| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <sched.h> | 10 #include <sched.h> |
| (...skipping 741 matching lines...) Loading... |
| 752 | 752 |
| 753 // Test a trap handler that makes use of a broker process to open(). | 753 // Test a trap handler that makes use of a broker process to open(). |
| 754 | 754 |
| 755 class InitializedOpenBroker { | 755 class InitializedOpenBroker { |
| 756 public: | 756 public: |
| 757 InitializedOpenBroker() : initialized_(false) { | 757 InitializedOpenBroker() : initialized_(false) { |
| 758 std::vector<std::string> allowed_files; | 758 std::vector<std::string> allowed_files; |
| 759 allowed_files.push_back("/proc/allowed"); | 759 allowed_files.push_back("/proc/allowed"); |
| 760 allowed_files.push_back("/proc/cpuinfo"); | 760 allowed_files.push_back("/proc/cpuinfo"); |
| 761 | 761 |
| 762 broker_process_.reset( | 762 broker_process_.reset(new syscall_broker::BrokerProcess( |
| 763 new BrokerProcess(EPERM, allowed_files, std::vector<std::string>())); | 763 EPERM, allowed_files, std::vector<std::string>())); |
| 764 BPF_ASSERT(broker_process() != NULL); | 764 BPF_ASSERT(broker_process() != NULL); |
| 765 BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); | 765 BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); |
| 766 | 766 |
| 767 initialized_ = true; | 767 initialized_ = true; |
| 768 } | 768 } |
| 769 bool initialized() { return initialized_; } | 769 bool initialized() { return initialized_; } |
| 770 class BrokerProcess* broker_process() { return broker_process_.get(); } | 770 class syscall_broker::BrokerProcess* broker_process() { |
| 771 return broker_process_.get(); |
| 772 } |
| 771 | 773 |
| 772 private: | 774 private: |
| 773 bool initialized_; | 775 bool initialized_; |
| 774 scoped_ptr<class BrokerProcess> broker_process_; | 776 scoped_ptr<class syscall_broker::BrokerProcess> broker_process_; |
| 775 DISALLOW_COPY_AND_ASSIGN(InitializedOpenBroker); | 777 DISALLOW_COPY_AND_ASSIGN(InitializedOpenBroker); |
| 776 }; | 778 }; |
| 777 | 779 |
| 778 intptr_t BrokerOpenTrapHandler(const struct arch_seccomp_data& args, | 780 intptr_t BrokerOpenTrapHandler(const struct arch_seccomp_data& args, |
| 779 void* aux) { | 781 void* aux) { |
| 780 BPF_ASSERT(aux); | 782 BPF_ASSERT(aux); |
| 781 BrokerProcess* broker_process = static_cast<BrokerProcess*>(aux); | 783 syscall_broker::BrokerProcess* broker_process = |
| 784 static_cast<syscall_broker::BrokerProcess*>(aux); |
| 782 switch (args.nr) { | 785 switch (args.nr) { |
| 783 case __NR_faccessat: // access is a wrapper of faccessat in android | 786 case __NR_faccessat: // access is a wrapper of faccessat in android |
| 784 BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD); | 787 BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD); |
| 785 return broker_process->Access(reinterpret_cast<const char*>(args.args[1]), | 788 return broker_process->Access(reinterpret_cast<const char*>(args.args[1]), |
| 786 static_cast<int>(args.args[2])); | 789 static_cast<int>(args.args[2])); |
| 787 #if defined(__NR_access) | 790 #if defined(__NR_access) |
| 788 case __NR_access: | 791 case __NR_access: |
| 789 return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), | 792 return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), |
| 790 static_cast<int>(args.args[1])); | 793 static_cast<int>(args.args[1])); |
| 791 #endif | 794 #endif |
| (...skipping 25 matching lines...) Loading... |
| 817 switch (sysno) { | 820 switch (sysno) { |
| 818 case __NR_faccessat: | 821 case __NR_faccessat: |
