| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 6 |
| 7 #include <fcntl.h> |
| 8 #include <unistd.h> |
| 9 |
| 10 #include <iostream> |
| 11 |
| 12 #include "base/files/scoped_file.h" |
| 13 #include "base/posix/eintr_wrapper.h" |
| 14 #include "sandbox/linux/tests/unit_tests.h" |
| 15 #include "testing/gtest/include/gtest/gtest.h" |
| 16 |
| 17 namespace sandbox { |
| 18 namespace { |
| 19 |
| 20 // NOTE: most tests for the SandboxBPF class are currently in |
| 21 // bpf_dsl_more_unittest.cc. |
| 22 |
| 23 TEST(SandboxBPF, CreateDestroy) { |
| 24 // Give an opportunity to dynamic tools to perform some simple testing. |
| 25 SandboxBPF sandbox(nullptr); |
| 26 SandboxBPF* sandbox_ptr = new SandboxBPF(nullptr); |
| 27 delete sandbox_ptr; |
| 28 } |
| 29 |
| 30 // This test should execute no matter whether we have kernel support. So, |
| 31 // we make it a TEST() instead of a BPF_TEST(). |
| 32 TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) { |
| 33 // We check that we don't crash, but it's ok if the kernel doesn't |
| 34 // support it. |
| 35 bool seccomp_bpf_supported = SandboxBPF::SupportsSeccompSandbox( |
| 36 SandboxBPF::SeccompLevel::SINGLE_THREADED); |
| 37 bool seccomp_bpf_tsync_supported = SandboxBPF::SupportsSeccompSandbox( |
| 38 SandboxBPF::SeccompLevel::MULTI_THREADED); |
| 39 // We want to log whether or not seccomp BPF is actually supported |
| 40 // since actual test coverage depends on it. |
| 41 std::cout << "Seccomp BPF supported (single thread): " |
| 42 << (seccomp_bpf_supported ? "true." : "false.") << "\n"; |
| 43 std::cout << "Seccomp BPF supported (multi thread): " |
| 44 << (seccomp_bpf_tsync_supported ? "true." : "false.") << "\n"; |
| 45 std::cout << "Pointer size: " << sizeof(void*) << "\n"; |
| 46 } |
| 47 |
| 48 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) { |
| 49 bool single1 = SandboxBPF::SupportsSeccompSandbox( |
| 50 SandboxBPF::SeccompLevel::SINGLE_THREADED); |
| 51 bool single2 = SandboxBPF::SupportsSeccompSandbox( |
| 52 SandboxBPF::SeccompLevel::SINGLE_THREADED); |
| 53 ASSERT_EQ(single1, single2); |
| 54 bool multi1 = SandboxBPF::SupportsSeccompSandbox( |
| 55 SandboxBPF::SeccompLevel::MULTI_THREADED); |
| 56 bool multi2 = SandboxBPF::SupportsSeccompSandbox( |
| 57 SandboxBPF::SeccompLevel::MULTI_THREADED); |
| 58 ASSERT_EQ(multi1, multi2); |
| 59 |
| 60 // Multi threaded support implies single threaded support. |
| 61 if (multi1) { |
| 62 ASSERT_TRUE(single1); |
| 63 } |
| 64 } |
| 65 |
| 66 TEST(SandboxBPF, ProcTaskFdDescriptorGetsClosed) { |
| 67 int pipe_fds[2]; |
| 68 ASSERT_EQ(0, pipe(pipe_fds)); |
| 69 base::ScopedFD read_end(pipe_fds[0]); |
| 70 base::ScopedFD write_end(pipe_fds[1]); |
| 71 |
| 72 { |
| 73 SandboxBPF sandbox(nullptr); |
| 74 sandbox.SetProcTaskFd(write_end.Pass()); |
| 75 } |
| 76 |
| 77 ASSERT_EQ(0, fcntl(read_end.get(), F_SETFL, O_NONBLOCK)); |
| 78 char c; |
| 79 // Check that the sandbox closed the write_end (read will EOF instead of |
| 80 // returning EWOULDBLOCK). |
| 81 ASSERT_EQ(0, read(read_end.get(), &c, 1)); |
| 82 } |
| 83 |
| 84 } // namespace |
| 85 } // sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 761903003:
Update from https://crrev.com/306655 (Closed)
Base URL: git@github.com:domokit/mojo.git@master