| Index: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
|
| diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..7e478b592b9f84e2f24bd8c496a61b8a5592baaa
|
| --- /dev/null
|
| +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
|
| @@ -0,0 +1,85 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
|
| +
|
| +#include <fcntl.h>
|
| +#include <unistd.h>
|
| +
|
| +#include <iostream>
|
| +
|
| +#include "base/files/scoped_file.h"
|
| +#include "base/posix/eintr_wrapper.h"
|
| +#include "sandbox/linux/tests/unit_tests.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace sandbox {
|
| +namespace {
|
| +
|
| +// NOTE: most tests for the SandboxBPF class are currently in
|
| +// bpf_dsl_more_unittest.cc.
|
| +
|
| +TEST(SandboxBPF, CreateDestroy) {
|
| + // Give an opportunity to dynamic tools to perform some simple testing.
|
| + SandboxBPF sandbox(nullptr);
|
| + SandboxBPF* sandbox_ptr = new SandboxBPF(nullptr);
|
| + delete sandbox_ptr;
|
| +}
|
| +
|
| +// This test should execute no matter whether we have kernel support. So,
|
| +// we make it a TEST() instead of a BPF_TEST().
|
| +TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) {
|
| + // We check that we don't crash, but it's ok if the kernel doesn't
|
| + // support it.
|
| + bool seccomp_bpf_supported = SandboxBPF::SupportsSeccompSandbox(
|
| + SandboxBPF::SeccompLevel::SINGLE_THREADED);
|
| + bool seccomp_bpf_tsync_supported = SandboxBPF::SupportsSeccompSandbox(
|
| + SandboxBPF::SeccompLevel::MULTI_THREADED);
|
| + // We want to log whether or not seccomp BPF is actually supported
|
| + // since actual test coverage depends on it.
|
| + std::cout << "Seccomp BPF supported (single thread): "
|
| + << (seccomp_bpf_supported ? "true." : "false.") << "\n";
|
| + std::cout << "Seccomp BPF supported (multi thread): "
|
| + << (seccomp_bpf_tsync_supported ? "true." : "false.") << "\n";
|
| + std::cout << "Pointer size: " << sizeof(void*) << "\n";
|
| +}
|
| +
|
| +SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) {
|
| + bool single1 = SandboxBPF::SupportsSeccompSandbox(
|
| + SandboxBPF::SeccompLevel::SINGLE_THREADED);
|
| + bool single2 = SandboxBPF::SupportsSeccompSandbox(
|
| + SandboxBPF::SeccompLevel::SINGLE_THREADED);
|
| + ASSERT_EQ(single1, single2);
|
| + bool multi1 = SandboxBPF::SupportsSeccompSandbox(
|
| + SandboxBPF::SeccompLevel::MULTI_THREADED);
|
| + bool multi2 = SandboxBPF::SupportsSeccompSandbox(
|
| + SandboxBPF::SeccompLevel::MULTI_THREADED);
|
| + ASSERT_EQ(multi1, multi2);
|
| +
|
| + // Multi threaded support implies single threaded support.
|
| + if (multi1) {
|
| + ASSERT_TRUE(single1);
|
| + }
|
| +}
|
| +
|
| +TEST(SandboxBPF, ProcTaskFdDescriptorGetsClosed) {
|
| + int pipe_fds[2];
|
| + ASSERT_EQ(0, pipe(pipe_fds));
|
| + base::ScopedFD read_end(pipe_fds[0]);
|
| + base::ScopedFD write_end(pipe_fds[1]);
|
| +
|
| + {
|
| + SandboxBPF sandbox(nullptr);
|
| + sandbox.SetProcTaskFd(write_end.Pass());
|
| + }
|
| +
|
| + ASSERT_EQ(0, fcntl(read_end.get(), F_SETFL, O_NONBLOCK));
|
| + char c;
|
| + // Check that the sandbox closed the write_end (read will EOF instead of
|
| + // returning EWOULDBLOCK).
|
| + ASSERT_EQ(0, read(read_end.get(), &c, 1));
|
| +}
|
| +
|
| +} // namespace
|
| +} // sandbox
|
|
|
Chromium Code Reviews
Issue 761903003:
Update from https://crrev.com/306655 (Closed)
Base URL: git@github.com:domokit/mojo.git@master