| 819 #if defined(__NR_access) | 822 #if defined(__NR_access) |
| 820 case __NR_access: | 823 case __NR_access: |
| 821 #endif | 824 #endif |
| 822 #if defined(__NR_open) | 825 #if defined(__NR_open) |
| 823 case __NR_open: | 826 case __NR_open: |
| 824 #endif | 827 #endif |
| 825 case __NR_openat: | 828 case __NR_openat: |
| 826 // We get a InitializedOpenBroker class, but our trap handler wants | 829 // We get a InitializedOpenBroker class, but our trap handler wants |
| 827 // the BrokerProcess object. | 830 // the syscall_broker::BrokerProcess object. |
| 828 return Trap(BrokerOpenTrapHandler, iob_->broker_process()); | 831 return Trap(BrokerOpenTrapHandler, iob_->broker_process()); |
| 829 default: | 832 default: |
| 830 return Allow(); | 833 return Allow(); |
| 831 } | 834 } |
| 832 } | 835 } |
| 833 | 836 |
| 834 private: | 837 private: |
| 835 InitializedOpenBroker* iob_; | 838 InitializedOpenBroker* iob_; |
| 836 | 839 |
| 837 DISALLOW_COPY_AND_ASSIGN(DenyOpenPolicy); | 840 DISALLOW_COPY_AND_ASSIGN(DenyOpenPolicy); |
| 838 }; | 841 }; |
| 839 | 842 |
| 840 // We use a InitializedOpenBroker class, so that we can run unsandboxed | 843 // We use a InitializedOpenBroker class, so that we can run unsandboxed |
| 841 // code in its constructor, which is the only way to do so in a BPF_TEST. | 844 // code in its constructor, which is the only way to do so in a BPF_TEST. |
| 842 BPF_TEST(SandboxBPF, | 845 BPF_TEST(SandboxBPF, |
| 843 UseOpenBroker, | 846 UseOpenBroker, |
| 844 DenyOpenPolicy, | 847 DenyOpenPolicy, |
| 845 InitializedOpenBroker /* (*BPF_AUX) */) { | 848 InitializedOpenBroker /* (*BPF_AUX) */) { |
| 846 BPF_ASSERT(BPF_AUX->initialized()); | 849 BPF_ASSERT(BPF_AUX->initialized()); |
| 847 BrokerProcess* broker_process = BPF_AUX->broker_process(); | 850 syscall_broker::BrokerProcess* broker_process = BPF_AUX->broker_process(); |
| 848 BPF_ASSERT(broker_process != NULL); | 851 BPF_ASSERT(broker_process != NULL); |
| 849 | 852 |
| 850 // First, use the broker "manually" | 853 // First, use the broker "manually" |
| 851 BPF_ASSERT(broker_process->Open("/proc/denied", O_RDONLY) == -EPERM); | 854 BPF_ASSERT(broker_process->Open("/proc/denied", O_RDONLY) == -EPERM); |
| 852 BPF_ASSERT(broker_process->Access("/proc/denied", R_OK) == -EPERM); | 855 BPF_ASSERT(broker_process->Access("/proc/denied", R_OK) == -EPERM); |
| 853 BPF_ASSERT(broker_process->Open("/proc/allowed", O_RDONLY) == -ENOENT); | 856 BPF_ASSERT(broker_process->Open("/proc/allowed", O_RDONLY) == -ENOENT); |
| 854 BPF_ASSERT(broker_process->Access("/proc/allowed", R_OK) == -ENOENT); | 857 BPF_ASSERT(broker_process->Access("/proc/allowed", R_OK) == -ENOENT); |
| 855 | 858 |
| 856 // Now use glibc's open() as an external library would. | 859 // Now use glibc's open() as an external library would. |
| 857 BPF_ASSERT(open("/proc/denied", O_RDONLY) == -1); | 860 BPF_ASSERT(open("/proc/denied", O_RDONLY) == -1); |
| (...skipping 1532 matching lines...) Loading... |
| 2390 BPF_ASSERT_EQ(ENOSYS, errno); | 2393 BPF_ASSERT_EQ(ENOSYS, errno); |
| 2391 | 2394 |
| 2392 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); | 2395 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); |
| 2393 BPF_ASSERT_EQ(EPERM, errno); | 2396 BPF_ASSERT_EQ(EPERM, errno); |
| 2394 } | 2397 } |
| 2395 | 2398 |
| 2396 } // namespace | 2399 } // namespace |
| 2397 | 2400 |
| 2398 } // namespace bpf_dsl | 2401 } // namespace bpf_dsl |
| 2399 } // namespace sandbox | 2402 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews