Index: sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc |
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc |
index 66669e796c69dbba717395c2a4772c96f5716aa3..df5dbd508f1892530a36c9896de280a6723618e2 100644 |
--- a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc |
+++ b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc |
@@ -42,6 +42,7 @@ |
#include "sandbox/linux/seccomp-bpf/trap.h" |
#include "sandbox/linux/services/linux_syscalls.h" |
#include "sandbox/linux/services/syscall_wrappers.h" |
+#include "sandbox/linux/syscall_broker/broker_file_permission.h" |
#include "sandbox/linux/syscall_broker/broker_process.h" |
#include "sandbox/linux/tests/scoped_temporary_file.h" |
#include "sandbox/linux/tests/unit_tests.h" |
@@ -75,28 +76,6 @@ void EnableUnsafeTraps() { |
Die::SuppressInfoMessages(true); |
} |
-// This test should execute no matter whether we have kernel support. So, |
-// we make it a TEST() instead of a BPF_TEST(). |
-TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) { |
- // We check that we don't crash, but it's ok if the kernel doesn't |
- // support it. |
- bool seccomp_bpf_supported = |
- SandboxBPF::SupportsSeccompSandbox(-1) == SandboxBPF::STATUS_AVAILABLE; |
- // We want to log whether or not seccomp BPF is actually supported |
- // since actual test coverage depends on it. |
- RecordProperty("SeccompBPFSupported", |
- seccomp_bpf_supported ? "true." : "false."); |
- std::cout << "Seccomp BPF supported: " |
- << (seccomp_bpf_supported ? "true." : "false.") << "\n"; |
- RecordProperty("PointerSize", sizeof(void*)); |
- std::cout << "Pointer size: " << sizeof(void*) << "\n"; |
-} |
- |
-SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) { |
- SandboxBPF::SupportsSeccompSandbox(-1); |
- SandboxBPF::SupportsSeccompSandbox(-1); |
-} |
- |
// BPF_TEST does a lot of the boiler-plate code around setting up a |
// policy and optional passing data between the caller, the policy and |
// any Trap() handlers. This is great for writing short and concise tests, |
@@ -131,13 +110,12 @@ class VerboseAPITestingPolicy : public Policy { |
}; |
SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(VerboseAPITesting)) { |
- if (SandboxBPF::SupportsSeccompSandbox(-1) == |
- sandbox::SandboxBPF::STATUS_AVAILABLE) { |
+ if (SandboxBPF::SupportsSeccompSandbox( |
+ SandboxBPF::SeccompLevel::SINGLE_THREADED)) { |
static int counter = 0; |
- SandboxBPF sandbox; |
- sandbox.SetSandboxPolicy(new VerboseAPITestingPolicy(&counter)); |
- BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); |
+ SandboxBPF sandbox(new VerboseAPITestingPolicy(&counter)); |
+ BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED)); |
BPF_ASSERT_EQ(0, counter); |
BPF_ASSERT_EQ(0, syscall(__NR_uname, 0)); |
@@ -179,6 +157,14 @@ BPF_TEST_C(SandboxBPF, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) { |
BlacklistNanosleepPolicy::AssertNanosleepFails(); |
} |
+BPF_TEST_C(SandboxBPF, UseVsyscall, BlacklistNanosleepPolicy) { |
+ time_t current_time; |
+ // time() is implemented as a vsyscall. With an older glibc, with |
+ // vsyscall=emulate and some versions of the seccomp BPF patch |
+ // we may get SIGKILL-ed. Detect this! |
+ BPF_ASSERT_NE(static_cast<time_t>(-1), time(¤t_time)); |
+} |
+ |
// Now do a simple whitelist test |
class WhitelistGetpidPolicy : public Policy { |
@@ -396,9 +382,8 @@ BPF_TEST_C(SandboxBPF, StackingPolicy, StackingPolicyPartOne) { |
// Stack a second sandbox with its own policy. Verify that we can further |
// restrict filters, but we cannot relax existing filters. |
- SandboxBPF sandbox; |
- sandbox.SetSandboxPolicy(new StackingPolicyPartTwo()); |
- BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); |
