LL, ALLBITS64,0x100000001, EXPECT_FAILURE); |
| 1542 BITMASK_TEST(10, 0x100000001LL, ALLBITS64,0x100000001, EXPT64_SUCCESS); | 1542 BITMASK_TEST(10, 0x100000001LL, ALLBITS64,0x100000001, EXPT64_SUCCESS); |
| 1543 BITMASK_TEST(10, 0xFFFFFFFFU, ALLBITS64,0x100000001, EXPECT_FAILURE); | 1543 BITMASK_TEST(10, 0xFFFFFFFFU, ALLBITS64,0x100000001, EXPECT_FAILURE); |
| 1544 BITMASK_TEST(10, -1L, ALLBITS64,0x100000001, EXPT64_SUCCESS); | 1544 BITMASK_TEST(10, -1L, ALLBITS64,0x100000001, EXPT64_SUCCESS); |
| 1545 #endif | 1545 #endif |
| 1546 } | 1546 } |
| 1547 | 1547 |
| 1548 class AnyBitTestPolicy : public Policy { | 1548 class AnyBitTestPolicy : public Policy { |
| 1549 public: | 1549 public: |
| 1550 AnyBitTestPolicy() {} | 1550 AnyBitTestPolicy() {} |
| 1551 virtual ~AnyBitTestPolicy() {} | 1551 ~AnyBitTestPolicy() override {} |
| 1552 | 1552 |
| 1553 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1553 ResultExpr EvaluateSyscall(int sysno) const override; |
| 1554 | 1554 |
| 1555 private: | 1555 private: |
| 1556 static ResultExpr HasAnyBits32(uint32_t); | 1556 static ResultExpr HasAnyBits32(uint32_t); |
| 1557 static ResultExpr HasAnyBits64(uint64_t); | 1557 static ResultExpr HasAnyBits64(uint64_t); |
| 1558 | 1558 |
| 1559 DISALLOW_COPY_AND_ASSIGN(AnyBitTestPolicy); | 1559 DISALLOW_COPY_AND_ASSIGN(AnyBitTestPolicy); |
| 1560 }; | 1560 }; |
| 1561 | 1561 |
| 1562 ResultExpr AnyBitTestPolicy::HasAnyBits32(uint32_t bits) { | 1562 ResultExpr AnyBitTestPolicy::HasAnyBits32(uint32_t bits) { |
| 1563 if (bits == 0) { | 1563 if (bits == 0) { |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1705 BITMASK_TEST( 10, 0x100000000LL, ANYBITS64,0x100000001, EXPT64_SUCCESS); | 1705 BITMASK_TEST( 10, 0x100000000LL, ANYBITS64,0x100000001, EXPT64_SUCCESS); |
| 1706 BITMASK_TEST( 10, 0x100000001LL, ANYBITS64,0x100000001, EXPECT_SUCCESS); | 1706 BITMASK_TEST( 10, 0x100000001LL, ANYBITS64,0x100000001, EXPECT_SUCCESS); |
| 1707 BITMASK_TEST( 10, 0xFFFFFFFFU, ANYBITS64,0x100000001, EXPECT_SUCCESS); | 1707 BITMASK_TEST( 10, 0xFFFFFFFFU, ANYBITS64,0x100000001, EXPECT_SUCCESS); |
| 1708 BITMASK_TEST( 10, -1L, ANYBITS64,0x100000001, EXPECT_SUCCESS); | 1708 BITMASK_TEST( 10, -1L, ANYBITS64,0x100000001, EXPECT_SUCCESS); |
| 1709 #endif | 1709 #endif |
| 1710 } | 1710 } |
| 1711 | 1711 |
| 1712 class MaskedEqualTestPolicy : public Policy { | 1712 class MaskedEqualTestPolicy : public Policy { |
| 1713 public: | 1713 public: |
| 1714 MaskedEqualTestPolicy() {} | 1714 MaskedEqualTestPolicy() {} |
| 1715 virtual ~MaskedEqualTestPolicy() {} | 1715 ~MaskedEqualTestPolicy() override {} |
| 1716 | 1716 |
| 1717 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1717 ResultExpr EvaluateSyscall(int sysno) const override; |
| 1718 | 1718 |
| 1719 private: | 1719 private: |
| 1720 static ResultExpr MaskedEqual32(uint32_t mask, uint32_t value); | 1720 static ResultExpr MaskedEqual32(uint32_t mask, uint32_t value); |
| 1721 static ResultExpr MaskedEqual64(uint64_t mask, uint64_t value); | 1721 static ResultExpr MaskedEqual64(uint64_t mask, uint64_t value); |
| 1722 | 1722 |
| 1723 DISALLOW_COPY_AND_ASSIGN(MaskedEqualTestPolicy); | 1723 DISALLOW_COPY_AND_ASSIGN(MaskedEqualTestPolicy); |
| 1724 }; | 1724 }; |
| 1725 | 1725 |
| 1726 ResultExpr MaskedEqualTestPolicy::MaskedEqual32(uint32_t mask, uint32_t value) { | 1726 ResultExpr MaskedEqualTestPolicy::MaskedEqual32(uint32_t mask, uint32_t value) { |
