| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h" | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h" |
| 6 | 6 |
| 7 #include <fcntl.h> | 7 #include <fcntl.h> |
| 8 #include <linux/filter.h> | 8 #include <linux/filter.h> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 SandboxBPFTestRunner::~SandboxBPFTestRunner() { | 24 SandboxBPFTestRunner::~SandboxBPFTestRunner() { |
| 25 } | 25 } |
| 26 | 26 |
| 27 void SandboxBPFTestRunner::Run() { | 27 void SandboxBPFTestRunner::Run() { |
| 28 DCHECK(bpf_tester_delegate_); | 28 DCHECK(bpf_tester_delegate_); |
| 29 sandbox::Die::EnableSimpleExit(); | 29 sandbox::Die::EnableSimpleExit(); |
| 30 | 30 |
| 31 scoped_ptr<bpf_dsl::Policy> policy = | 31 scoped_ptr<bpf_dsl::Policy> policy = |
| 32 bpf_tester_delegate_->GetSandboxBPFPolicy(); | 32 bpf_tester_delegate_->GetSandboxBPFPolicy(); |
| 33 | 33 |
| 34 if (sandbox::SandboxBPF::SupportsSeccompSandbox(-1) == | 34 if (sandbox::SandboxBPF::SupportsSeccompSandbox() == |
| 35 sandbox::SandboxBPF::STATUS_AVAILABLE) { | 35 sandbox::SandboxBPF::STATUS_AVAILABLE) { |
| 36 // Ensure the the sandbox is actually available at this time | |
| 37 int proc_fd; | |
| 38 SANDBOX_ASSERT((proc_fd = open("/proc", O_RDONLY | O_DIRECTORY)) >= 0); | |
| 39 SANDBOX_ASSERT(sandbox::SandboxBPF::SupportsSeccompSandbox(proc_fd) == | |
| 40 sandbox::SandboxBPF::STATUS_AVAILABLE); | |
| 41 | |
| 42 // Initialize and then start the sandbox with our custom policy | 36 // Initialize and then start the sandbox with our custom policy |
| 43 sandbox::SandboxBPF sandbox; | 37 sandbox::SandboxBPF sandbox; |
| 44 sandbox.set_proc_fd(proc_fd); | |
| 45 sandbox.SetSandboxPolicy(policy.release()); | 38 sandbox.SetSandboxPolicy(policy.release()); |
| 46 SANDBOX_ASSERT( | 39 SANDBOX_ASSERT( |
| 47 sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_SINGLE_THREADED)); | 40 sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_SINGLE_THREADED)); |
| 48 | 41 |
| 49 // Run the actual test. | 42 // Run the actual test. |
| 50 bpf_tester_delegate_->RunTestFunction(); | 43 bpf_tester_delegate_->RunTestFunction(); |
| 51 } else { | 44 } else { |
| 52 printf("This BPF test is not fully running in this configuration!\n"); | 45 printf("This BPF test is not fully running in this configuration!\n"); |
| 53 // Android and Valgrind are the only configurations where we accept not | 46 // Android and Valgrind are the only configurations where we accept not |
| 54 // having kernel BPF support. | 47 // having kernel BPF support. |
| (...skipping 10 matching lines...) Expand all Loading... |
| 65 } | 58 } |
| 66 } | 59 } |
| 67 | 60 |
| 68 bool SandboxBPFTestRunner::ShouldCheckForLeaks() const { | 61 bool SandboxBPFTestRunner::ShouldCheckForLeaks() const { |
| 69 // LSAN requires being able to use ptrace() and other system calls that could | 62 // LSAN requires being able to use ptrace() and other system calls that could |
| 70 // be denied. | 63 // be denied. |
| 71 return false; | 64 return false; |
| 72 } | 65 } |
| 73 | 66 |
| 74 } // namespace sandbox | 67 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 733303004:
Linux sandbox: change API to start the sandbox (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master