+ SandboxBPF sandbox(new StackingPolicyPartTwo()); |
+ BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED)); |
errno = 0; |
BPF_ASSERT(syscall(__NR_getppid, 0) == -1); |
@@ -756,12 +741,14 @@ bool NoOpCallback() { |
class InitializedOpenBroker { |
public: |
InitializedOpenBroker() : initialized_(false) { |
- std::vector<std::string> allowed_files; |
- allowed_files.push_back("/proc/allowed"); |
- allowed_files.push_back("/proc/cpuinfo"); |
- |
- broker_process_.reset(new syscall_broker::BrokerProcess( |
- EPERM, allowed_files, std::vector<std::string>())); |
+ std::vector<syscall_broker::BrokerFilePermission> permissions; |
+ permissions.push_back( |
+ syscall_broker::BrokerFilePermission::ReadOnly("/proc/allowed")); |
+ permissions.push_back( |
+ syscall_broker::BrokerFilePermission::ReadOnly("/proc/cpuinfo")); |
+ |
+ broker_process_.reset( |
+ new syscall_broker::BrokerProcess(EPERM, permissions)); |
BPF_ASSERT(broker_process() != NULL); |
BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); |
@@ -2069,8 +2056,8 @@ class TraceAllPolicy : public Policy { |
}; |
SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) { |
- if (SandboxBPF::SupportsSeccompSandbox(-1) != |
- sandbox::SandboxBPF::STATUS_AVAILABLE) { |
+ if (!SandboxBPF::SupportsSeccompSandbox( |
+ SandboxBPF::SeccompLevel::SINGLE_THREADED)) { |
return; |
} |
@@ -2094,9 +2081,8 @@ SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) { |
pid_t my_pid = getpid(); |
BPF_ASSERT_NE(-1, ptrace(PTRACE_TRACEME, -1, NULL, NULL)); |
BPF_ASSERT_EQ(0, raise(SIGSTOP)); |
- SandboxBPF sandbox; |
- sandbox.SetSandboxPolicy(new TraceAllPolicy); |
- BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); |
+ SandboxBPF sandbox(new TraceAllPolicy); |
+ BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED)); |
// getpid is allowed. |
BPF_ASSERT_EQ(my_pid, sys_getpid()); |
@@ -2267,8 +2253,8 @@ void* TsyncApplyToTwoThreadsFunc(void* cond_ptr) { |
} |
SANDBOX_TEST(SandboxBPF, Tsync) { |
- if (SandboxBPF::SupportsSeccompThreadFilterSynchronization() != |
- SandboxBPF::STATUS_AVAILABLE) { |
+ if (!(SandboxBPF::SupportsSeccompSandbox( |
+ SandboxBPF::SeccompLevel::MULTI_THREADED))) { |
return; |
} |
@@ -2284,9 +2270,8 @@ SANDBOX_TEST(SandboxBPF, Tsync) { |
BPF_ASSERT_EQ(0, HANDLE_EINTR(syscall(__NR_nanosleep, &ts, NULL))); |
// Engage the sandbox. |
- SandboxBPF sandbox; |
- sandbox.SetSandboxPolicy(new BlacklistNanosleepPolicy()); |
- BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED)); |
+ SandboxBPF sandbox(new BlacklistNanosleepPolicy()); |
+ BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::SeccompLevel::MULTI_THREADED)); |
// This thread should have the filter applied as well. |
BlacklistNanosleepPolicy::AssertNanosleepFails(); |
@@ -2316,9 +2301,8 @@ SANDBOX_DEATH_TEST( |
base::Thread thread("sandbox.linux.StartMultiThreadedAsSingleThreaded"); |
BPF_ASSERT(thread.Start()); |
- SandboxBPF sandbox; |
- sandbox.SetSandboxPolicy(new AllowAllPolicy()); |
- BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); |
+ SandboxBPF sandbox(new AllowAllPolicy()); |
+ BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED)); |
} |
// http://crbug.com/407357 |
@@ -2329,9 +2313,8 @@ SANDBOX_DEATH_TEST( |
DEATH_MESSAGE( |
"Cannot start sandbox; process may be single-threaded when " |
"reported as not")) { |
- SandboxBPF sandbox; |
- sandbox.SetSandboxPolicy(new AllowAllPolicy()); |
- BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED)); |
+ SandboxBPF sandbox(new AllowAllPolicy()); |
+ BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::SeccompLevel::MULTI_THREADED)); |
} |
#endif // !defined(THREAD_SANITIZER) |