| 1727 const Arg<uint32_t> arg(1); | 1727 const Arg<uint32_t> arg(1); |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1832 (long long)args.args[4], | 1832 (long long)args.args[4], |
| 1833 (long long)args.args[5], | 1833 (long long)args.args[5], |
| 1834 msg); | 1834 msg); |
| 1835 } | 1835 } |
| 1836 return -EPERM; | 1836 return -EPERM; |
| 1837 } | 1837 } |
| 1838 | 1838 |
| 1839 class PthreadPolicyEquality : public Policy { | 1839 class PthreadPolicyEquality : public Policy { |
| 1840 public: | 1840 public: |
| 1841 PthreadPolicyEquality() {} | 1841 PthreadPolicyEquality() {} |
| 1842 virtual ~PthreadPolicyEquality() {} | 1842 ~PthreadPolicyEquality() override {} |
| 1843 | 1843 |
| 1844 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1844 ResultExpr EvaluateSyscall(int sysno) const override; |
| 1845 | 1845 |
| 1846 private: | 1846 private: |
| 1847 DISALLOW_COPY_AND_ASSIGN(PthreadPolicyEquality); | 1847 DISALLOW_COPY_AND_ASSIGN(PthreadPolicyEquality); |
| 1848 }; | 1848 }; |
| 1849 | 1849 |
| 1850 ResultExpr PthreadPolicyEquality::EvaluateSyscall(int sysno) const { | 1850 ResultExpr PthreadPolicyEquality::EvaluateSyscall(int sysno) const { |
| 1851 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 1851 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 1852 // This policy allows creating threads with pthread_create(). But it | 1852 // This policy allows creating threads with pthread_create(). But it |
| 1853 // doesn't allow any other uses of clone(). Most notably, it does not | 1853 // doesn't allow any other uses of clone(). Most notably, it does not |
| 1854 // allow callers to implement fork() or vfork() by passing suitable flags | 1854 // allow callers to implement fork() or vfork() by passing suitable flags |
| (...skipping 21 matching lines...) Expand all Loading... |
| 1876 flags == kBaseAndroidCloneMask, | 1876 flags == kBaseAndroidCloneMask, |
| 1877 Allow()).Else(Trap(PthreadTrapHandler, "Unknown mask")); | 1877 Allow()).Else(Trap(PthreadTrapHandler, "Unknown mask")); |
| 1878 } | 1878 } |
| 1879 | 1879 |
| 1880 return Allow(); | 1880 return Allow(); |
| 1881 } | 1881 } |
| 1882 | 1882 |
| 1883 class PthreadPolicyBitMask : public Policy { | 1883 class PthreadPolicyBitMask : public Policy { |
| 1884 public: | 1884 public: |
| 1885 PthreadPolicyBitMask() {} | 1885 PthreadPolicyBitMask() {} |
| 1886 virtual ~PthreadPolicyBitMask() {} | 1886 ~PthreadPolicyBitMask() override {} |
| 1887 | 1887 |
| 1888 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1888 ResultExpr EvaluateSyscall(int sysno) const override; |
| 1889 | 1889 |
| 1890 private: | 1890 private: |
| 1891 static BoolExpr HasAnyBits(const Arg<unsigned long>& arg, unsigned long bits); | 1891 static BoolExpr HasAnyBits(const Arg<unsigned long>& arg, unsigned long bits); |
| 1892 static BoolExpr HasAllBits(const Arg<unsigned long>& arg, unsigned long bits); | 1892 static BoolExpr HasAllBits(const Arg<unsigned long>& arg, unsigned long bits); |
| 1893 | 1893 |
| 1894 DISALLOW_COPY_AND_ASSIGN(PthreadPolicyBitMask); | 1894 DISALLOW_COPY_AND_ASSIGN(PthreadPolicyBitMask); |
| 1895 }; | 1895 }; |
| 1896 | 1896 |
| 1897 BoolExpr PthreadPolicyBitMask::HasAnyBits(const Arg<unsigned long>& arg, | 1897 BoolExpr PthreadPolicyBitMask::HasAnyBits(const Arg<unsigned long>& arg, |
| 1898 unsigned long bits) { | 1898 unsigned long bits) { |
