Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(173)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc

Issue 754433003: Update from https://crrev.com/305340 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/basicblock.cc ('k') | sandbox/linux/seccomp-bpf/codegen.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 5 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <sys/ptrace.h> 8 #include <sys/ptrace.h>
9 #include <sys/syscall.h> 9 #include <sys/syscall.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
11 #include <unistd.h> 11 #include <unistd.h>
12 12
13 #include "base/logging.h" 13 #include "base/logging.h"
14 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/scoped_ptr.h"
15 #include "build/build_config.h" 15 #include "build/build_config.h"
16 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 16 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
17 #include "sandbox/linux/bpf_dsl/policy.h" 17 #include "sandbox/linux/bpf_dsl/policy.h"
18 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 18 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
19 #include "sandbox/linux/services/linux_syscalls.h" 19 #include "sandbox/linux/services/linux_syscalls.h"
20 #include "sandbox/linux/services/syscall_wrappers.h"
20 #include "sandbox/linux/tests/unit_tests.h" 21 #include "sandbox/linux/tests/unit_tests.h"
21 #include "testing/gtest/include/gtest/gtest.h" 22 #include "testing/gtest/include/gtest/gtest.h"
22 23
23 using sandbox::bpf_dsl::Allow; 24 using sandbox::bpf_dsl::Allow;
24 using sandbox::bpf_dsl::Error; 25 using sandbox::bpf_dsl::Error;
25 using sandbox::bpf_dsl::ResultExpr; 26 using sandbox::bpf_dsl::ResultExpr;
26 27
27 namespace sandbox { 28 namespace sandbox {
28 29
29 namespace { 30 namespace {
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
75 { 76 {
76 // Test polymorphism. 77 // Test polymorphism.
77 scoped_ptr<BPFTesterDelegate> simple_delegate( 78 scoped_ptr<BPFTesterDelegate> simple_delegate(
78 new BPFTesterCompatibilityDelegate<EmptyClassTakingPolicy, FourtyTwo>( 79 new BPFTesterCompatibilityDelegate<EmptyClassTakingPolicy, FourtyTwo>(
79 DummyTestFunction)); 80 DummyTestFunction));
80 } 81 }
81 } 82 }
82 83
83 class EnosysPtracePolicy : public bpf_dsl::Policy { 84 class EnosysPtracePolicy : public bpf_dsl::Policy {
84 public: 85 public:
85 EnosysPtracePolicy() { 86 EnosysPtracePolicy() { my_pid_ = sys_getpid(); }
86 my_pid_ = syscall(__NR_getpid);
87 }
88 virtual ~EnosysPtracePolicy() { 87 virtual ~EnosysPtracePolicy() {
89 // Policies should be able to bind with the process on which they are 88 // Policies should be able to bind with the process on which they are
90 // created. They should never be created in a parent process. 89 // created. They should never be created in a parent process.
91 BPF_ASSERT_EQ(my_pid_, syscall(__NR_getpid)); 90 BPF_ASSERT_EQ(my_pid_, sys_getpid());
92 } 91 }
93 92
94 virtual ResultExpr EvaluateSyscall(int system_call_number) const override { 93 virtual ResultExpr EvaluateSyscall(int system_call_number) const override {
95 CHECK(SandboxBPF::IsValidSyscallNumber(system_call_number)); 94 CHECK(SandboxBPF::IsValidSyscallNumber(system_call_number));
96 if (system_call_number == __NR_ptrace) { 95 if (system_call_number == __NR_ptrace) {
97 // The EvaluateSyscall function should run in the process that created 96 // The EvaluateSyscall function should run in the process that created
98 // the current object. 97 // the current object.
99 BPF_ASSERT_EQ(my_pid_, syscall(__NR_getpid)); 98 BPF_ASSERT_EQ(my_pid_, sys_getpid());
100 return Error(ENOSYS); 99 return Error(ENOSYS);
101 } else { 100 } else {
102 return Allow(); 101 return Allow();
103 } 102 }
104 } 103 }
105 104
106 private: 105 private:
107 pid_t my_pid_; 106 pid_t my_pid_;
108 DISALLOW_COPY_AND_ASSIGN(EnosysPtracePolicy); 107 DISALLOW_COPY_AND_ASSIGN(EnosysPtracePolicy);
109 }; 108 };
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
145 BPFDeathTestWithInlineTest, 144 BPFDeathTestWithInlineTest,
146 DEATH_MESSAGE(kHelloMessage), 145 DEATH_MESSAGE(kHelloMessage),
147 EnosysPtracePolicy) { 146 EnosysPtracePolicy) {
148 LOG(ERROR) << kHelloMessage; 147 LOG(ERROR) << kHelloMessage;
149 _exit(1); 148 _exit(1);
150 } 149 }
151 150
152 } // namespace 151 } // namespace
153 152
154 } // namespace sandbox 153 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/basicblock.cc ('k') | sandbox/linux/seccomp-bpf/codegen.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698