Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(93)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc

Issue 721553002: sandbox: Extend BrokerPolicy to support file creation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: minor fix Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/sandbox_linux/bpf_gpu_policy_linux.cc ('k') | sandbox/linux/syscall_broker/broker_client.cc » ('j') | sandbox/linux/syscall_broker/broker_policy.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <pthread.h> 9 #include <pthread.h>
10 #include <sched.h> 10 #include <sched.h>
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
49 // Workaround for Android's prctl.h file. 49 // Workaround for Android's prctl.h file.
50 #ifndef PR_GET_ENDIAN 50 #ifndef PR_GET_ENDIAN
51 #define PR_GET_ENDIAN 19 51 #define PR_GET_ENDIAN 19
52 #endif 52 #endif
53 #ifndef PR_CAPBSET_READ 53 #ifndef PR_CAPBSET_READ
54 #define PR_CAPBSET_READ 23 54 #define PR_CAPBSET_READ 23
55 #define PR_CAPBSET_DROP 24 55 #define PR_CAPBSET_DROP 24
56 #endif 56 #endif
57 57
58 namespace sandbox { 58 namespace sandbox {
59 using syscall_broker::BrokerPermission;
59 namespace bpf_dsl { 60 namespace bpf_dsl {
60 61
61 namespace { 62 namespace {
62 63
63 const int kExpectedReturnValue = 42; 64 const int kExpectedReturnValue = 42;
64 const char kSandboxDebuggingEnv[] = "CHROME_SANDBOX_DEBUGGING"; 65 const char kSandboxDebuggingEnv[] = "CHROME_SANDBOX_DEBUGGING";
65 66
66 // Set the global environment to allow the use of UnsafeTrap() policies. 67 // Set the global environment to allow the use of UnsafeTrap() policies.
67 void EnableUnsafeTraps() { 68 void EnableUnsafeTraps() {
68 // The use of UnsafeTrap() causes us to print a warning message. This is 69 // The use of UnsafeTrap() causes us to print a warning message. This is
(...skipping 679 matching lines...) Expand 10 before | Expand all | Expand 10 after
748 749
749 bool NoOpCallback() { 750 bool NoOpCallback() {
750 return true; 751 return true;
751 } 752 }
752 753
753 // Test a trap handler that makes use of a broker process to open(). 754 // Test a trap handler that makes use of a broker process to open().
754 755
755 class InitializedOpenBroker { 756 class InitializedOpenBroker {
756 public: 757 public:
757 InitializedOpenBroker() : initialized_(false) { 758 InitializedOpenBroker() : initialized_(false) {
758 std::vector<std::string> allowed_files; 759 std::vector<syscall_broker::BrokerPermission> permissions;
759 allowed_files.push_back("/proc/allowed"); 760 permissions.push_back(BROKER_PERM_READ_ONLY("/proc/allowed"));
760 allowed_files.push_back("/proc/cpuinfo"); 761 permissions.push_back(BROKER_PERM_READ_ONLY("/proc/cpuinfo"));
761 762
762 broker_process_.reset( 763 broker_process_.reset(new BrokerProcess(EPERM, permissions));
763 new BrokerProcess(EPERM, allowed_files, std::vector<std::string>()));
764 BPF_ASSERT(broker_process() != NULL); 764 BPF_ASSERT(broker_process() != NULL);
765 BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); 765 BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback)));
766 766
767 initialized_ = true; 767 initialized_ = true;
768 } 768 }
769 bool initialized() { return initialized_; } 769 bool initialized() { return initialized_; }
770 class BrokerProcess* broker_process() { return broker_process_.get(); } 770 class BrokerProcess* broker_process() { return broker_process_.get(); }
771 771
772 private: 772 private:
773 bool initialized_; 773 bool initialized_;
(...skipping 1616 matching lines...) Expand 10 before | Expand all | Expand 10 after
2390 BPF_ASSERT_EQ(ENOSYS, errno); 2390 BPF_ASSERT_EQ(ENOSYS, errno);
2391 2391
2392 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); 2392 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300));
2393 BPF_ASSERT_EQ(EPERM, errno); 2393 BPF_ASSERT_EQ(EPERM, errno);
2394 } 2394 }
2395 2395
2396 } // namespace 2396 } // namespace
2397 2397
2398 } // namespace bpf_dsl 2398 } // namespace bpf_dsl
2399 } // namespace sandbox 2399 } // namespace sandbox
OLDNEW
« no previous file with comments | « content/common/sandbox_linux/bpf_gpu_policy_linux.cc ('k') | sandbox/linux/syscall_broker/broker_client.cc » ('j') | sandbox/linux/syscall_broker/broker_policy.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698