| (...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2047 | 2047 |
| 2048 SECCOMP_PT_SYSCALL(*regs) = syscall_number; | 2048 SECCOMP_PT_SYSCALL(*regs) = syscall_number; |
| 2049 return 0; | 2049 return 0; |
| 2050 } | 2050 } |
| 2051 | 2051 |
| 2052 const uint16_t kTraceData = 0xcc; | 2052 const uint16_t kTraceData = 0xcc; |
| 2053 | 2053 |
| 2054 class TraceAllPolicy : public Policy { | 2054 class TraceAllPolicy : public Policy { |
| 2055 public: | 2055 public: |
| 2056 TraceAllPolicy() {} | 2056 TraceAllPolicy() {} |
| 2057 virtual ~TraceAllPolicy() {} | 2057 ~TraceAllPolicy() override {} |
| 2058 | 2058 |
| 2059 virtual ResultExpr EvaluateSyscall(int system_call_number) const override { | 2059 ResultExpr EvaluateSyscall(int system_call_number) const override { |
| 2060 return Trace(kTraceData); | 2060 return Trace(kTraceData); |
| 2061 } | 2061 } |
| 2062 | 2062 |
| 2063 private: | 2063 private: |
| 2064 DISALLOW_COPY_AND_ASSIGN(TraceAllPolicy); | 2064 DISALLOW_COPY_AND_ASSIGN(TraceAllPolicy); |
| 2065 }; | 2065 }; |
| 2066 | 2066 |
| 2067 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) { | 2067 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) { |
| 2068 if (SandboxBPF::SupportsSeccompSandbox(-1) != | 2068 if (SandboxBPF::SupportsSeccompSandbox(-1) != |
| 2069 sandbox::SandboxBPF::STATUS_AVAILABLE) { | 2069 sandbox::SandboxBPF::STATUS_AVAILABLE) { |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2193 offset += transfered; | 2193 offset += transfered; |
| 2194 } | 2194 } |
| 2195 return true; | 2195 return true; |
| 2196 } | 2196 } |
| 2197 | 2197 |
| 2198 bool pread_64_was_forwarded = false; | 2198 bool pread_64_was_forwarded = false; |
| 2199 | 2199 |
| 2200 class TrapPread64Policy : public Policy { | 2200 class TrapPread64Policy : public Policy { |
| 2201 public: | 2201 public: |
| 2202 TrapPread64Policy() {} | 2202 TrapPread64Policy() {} |
| 2203 virtual ~TrapPread64Policy() {} | 2203 ~TrapPread64Policy() override {} |
| 2204 | 2204 |
| 2205 virtual ResultExpr EvaluateSyscall(int system_call_number) const override { | 2205 ResultExpr EvaluateSyscall(int system_call_number) const override { |
| 2206 // Set the global environment for unsafe traps once. | 2206 // Set the global environment for unsafe traps once. |
| 2207 if (system_call_number == MIN_SYSCALL) { | 2207 if (system_call_number == MIN_SYSCALL) { |
| 2208 EnableUnsafeTraps(); | 2208 EnableUnsafeTraps(); |
| 2209 } | 2209 } |
| 2210 | 2210 |
| 2211 if (system_call_number == __NR_pread64) { | 2211 if (system_call_number == __NR_pread64) { |
| 2212 return UnsafeTrap(ForwardPreadHandler, NULL); | 2212 return UnsafeTrap(ForwardPreadHandler, NULL); |
| 2213 } | 2213 } |
| 2214 return Allow(); | 2214 return Allow(); |
| 2215 } | 2215 } |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2290 // Signal the condition to invoke the system call. | 2290 // Signal the condition to invoke the system call. |
| 2291 event.Signal(); | 2291 event.Signal(); |
| 2292 | 2292 |
| 2293 // Wait for the thread to finish. | 2293 // Wait for the thread to finish. |
| 2294 BPF_ASSERT_EQ(0, pthread_join(thread, NULL)); | 2294 BPF_ASSERT_EQ(0, pthread_join(thread, NULL)); |
| 2295 } | 2295 } |
| 2296 | 2296 |
| 2297 class AllowAllPolicy : public Policy { | 2297 class AllowAllPolicy : public Policy { |
| 2298 public: | 2298 public: |
