Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(150)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc

Issue 761903003: Update from https://crrev.com/306655 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc ('k') | sandbox/linux/bpf_dsl/policy_compiler.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <netinet/in.h> 9 #include <netinet/in.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
11 #include <sys/syscall.h> 11 #include <sys/syscall.h>
12 #include <sys/utsname.h> 12 #include <sys/utsname.h>
13 #include <unistd.h> 13 #include <unistd.h>
14 14
15 #include "base/files/scoped_file.h" 15 #include "base/files/scoped_file.h"
16 #include "base/macros.h" 16 #include "base/macros.h"
17 #include "build/build_config.h" 17 #include "build/build_config.h"
18 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
18 #include "sandbox/linux/bpf_dsl/policy.h" 19 #include "sandbox/linux/bpf_dsl/policy.h"
19 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 20 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
20 #include "sandbox/linux/seccomp-bpf/errorcode.h" 21 #include "sandbox/linux/seccomp-bpf/errorcode.h"
21 #include "sandbox/linux/seccomp-bpf/syscall.h" 22 #include "sandbox/linux/seccomp-bpf/syscall.h"
23 #include "testing/gtest/include/gtest/gtest.h"
22 24
23 #define CASES SANDBOX_BPF_DSL_CASES 25 #define CASES SANDBOX_BPF_DSL_CASES
24 26
25 // Helper macro to assert that invoking system call |sys| directly via 27 // Helper macro to assert that invoking system call |sys| directly via
26 // Syscall::Call with arguments |...| returns |res|. 28 // Syscall::Call with arguments |...| returns |res|.
27 // Errors can be asserted by specifying a value like "-EINVAL". 29 // Errors can be asserted by specifying a value like "-EINVAL".
28 #define ASSERT_SYSCALL_RESULT(res, sys, ...) \ 30 #define ASSERT_SYSCALL_RESULT(res, sys, ...) \
29 BPF_ASSERT_EQ(res, Stubs::sys(__VA_ARGS__)) 31 BPF_ASSERT_EQ(res, Stubs::sys(__VA_ARGS__))
30 32
31 namespace sandbox { 33 namespace sandbox {
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after
321 ASSERT_SYSCALL_RESULT(-ENOENT, fcntl, sock_fd.get(), F_GETFL); 323 ASSERT_SYSCALL_RESULT(-ENOENT, fcntl, sock_fd.get(), F_GETFL);
322 324
323 ASSERT_SYSCALL_RESULT(0, fcntl, sock_fd.get(), F_SETFD, O_CLOEXEC); 325 ASSERT_SYSCALL_RESULT(0, fcntl, sock_fd.get(), F_SETFD, O_CLOEXEC);
324 ASSERT_SYSCALL_RESULT(-EINVAL, fcntl, sock_fd.get(), F_SETFD, 0); 326 ASSERT_SYSCALL_RESULT(-EINVAL, fcntl, sock_fd.get(), F_SETFD, 0);
325 327
326 ASSERT_SYSCALL_RESULT(-EPERM, fcntl, sock_fd.get(), F_SETFL, O_RDONLY); 328 ASSERT_SYSCALL_RESULT(-EPERM, fcntl, sock_fd.get(), F_SETFL, O_RDONLY);
327 329
328 ASSERT_SYSCALL_RESULT(-EACCES, fcntl, sock_fd.get(), F_DUPFD, 0); 330 ASSERT_SYSCALL_RESULT(-EACCES, fcntl, sock_fd.get(), F_DUPFD, 0);
329 } 331 }
330 332
333 static intptr_t DummyTrap(const struct arch_seccomp_data& data, void* aux) {
334 return 0;
335 }
336
337 TEST(BPFDSL, IsAllowDeny) {
338 ResultExpr allow = Allow();
339 EXPECT_TRUE(allow->IsAllow());
340 EXPECT_FALSE(allow->IsDeny());
341
342 ResultExpr error = Error(ENOENT);
343 EXPECT_FALSE(error->IsAllow());
344 EXPECT_TRUE(error->IsDeny());
345
346 ResultExpr trace = Trace(42);
347 EXPECT_FALSE(trace->IsAllow());
348 EXPECT_FALSE(trace->IsDeny());
349
350 ResultExpr trap = Trap(DummyTrap, nullptr);
351 EXPECT_FALSE(trap->IsAllow());
352 EXPECT_TRUE(trap->IsDeny());
353
354 const Arg<int> arg(0);
355 ResultExpr maybe = If(arg == 0, Allow()).Else(Error(EPERM));
356 EXPECT_FALSE(maybe->IsAllow());
357 EXPECT_FALSE(maybe->IsDeny());
358 }
359
360 TEST(BPFDSL, HasUnsafeTraps) {
361 ResultExpr allow = Allow();
362 EXPECT_FALSE(allow->HasUnsafeTraps());
363
364 ResultExpr safe = Trap(DummyTrap, nullptr);
365 EXPECT_FALSE(safe->HasUnsafeTraps());
366
367 ResultExpr unsafe = UnsafeTrap(DummyTrap, nullptr);
368 EXPECT_TRUE(unsafe->HasUnsafeTraps());
369
370 const Arg<int> arg(0);
371 ResultExpr maybe = If(arg == 0, allow).Else(unsafe);
372 EXPECT_TRUE(maybe->HasUnsafeTraps());
373 }
374
331 } // namespace 375 } // namespace
332 } // namespace bpf_dsl 376 } // namespace bpf_dsl
333 } // namespace sandbox 377 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc ('k') | sandbox/linux/bpf_dsl/policy_compiler.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698