| 2299 AllowAllPolicy() {} | 2299 AllowAllPolicy() {} |
| 2300 virtual ~AllowAllPolicy() {} | 2300 ~AllowAllPolicy() override {} |
| 2301 | 2301 |
| 2302 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 2302 ResultExpr EvaluateSyscall(int sysno) const override { return Allow(); } |
| 2303 return Allow(); | |
| 2304 } | |
| 2305 | 2303 |
| 2306 private: | 2304 private: |
| 2307 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy); | 2305 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy); |
| 2308 }; | 2306 }; |
| 2309 | 2307 |
| 2310 SANDBOX_DEATH_TEST( | 2308 SANDBOX_DEATH_TEST( |
| 2311 SandboxBPF, | 2309 SandboxBPF, |
| 2312 StartMultiThreadedAsSingleThreaded, | 2310 StartMultiThreadedAsSingleThreaded, |
| 2313 DEATH_MESSAGE("Cannot start sandbox; process is already multi-threaded")) { | 2311 DEATH_MESSAGE("Cannot start sandbox; process is already multi-threaded")) { |
| 2314 base::Thread thread("sandbox.linux.StartMultiThreadedAsSingleThreaded"); | 2312 base::Thread thread("sandbox.linux.StartMultiThreadedAsSingleThreaded"); |
| (...skipping 19 matching lines...) Expand all Loading... |
| 2334 #endif // !defined(THREAD_SANITIZER) | 2332 #endif // !defined(THREAD_SANITIZER) |
| 2335 | 2333 |
| 2336 // A stub handler for the UnsafeTrap. Never called. | 2334 // A stub handler for the UnsafeTrap. Never called. |
| 2337 intptr_t NoOpHandler(const struct arch_seccomp_data& args, void*) { | 2335 intptr_t NoOpHandler(const struct arch_seccomp_data& args, void*) { |
| 2338 return -1; | 2336 return -1; |
| 2339 } | 2337 } |
| 2340 | 2338 |
| 2341 class UnsafeTrapWithCondPolicy : public Policy { | 2339 class UnsafeTrapWithCondPolicy : public Policy { |
| 2342 public: | 2340 public: |
| 2343 UnsafeTrapWithCondPolicy() {} | 2341 UnsafeTrapWithCondPolicy() {} |
| 2344 virtual ~UnsafeTrapWithCondPolicy() {} | 2342 ~UnsafeTrapWithCondPolicy() override {} |
| 2345 | 2343 |
| 2346 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 2344 ResultExpr EvaluateSyscall(int sysno) const override { |
| 2347 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 2345 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 2348 setenv(kSandboxDebuggingEnv, "t", 0); | 2346 setenv(kSandboxDebuggingEnv, "t", 0); |
| 2349 Die::SuppressInfoMessages(true); | 2347 Die::SuppressInfoMessages(true); |
| 2350 | 2348 |
| 2351 if (SandboxBPF::IsRequiredForUnsafeTrap(sysno)) | 2349 if (SandboxBPF::IsRequiredForUnsafeTrap(sysno)) |
| 2352 return Allow(); | 2350 return Allow(); |
| 2353 | 2351 |
| 2354 switch (sysno) { | 2352 switch (sysno) { |
| 2355 case __NR_uname: { | 2353 case __NR_uname: { |
| 2356 const Arg<uint32_t> arg(0); | 2354 const Arg<uint32_t> arg(0); |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2392 BPF_ASSERT_EQ(ENOSYS, errno); | 2390 BPF_ASSERT_EQ(ENOSYS, errno); |
| 2393 | 2391 |
| 2394 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); | 2392 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); |
| 2395 BPF_ASSERT_EQ(EPERM, errno); | 2393 BPF_ASSERT_EQ(EPERM, errno); |
| 2396 } | 2394 } |
| 2397 | 2395 |
| 2398 } // namespace | 2396 } // namespace |
| 2399 | 2397 |
| 2400 } // namespace bpf_dsl | 2398 } // namespace bpf_dsl |
| 2401 } // namespace sandbox | 2399 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 683113005:
Update from chromium https://crrev.com/302282 (Closed)
Base URL: git@github.com:domokit/mojo.git@master